A week in security (November 9 – November 15)
Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozilla’s Firefox and Thunderbird to Google’s Chrome. We...
Security
Banks offered the Central Bank of Russia to create a centralized mechanism to combat fraudsters
According to the Vice-President of the Association of Banks of Russia Alexey Voilukov, information processing can take several hours or...
Interview with experts who lead the project ONTOCHAIN
On 9 November E Hacking News conducted an interesting interview with experts from different parts of the world that lead...
Clothing Brand ‘The North Face’ Hit By Credential Stuffing Attack, Suffers Data Breach
After North Face's website faced a credential stuffing attack, the company has reset the customers' credentials. In a recent cybersecurity...
MacC2 – Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities
MacC2 is a macOS post exploitation tool written in python that uses Objective C calls or python libraries as opposed...
Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters....
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans...
SugarCRM v6.5.18 – (Employees) Persistent Cross Site Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2257...
SugarCRM v6.5.18 – (Contacts) Persistent Cross Site Web Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability References (Source):...
Intel NUC – Local Privilege Escalation Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== Intel NUC - Local Privilege Escalation Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2267http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525 CVE-ID:...
Buddypress v6.2.0 WP Plugin – Persistent Web Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2263...
Froxlor v0.10.16 CP – (Customer) Persistent Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2241 Release...
Hackers attacked major Telegram channels via video on Yandex
On November 10, hackers conducted a major attack on popular Telegram channels. Reddit's administrators completely lost access to the channel,...
Go_Parser – Yet Another Golang Binary Parser For IDAPro
Yet Another Golang Binary Parser For IDAPro NOTE: This master branch is written in Python2 for IDAPython, and tested only...
FinalRecon v1.1.0 – The Last Web Recon Tool You’ll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the...
APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 addresses the...
APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005...
APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 addresses the...
APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS...
APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 addresses the...
Cit0day – 226,883,414 breached accounts
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below....
123RF – 8,661,578 breached accounts
In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was...
Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI
Decentralized finance (defi) protocol Akropolis was recently hacked for $2 million in DAI, in the most recent flash loan attack...
Herpaderping – Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process
Process Herpaderping is a method of obscuring the intentions of a process by modifying the content on disk after the...
