Microsoft Windows 10 21H1 SEoL
Microsoft Windows 10 21H1 is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 21H2 Business SEoL
Microsoft Windows 10 21H2 Business is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1809 Pro SEoL
Microsoft Windows 10 1809 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1703 Home SEoL
Microsoft Windows 10 1703 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 20H2 Home SEoL
Microsoft Windows 10 20H2 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1909 Home SEoL
Microsoft Windows 10 1909 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 20H2 Pro SEoL
Microsoft Windows 10 20H2 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
9.8CVSS
7.4AI Score
EPSS
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals
Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN's Satori Threat Intelligence team, which said the cluster of VPN apps came fitted....
7AI Score
A week in security (March 25 – March 31)
Last week on Malwarebytes Labs: MFA bombing taken to the next level How to back up your Mac How to back up your Windows 10/11 PC to OneDrive How to back up your iPhone to a Windows computer How to back up your iPhone to a Mac How to back up your iPhone to iCloud Powering the future of ThreatDown...
7.4AI Score
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can't remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and...
7.2AI Score
DroidLysis - Property Extractor For Android Apps
DroidLysis is a pre-analysis tool for Android apps: it performs repetitive and boring tasks we'd typically do at the beginning of any reverse engineering. It disassembles the Android sample, organizes output in directories, and searches for suspicious spots in the code to look at. The output helps....
7.7AI Score
R2Frida - Radare2 And Frida Better Together
This is a self-contained plugin for radare2 that allows to instrument remote processes using frida. The radare project brings a complete toolchain for reverse engineering, providing well maintained functionalities and extend its features with other programming languages and tools. Frida is a...
7.4AI Score
How to back up your Windows 10/11 PC to OneDrive
They say the only backup you ever regret is the one you didn't make. Starting in Windows 10, the operating system (OS) now comes with a built-in tool to back up your files, themes, some settings, many of your installed apps, and your Wi-Fi information. First, you’ll need to sign in with your...
7.1AI Score
How to back up your iPhone to iCloud
They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. The most convenient way to backup your iPhone is to have it backup to iCloud. Backups.....
7.3AI Score
TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots...
7.5AI Score
Lessons from a Ransomware Attack against the British Library
You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything...
7.3AI Score
7.4AI Score
Thread Hijacking: Phishes That Prey on Your Curiosity
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion,...
7.2AI Score
6.5CVSS
6.7AI Score
0.001EPSS
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
6.7AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
Apache Airflow Improper Preservation of Permissions vulnerability
Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
6.7AI Score
0.0004EPSS
Apache Airflow Improper Preservation of Permissions vulnerability
Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
6.5AI Score
0.0004EPSS
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
6.2AI Score
0.0004EPSS
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
6.5AI Score
0.0004EPSS
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
6.1AI Score
0.0004EPSS
CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...
6.3AI Score
0.0004EPSS
Internet Bug Bounty: Improper handling of wildcards in --allow-fs-read and --allow-fs-write
Summary: The permission model implementation does not process wildcards in the paths given via --allow-fs-read or --allow-fs-write correctly and may incorrectly grant access to paths that should be inaccessible. Description: There are two separate issues here: The implementation silently ignores...
5CVSS
7.2AI Score
0.0004EPSS
U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation
The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng...
7.4AI Score
7.8CVSS
7.3AI Score
0.0004EPSS
7.4AI Score
Stable Channel Update for Desktop
The Stable channel has been updated to 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
7.8AI Score
0.0004EPSS
This week on the Lock and Code podcast… Few words apply as broadly to the public—yet mean as little—as “home network security.” For many, a “home network” is an amorphous thing. It exists somewhere between a router, a modem, an outlet, and whatever cable it is that plugs into the wall. But the...
7.6AI Score
3 important lessons from a devastating ransomware attack
In October 2023, The British Library was attacked by the Rhysida ransomware gang in a devastating cyberattack. The library, a vast repository of over 170 million items, is still deep in the recovery process, but recently released an eighteen page cyber incident review describing the attack, its...
7.2AI Score
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin()...
7.6AI Score
0.0004EPSS
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin()...
7.9AI Score
0.0004EPSS
This exploit module leverages an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by...
9.8CVSS
8.9AI Score
0.959EPSS
home-based.eu Cross Site Scripting vulnerability OBB-3884862
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin()...
7.8AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228-POC exploit CVE-2021-44228 ...
10CVSS
10AI Score
0.976EPSS
Grav File Upload Path Traversal
Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....
8.8CVSS
9.4AI Score
0.0004EPSS
Grav File Upload Path Traversal
Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....
8.8CVSS
9.4AI Score
0.0004EPSS
January 9, 2024-KB5033920 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2 Release Date: January 9, 2024 Version: .NET Framework 3.5 and 4.8.1 The January 9, 2024 update for Windows 11, version 22H2 and Windows 11, version 23H2 includes...
9.8CVSS
8.8AI Score
0.009EPSS
January 9, 2024-KB5033910 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: January 9, 2024 Version: .NET Framework 4.8 The January 9, 2024 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative...
9.8CVSS
9.1AI Score
0.009EPSS
January 9, 2024-KB5034274 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 Release Date: January 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 10 Version...
9.8CVSS
8.9AI Score
0.009EPSS
January 9, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 7 Standard and Windows Server 2008 R2 SP1 (KB5034269) Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework...
9.8CVSS
9.2AI Score
0.009EPSS
January 9, 2024-KB5034273 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: January 9, 2024 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8...
9.8CVSS
8.9AI Score
0.009EPSS