Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 regreSSHion Proof of concept python script for...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 regreSSHion Proof of concept python script for...

MAL-2024-6938 Malicious code in hack-cards (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in hack-cards (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Exploit for Special Element Injection in Google Android

CVE 2024 0044 CVE-2024-0044, identified in the createSessionI...

A week in security (May 27 – June 2)

Last week on Malwarebytes Labs: Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? The Ticketmaster "breach"—what you need to know Ticketmaster confirms customer data breach How to tell if a VPN app added your Windows device to a botnet Beware of...

Mysterious Hack Destroyed 600,000 Internet Routers

Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and more...

CVE-2021-47229

In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIOSTART register when previous transfer has not yet completed which is indicated by value 1 in PIOSTART causes an...

Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever...

CVE-2021-47229

CVE-2021-47229 concerns the Linux kernel PCI aardvark driver. A kernel panic could occur when a new PIO transfer is started before the previous one finished; the kernel will issue an External Abort/SSeror interrupt leading to a reboot. The root cause analysis noted a previously added Trusted Firm...

Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework

Hakuin is a Blind SQL Injection BSQLI optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases DB from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of optimizati...

Microsoft Deploys Generative AI for US Spies

Plus: China is suspected in a hack targeting the UK’s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million customers...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE...

Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group

By Cyber Newswire In a digital age where information is the new currency, the recent global hack has once again highlighted… This is a post from HackRead.com Read the original post: Global Hack Exposes Personal Data: Implications & Privacy Protection - Axios Security Group...

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

The US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior US government officials. From the executive summary: The Board finds that this intrusion was preventable...

A week in security (March 18 – March 24)

Last week on Malwarebytes Labs: New Go loader pushes Rhadamanthys stealer Canada revisits decision to ban Flipper Zero Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now 19 million plaintext passwords exposed by incorrectly configured Firebase instances Apex Legends Global Series...

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

A dormant package available on the Python Package Index PyPI repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain securit...

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns...

PT-2024-20221 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins affected versions not specified Description: A new vulnerability in Jenkins is showcased in a non-competitive box on Hack The Box. The issue is demonstrated through a guided mode challenge, which is available for free. Recommendations...

No, Toothbrushes Were Not Used in a Massive DDoS Attack

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong, and then everyone else ran with it without reading the German text. It was a hypothetical, whi...