CVE-2015-6480
Summary: The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to...
FIN7 sysadmin behind “billions in damage” gets 10 years
In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken...
CodeCov supply-chain compromise likened to SolarWinds attack
CodeCov, a company that creates software auditing tools for developers, was recently breached (the company says it was breached on...
Interview with a bug bounty hunter: Youssef Sammouda
Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is...
Fake Microsoft Store, Spotify Distribute Malware to Steal User Data
Attackers are promoting sites that imitate the Microsoft Store, Spotify, and an online document converter to spread malware that steals...
Positive Technologies rejected accusations of the U.S. Department of the Treasury of Russia’s cooperation with intelligence services
Russian cyber security company Positive Technologies rejected the accusations of interference in the American elections, made by the U.S. Treasury...
Two Outdated Software Bug Patched, Says WhatsApp
WhatsApp on Monday stated that it has addressed two bugs that existed on its outdated software program and that it...
Zero Trust & Basic Cyber Hygiene: Best Defense Against Third-Party Attacks
Since the beginning of the year, there has been a slew of third-party cybersecurity attacks, with the repercussions affecting a...
OTP Generating Firm at a Risk, as Hacker Claims to have Sold its Sensitive Data
A hacker seems to sell confidential information that is claimed to have been robbed from an OTP firm. And this...
BetterXencrypt – A Better Version Of Xencrypt – Xencrypt It Self Is A Powershell Runtime Crypter Designed To Evade AVs
A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs. cause Xencrypt is not...
Reproxy – Simple Edge Server / Reverse Proxy
Reproxy is a simple edge HTTP(s) server / reverse proxy supporting various providers (docker, static, file). One or more providers...
KubiScan – A Tool To Scan Kubernetes Cluster For Risky Permissions
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model. The tool was...
North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection
North Korea-linked Lazarus APT group is abusing bitmap (.BMP) image files in a recent spear-phishing campaign targeting entities in South...
Watch out, hackers can take over your Cosori Smart Air Fryer
Watch out, hackers could breach into your house by exploiting two remote code execution (RCE) vulnerabilities in the Cosori Smart...
WeChat users targeted by hackers using recently disclosed Chromium exploit
Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn....
Crooks stole driver’s license numbers from Geico auto insurer
Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico,...
Experts demonstrated how to hack a utility and take over a smart meter
Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of...
Crooks made more than $560K with a simple clipboard hijacker
Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K....
CVE-2021-23358
Summary: The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection...
CVE-2021-28349
Summary: Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28350. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28349 CVSS...
CVE-2021-28348
Summary: Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28348 CVSS...
CVE-2017-11450
Summary: coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have...
CVE-2019-17540
Summary: ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. Reference Links(if available): https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578 https://security-tracker.debian.org/tracker/CVE-2019-17540 https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54...
A week in security (April 12 – 18)
Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with...
