CVE-2021-35583
Summary: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25...
CVE-2021-0186 – Intel Corporation / SGX SDK – Improper input validation
Summary: CVE-2021-0186 is an improper input validation vulnerability impacting Intel SGX SDK for Windows versions 2.12 and earlier and Intel...
UltimaSMS subscription fraud campaign targeted millions of Android users
UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services....
Kansas Man pleads guilty to hacking the Post Rock Rural Water District
Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District....
US-CERT Bulletin (SB21-298):Vulnerability Summary for the Week of October 18, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Webdiscover – The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits
The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools...
Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware
An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to...
Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabella Bagueros: Lock and Code S02E20
“What does online privacy mean to you?” This beguilingly simply question can produce dozens of overlapping and distinct answers, all...
A critical RCE flaw affects Discourse software, patch it now!
US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is...
CVE-2021-30842
Summary: This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big...
CVE-2021-30843
Summary: This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big...
CVE-2021-30847
Summary: This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security...
CVE-2021-30848
Summary: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS...
CVE-2021-30849
Summary: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS...
Red TIM Research found two rare flaws in Ericsson OSS-RC component
The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the...
Russia-linked Nobelium APT targets orgs in the global IT supply chain
Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The...
VECTR – A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios
VECTR documentation can be found here: DocumentationFeature Breakdowns By ReleaseVECTR v7.1.1 Feature BreakdownTeamLEAD PROGRAMMERS:Carl VonderheidGalen FisherDaniel HongPROGRAMMERS:Andrew ScottPatrick HislopDan GuzekZara...
A week in security (Oct 18 – Oct 24)
Last week on Malwarebytes Labs Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache.“Killware”: Is it just as bad as...
NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware
Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018...
Emsisoft created a free decryptor for past victims of the BlackMatter ransomware
Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity...
TodayZoo phishing kit borrows the code from other kits
Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers...
ThreadStackSpoofer – PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode’S Memory Allocation From Scanners And Analysts
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based...
CVE-2021-0002
Summary: Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated...
CVE-2021-3778
Summary: vim is vulnerable to Heap-based Buffer Overflow Reference Links(if available): https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 http://www.openwall.com/lists/oss-security/2021/10/01/1 https://lists.fedoraproject.org/archives/list/[email protected]/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/ https://lists.fedoraproject.org/archives/list/[email protected]/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/ CVSS Score (if available)...
