Pystinger – Bypass Firewall For Traffic Forwarding Using Webshell
Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for...
LibAFL – Advanced Fuzzing Library – Slot Your Fuzzer Together In Rust! Scales Across Cores And Machines. For Windows, Android, MacOS, Linux, No_Std, …
Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust. LibAFL is written and maintained...
Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws
American multinational computer technology giant Dell addresses a 12-year-old driver flaw, tracked as CVE-2021-21551, impacting millions of computers. Hundreds of...
Project Signal: a second Iranian State-Sponsored Ransomware Operation
Iran-linked ATP group carried out a ransomware operation through a contracting company based in the country, Flashpoint researchers warn. Researchers...
Apple addresses three zero-day flaws in its WebKit browser engine
Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day...
Expert released PoC exploit for Microsoft Exchange flaw
Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the...
Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited
Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are...
CVE-2020-27897
Summary: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1,...
CVE-2021-21431
Summary: sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the...
CVE-2021-27077
Summary: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077...
CVE-2021-27077
Summary: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077...
CVE-2021-27077
Summary: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077...
CVE-2021-27077
Summary: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077...
CVE-2021-1640
Summary: Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26878. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640 https://www.zerodayinitiative.com/advisories/ZDI-21-493/...
CVE-2020-14295
Summary: A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter....
A week in security (April 26 – May 2)
Last week on Malwarebytes Labs, we looked at which age range is most likely to be targeted by online predators,...
Microsoft Finds Critical Code Execution Bugs In IoT, OT Devices
Recently, world-leading giant Microsoft security unit has reported that around 24 critical remote code execution (RCE) vulnerabilities have been found...
US Agencies Hit By Cyberattack, Confirms CISA Investigation
Around five federal civilian agencies were breached recently, in a hit to the US government, revealed an investigation by a...
Cryptocurrency Mining Will Void Your SSD Warranty, Manufacturer Galax Warns
SSD designer Galax has warned users on its Chinese website that mining cryptocurrency with the company’s Solid State Drives (SSDs)...
App Census Study Reveals that Android Devices Leak User Data Stored in Contact Tracing Applications
According to security experts, hundreds of third-party applications on Android devices have access to confidential information collected by Google and...
Python: Affected by Critical IP Address Validation Vulnerability
The critical IP address validation vulnerability in the Python standard library ipaddress is similar to the bug that was discovered...
Spam and phishing in Q1 2021
Quarterly highlights Banking phishing: new version of an old scheme In Q1 2021, new banking scams appeared alongside ones that...
Evasor – A Tool To Be Used In Post Exploitation Phase For Blue And Red Teams To Bypass APPLICATIONCONTROL Policies
The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be...
Duplicut – Remove Duplicates From MASSIVE Wordlist, Without Sorting It (For Dictionary-Based Password Cracking)
virtual chunks, then each one is tested against next chunks. So complexity is equal to th triangle number: Throubleshotting If...
