A week in security (April 20 – April 26)

Last week on Malwarebytes Labs: Medical data of 500,000 UK volunteers listed for sale on Alibaba How cyberattacks on companies affect everyone Apple fixes iOS bug that kept deleted notifications, including chat previews Roblox clamps down on chats and age checks as legal pressure builds Malicious...

Making an Impact: Beach Cleanup and Reforestation Event

Akamai volunteers in Costa Rica came together to remove trash from the beach and plant trees — and they learned how their everyday choices affect the planet...

Backdoor in XZ Utils That Almost Happened

Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention--but it should. There’s an important moral to the story of the attack and its discovery: The...

How Akamai Volunteers Helped Restore Costa Rica’s Most Polluted Beach

...

CVE-2023-36463 Cross site scripting (XSS) in meldekarten generator

Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't fully...

Ukraine Topic Summary Report: Cisco Talos Year in Review 2022

Talos ongoing support for Ukraine has been a large focus of our operational efforts this year. Driven by our core mission of protecting the Ukrainian people and infrastructure, Talos launched a task force of 40+ volunteers dedicated to defending our customers and partners within. This team of...

[SECURITY] Fedora 34 Update: tor-0.4.5.9-1.fc34

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

Emotet Emails Strike Thousands of DNC Volunteers

On Thursday, hundreds of U.S. organizations were targeted by an Emotet spear-phishing campaign, which sent thousands of emails purporting to be from the Democratic National Committee and recruiting potential Democratic volunteers. Emotet has historically utilized a variety of lure themes leveragi...

A week in security (March 30 – April 5)

Last week on Malwarebytes Labs, we offered readers tips for safe online shopping now that cybercriminals are ramping up Internet-based attacks, showed the impact that GDPR has around the world, and helped users understand how social media platforms mine their personal data. We also hosted our...

OWASP ZAP 2.7.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

[SECURITY] Debian 7 Wheezy LTS now supporting armel and armhf

Debian Long Term Support LTS is a project created to extend the life of all Debian stable releases to at least 5 years. Thanks to the LTS sponsors, Debians buildd maintainers and the Debian FTP Team are excited to announce that two new architectures, armel and armhf, are going to be supported in...

Security, Tech Communities Rally to Support GnuPG

The last year has seen a big swing in the support from the technology community for open-source security tools, many of which are maintained by tiny staffs or volunteers. OpenSSL last year received a large chunk of funding from the Core Infrastructure Initiative, and now it’s GnuPG’s turn. After ...

[SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable

------------------------------------------------------------------------- Debian Security Advisory DSA-2907-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 16, 2014 http://www.debian.org/security/faq -...

OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities

OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. OpenEMR is ONC Complete Ambulatory EHR certified and is one of the most popular open source electronic medical records in use...

PHP Volunteer Management 1.0.2 SQL Injection

Title: PHP Volunteer Management getmessages.php SQL Injection Vulnerabilities Author: eidelweiss Twitter: @AriosRandy Website: www.eidelweiss.info Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Category: webapp php Greetz: Devilzc0de, exploit-db, G13 first vuln...

BruCON – Belgium's First Security Conference

BruCON – Belgium's First Security Conference BruCON, Belgium's first security conference is back for it's third edition on 19-22 September. After witnessing greater success in the past two years, this year's event is expected to attract more then 400 people from around Europe. BruCON conference...