CVE-2021-41732
Summary: ** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that...
Donot Team targets a Togo prominent activist with Indian-made spyware
A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called...
Google warns some users that FancyBear’s been prowling around
APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it’s sniffing around users of...
BruteLoops – Protocol Agnostic Online Password Guessing API
A dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. See various Wiki...
A week in security (Oct 4 – Oct 10)
Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security?Police take a piece out of a ransomware gang,...
NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA...
FUSE – A Penetration Testing Tool For Finding File Upload Bugs
FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing...
Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks
Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker...
CVE-2021-39893
Summary: A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. Reference...
CVE-2021-36160
Summary: A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue...
CVE-2021-36160
Summary: A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue...
CVE-2021-35197
Summary: In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access....
CVE-2021-35197
Summary: In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access....
CVE-2020-19131
Summary: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the...
CVE-2021-3749
Summary: axios is vulnerable to Inefficient Regular Expression Complexity Reference Links(if available): https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E CVSS Score (if...
Security Affairs newsletter Round 335
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Qu1cksc0pe – All-in-One Static Malware Analysis Tool
This tool allows you to statically analyze Windows, Linux, OSX executables and APK files.You can get:What DLL files are used.Functions...
Previously undetected FontOnLake Linux malware used in targeted attacks
ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers...
GitOops – All Paths Lead To Clouds
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by...
Google addresses four high-severity flaws in Chrome
Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released...
CVE-2021-35491
Summary: A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a...
CVE-2021-41554
Summary: ** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for...
CVE-2021-39893
Summary: A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. Reference...
CVE-2021-3749
Summary: axios is vulnerable to Inefficient Regular Expression Complexity Reference Links(if available): https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E CVSS Score (if...
