MITRE and CISA publish the 2021 list of most common hardware weaknesses
MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and...
TrickBot member extradited to US faces up to 60 years in prison
An alleged member of the TrickBot gang, the Russian national Vladimir Dunaev (aka FFX), has been extradited to the US....
GC2 – A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive
GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the...
ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD
The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers...
Papua New Guinea ‘s finance ministry was hit by a ransomware
A ransomware attack hit Papua New Guinea ‘s finance ministry and disrupted government payments and operations. Government officials confirmed that...
Scarce-Apache2 – A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public
This tool can Installation- git clone https://github.com/HightechSec/scarce-apache2- cd scarce-apache2- bash scarce.shor you can install in your system like this- git...
Police arrested 12 individuals involved in 1800 ransomware attacks worldwide
Europol and Norwegian Police arrested 12 individuals over ransomware attacks on organizations worldwide, including critical infrastructure operators. A joint operation...
The return of the Malwarebytes CrackMe
This blog post was authored by Hasherezade Twice in the past (2017, 2018) we published a Capture-The-Flag challenge dedicated to...
Update your OptinMonster WordPress plugin immediately
WordPress, the incredibly popular content management platform, is currently dealing with a nasty plugin bug which allows redirects. What is...
Tips to protect your data, security, and privacy from a hands-on expert
This post was authored by one of the most active helpers on the Malwarebytes forums who wishes to remain anonymous....
CVE-2021-40117
Summary: A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)...
CVE-2021-40118
Summary: Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense...
CVE-2021-39225
Summary: Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3...
CVE-2021-34781
Summary: A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could...
CVE-2021-34783
Summary: A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense...
NSA and CISA explained how to prevent and detect lateral movement in 5G networks via cloud systems
The US NSA and CISA published a security advisory to warn about threat actors compromising 5G networks via cloud infrastructure....
Shrootless: Microsoft finds Apple macOS vulnerability
Microsoft researchers have discovered a vulnerability in macOS, dubbed Shrootless, that can allow attackers to bypass System Integrity Protection (SIP)...
Http-Protocol-Exfil – Exfiltrate Files Using The HTTP Protocol Version (“HTTP/1.0” Is A 0 And “HTTP/1.1” Is A 1)
Use the HTTP protocol version to send a file bit by bit ("HTTP/1.0" is a 0 and "HTTP/1.1" is a...
CVE-2021-33044 – Dahua Technology / Multiple – Improper authentication
Summary: CVE-2021-33044 is an improper authentication vulnerability impacting multiple Dahua products. An exploit was observed in open source and a...
CVE-2021-33045 – Dahua Technology / Multiple – Improper authentication
Summary: CVE-2021-33045 is an improper authentication vulnerability impacting multiple Dahua products. An exploit was observed in open source and a...
How we took part in MLSEC and (almost) won
This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition (MLSEC) — a series of trials testing...
Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection
Microsoft finds a flaw in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers to bypass System Integrity Protection (SIP). Microsoft discovered a...
Over 1 million WordPress sites affected by OptinMonster plugin flaws
A vulnerability in the popular the OptinMonster plugin allows unauthorized API access and sensitive information disclosure. A high-severity vulnerability (CVE-2021-39341)...
HTTPUploadExfil – A Simple HTTP Server For Exfiltrating Files/Data During, For Example, CTFs
HTTPUploadExfil is a (very) simple HTTP server written in Go that's useful for getting files (and other information) off a...
