Rapid7 Releases Q2 2020 Quarterly Threat Report
It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report....
threatintel
Google’s osconfig agent – local privilege escalation
Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution:...
[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading
Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL:...
Visitor Management System in PHP 1.0 – Unauthenticated Stored XSS
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS #...
Visitor Management System in PHP 1.0 – Authenticated SQL Injection
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection #...
Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Posted by Ava Tester One on Sep 22# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection # Exploit Author:...
Amid Iranian hacker crackdown, CISOs should prep for retaliation
The United States ran a full-court press against Iranian hackers last week, including indictments from the Department of Justice, the...
A week in security (September 14 – 20)
Last week on Malwarebytes Labs, we looked at Fintech industry developments, specifically the differences between Europe and the US, and we...
VMPDump – A Dynamic VMP Dumper And Import Fixer
A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64. Before vs After UsageVMPDump.exe <Target PID>...
Moriarty-Project – This Tool Gives Information About The Phone Number That You Entered
What IS Moriarty?Advanced Information Gathering And Osint Tool Moriarty is a tool that tries to find good information about the...
Define What to Parse From Logs with the Custom Parsing Tool in InsightIDR
Data is essential to any SIEM. Generally, this data is collected from logs, endpoints, and networks. All of this data...
LockBit Ransomware Emerging as a Dangerous Threat to Corporate Networks
LockBit, a relatively new Ransomware that was first identified performing targeted attacks by Northwave Security in September 2019 veiled as.ABCD...
Frp – A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet
A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet.Development Statusfrp...
Mozi Botnet is responsible for most of the IoT Traffic
The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported....
NCSC warns of a surge in ransomware attacks on education institutions
The U.K. National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions....
The Union Government To Come Up With National Cyber Security Strategy 2020
National Security Adviser Ajit Doval announced that the Union government is set to come up with National Cyber Security Strategy...
CRLFuzz – A Fast Tool To Scan CRLF Vulnerability Written In Go
A fast tool to scan CRLF vulnerability written in Go Installationfrom BinaryThe installation is easy. You can download a prebuilt...
Security Affairs newsletter Round 282
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
IPG Photonics high-performance laser developer hit with ransomware
IPG Photonics, a leading U.S. manufacturer of high-performance fiber lasers for diverse applications and industries was hit by a ransomware...
German encrypted email service Tutanota suffers DDoS attacks
The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and...
Hijacking nearby Firefox mobile browsers via WiFi by exploiting a bug
Mozilla addressed a bug that can be exploited by attackers to hijack all the Firefox for Android browsers that share...
NIC hacked by a malware, over 100 computers compromised
Recently, India's largest data agency NIC ( National Informatics Center) was hacked by a malware unidentified as of yet....
New Windows Vulnerability Allows Domain Takeover, Microsoft Released Patch
A new vulnerability named Zerologon has been identified by cybersecurity organization, Secura who tracked the high rated vulnerability as CVE-2020-1472;...
Winshark – A Wireshark Plugin To Instrument ETW
Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were...
