Evolution of JSWorm ransomware

Introduction Over the past few years, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. From the massive outbreaks of 2017, such as WannaCry, NotPetya, and Bad Rabbit, a lot of ransomware actors have moved to the covert but highly profitable...

GraphQLmap - A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. Install $ git clone https://github.com/swisskyrepo/GraphQLmap $ python graphqlmap.py / | | | / | | | | | | | | | | | | | | | '/ | ' | ' | | | | | | ' \ / | ' \ | || | | | | | | | | | | || | || | | | | |...

Etherblob-Explorer - Search And Extract Blob Files On The Ethereum Blockchain Network

Search and extract blob files on the Ethereum network using Etherscan.io API. Introduction EtherBlob Explorer is a tool intended for researchers, analysts, CTF players or anyone curious enough wanting to search for different kinds of files or any meaningful human-supplied data on the Ethereum...

Weak password vulnerability in FB-Series

FLIR Systems, Inc. specializes in the design, development, production, marketing and promotion of specialized technologies for enhanced situational awareness. Through thermal imaging, visible light imaging, video analytics, measurement and diagnostics, and advanced threat detection systems, we...

Security update for vlc (moderate)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2021:0714-1 Rating: moderate References: 1181918 Cross-References: CVE-2020-26664 CVSS scores: CVE-2020-26664 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP2 An...

Description of the security update for Office 2013: May 11, 2021 (KB4464542)

Description of the security update for Office 2013: May 11, 2021 KB4464542 Summary This security update resolves a Microsoft Office Graphics remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-31180. Note: To appl...

LivingLogic XIST4C Cross-Site Scripting Vulnerability

XIST4C is a content management system, shopping cart software and web application framework from LivingLogic. A cross-site scripting vulnerability exists in LivingLogic XIST4C versions prior to 0.107.8. The vulnerability can be exploited to conduct cross-site scripting attacks via login.htm,...

ALPINE-CVE-2021-3502

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...

SUSE SLED15 / SLES15 Security Update : p7zip (SUSE-SU-2021:1491-1)

This update for p7zip fixes the following issues : CVE-2021-3465: Fixed a NULL pointer dereference in NCompress:CCopyCoder:Code bsc1184699 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

Breaking free from the VirusTotal silo: Lock and Code S02E07

This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. Its a practice that is surprisingly common. Weeks ago, Malwarebyt...

Security update for ImageMagick (moderate)

openSUSE Security Update: Security update for ImageMagick Announcement ID: openSUSE-SU-2021:0606-1 Rating: moderate References: 1184624 1184626 1184627 1184628 Cross-References: CVE-2021-20309 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313 CVSS scores: CVE-2021-20309 SUSE: 5.3...

Security update for shim (important)

openSUSE Security Update: Security update for shim Announcement ID: openSUSE-SU-2021:0598-1 Rating: important References: 1173411 1174512 1175509 1177315 1177404 1177789 1182057 1184454 Cross-References: CVE-2019-14584 CVSS scores: CVE-2019-14584 SUSE: 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A...

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

Design/Logic Flaw

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

Combatting Email Spam – What you should know

By Uzair Amir In this post, we will talk about emails that are considered spam and the most effective ways to eliminate them. This is a post from HackRead.com Read the original post: Combatting Email Spam - What you should know...

Security update for python-django-registration (moderate)

openSUSE Security Update: Security update for python-django-registration Announcement ID: openSUSE-SU-2021:0588-1 Rating: moderate References: 1184427 Cross-References: CVE-2021-21416 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This...

SUSE: Security Advisory (SUSE-SU-2020:3424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin has unspecified vulnerability (CNVD-2021-29859)

WordPress Plugin is an open source application plugin for WordPress. The WordPress Facebook for WordPress plugin has a security vulnerability prior to version 3.0.0, which can be exploited by attackers to achieve remote code execution via the available magic methods...

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0552-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...