Author: Cybernoz

Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript
16
Jan
2024

Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript

I was hacking on a bug bounty program recently and discovered that the website is signing every request, preventing you…

Citrix
16
Jan
2024

Citrix warns of new Netscaler zero-days exploited in attacks

Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day…

Medion fined for SIM-swap code breaches
16
Jan
2024

Medion fined for SIM-swap code breaches – Telco/ISP

Medion Australia has paid a penalty of nearly $260,000 for not complying with customer identification rules. Announcing the $259,440 penalty,…

Google Chrome
16
Jan
2024

Google fixes first actively exploited Chrome zero-day of 2024

Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of…

Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
16
Jan
2024

Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets

Group-IB Global Pvt. Ltd. has revealed shocking details on Inferno Drainer, a phishing operation targeting cryptocurrency wallet providers. The scam,…

Critical RCE flaw impacts VMware Aria Operations Networks
16
Jan
2024

VMware fixed a critical flaw in Aria Automation. Patch it now!

VMware fixed a critical flaw in Aria Automation. Patch it now! Pierluigi Paganini January 16, 2024 VMware warns customers of…

Hacker
16
Jan
2024

Androxgh0st malware botnet steals AWS, Microsoft credentials

CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential…

Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks
16
Jan
2024

Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks

The vulnerabilities in Ivanti VPN devices enable remote, unauthenticated hackers to compromise targeted devices, execute arbitrary commands, infiltrate internal networks,…

Atlassian reveals critical Confluence RCE flaw, urges "immediate action" (CVE-2023-22527)
16
Jan
2024

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code…

Network cables plugged into a switch
16
Jan
2024

PixieFail flaws impact PXE network boot in enterprise systems

A set of nine vulnerabilities, collectively called ‘PixieFail,’ impact the IPv6 network protocol stack of Tianocore’s EDK II, the open-source…

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data
16
Jan
2024

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips…

The Lock and Code logo, which includes the Malwarebytes Labs insignia ensconced in a pair of headphones
16
Jan
2024

A true tale of virtual kidnapping: Lock and Code S05E02

This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of…