A week in security (Oct 25 – Oct 31)
Last week on Malwarebytes Labs Beyond the VPN: Ultimate online privacy with the Tor Project’s Isabela Bagueros: Lock and Code...
Balikbayan Foxes group spoofs Philippine gov to spread RATs
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t Experts uncovered a new threat actor, tracked as Balikbayan Foxes,...
Microsoft warns of an increase in password spraying attacks
The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The...
Web-Hacking-Toolkit – A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support
A multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support.InstallationDockerPull the image from Docker Hub: docker pull...
Iranian Black Shadow hacking group breached Israeli Internet hosting firm
Irananian hacking group Black Shadow breached the Israeli internet hosting company Cyberserve, taking down several of its sites. Iranian hacking...
CVE-2017-12864
Summary: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is...
CVE-2019-14493
Summary: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at...
CVE-2021-28021
Summary: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Reference Links(if available):...
CVE-2021-28021
Summary: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Reference Links(if available):...
CVE-2017-2888
Summary: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file...
CVE-2019-7637
Summary: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c....
Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lure
Chaos Ransomware operators target gamers’ Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums....
PeTeReport – An Open-Source Application Vulnerability Reporting Tool
PeTeReport (PenTest Report) is an open-source application Sample ReportsPDF SampleHTML SampleMD SampleCSV SampleDownload Petereport If you like the site, please...
Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham
Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons...
Security Affairs newsletter Round 338
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Hacker accessed medical info at UMass Memorial Health
A cyber attack hit the UMass Memorial Health, threat actors had access to employee email system, potentially exposing patients info....
Dockerized-Android – A Container-Based Framework To Enable The Integration Of Mobile Components In Security Training Platforms
Dockerized Android is a container-based framework that allows to execute and Android Emulator inside Docker and control it through a...
Reading INTERPOL the African Cyberthreat Assessment Report 2021
INTERPOL published the African Cyberthreat Assessment Report 2021, a report that analyzes evolution of cybercrime in Africa. A new report...
CVE-2021-41524
Summary: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external...
CVE-2021-41524
Summary: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external...
CVE-2021-41524
Summary: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external...
CVE-2021-41611
Summary: An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate,...
CVE-2021-41799
Summary: MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can...
CVE-2021-41990
Summary: The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS...
