ShareFile Pre-Auth RCE (CVE-2023-24489) – Assetnote
29
Aug
2023

Advisory: Flarum LFI – Assetnote

Summary An attacker with a basic user forum account can specify a malicious avatar URL that discloses the contents of…

29
Aug
2023

Is the cybersecurity community’s obsession with compliance counter-productive?

Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on…

29
Aug
2023

11 search engines for cybersecurity research you can use right now

Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below….

ShareFile Pre-Auth RCE (CVE-2023-24489) – Assetnote
29
Aug
2023

Leaking File Contents with a Blind File Oracle in Flarum – Assetnote

Flarum is a free, open source PHP-based forum software used for everything from gaming hobbyist sites to cryptocurrency discussion. A…

29
Aug
2023

IT leaders alarmed by generative AI’s SaaS security implications

IT leaders are grappling with anxiety over the risks of generative AI despite continued confidence in their software-as-a-service (SaaS) security…

UK flight plan system outage leads to hundreds of cancellations
29
Aug
2023

UK flight plan system outage leads to hundreds of cancellations – Software

Air traffic in the UK is recovering from a technology outage that caused widespread flight disruptions and cancellations overnight. The…

A week in security (August 21 - August 27)
29
Aug
2023

A week in security (August 21 – August 27)

Last week on Malwarebytes Labs: Teenage members of Lapsus$ ransomware gang convicted Update now! Google Chrome’s first weekly update has…

Virgin Australia baggage tracking tool takes off
29
Aug
2023

Virgin Australia baggage tracking tool takes off – Software

Virgin Australia has released a baggage tracking tool for more than two-thirds of its domestic network. The airline’s new digital…

2.6 million DuoLingo users have scraped data released
29
Aug
2023

2.6 million DuoLingo users have scraped data released

Using an openly available API, cybercrimnals were able to scrape the data of 2.6 million DuoLingo users. An unknown party…

Researchers demo bug-chaining of Juniper Networks vulnerabilities
29
Aug
2023

Researchers demo bug-chaining of Juniper Networks vulnerabilities – Security

Security researchers have published a proof-of-concept for vulnerabilities recently disclosed by Juniper Networks. The company said that while the vulnerabilities…

How to hide a malicious word document in a PDF to avoid EDR or AV detection
29
Aug
2023

How to hide a malicious word document in a PDF to avoid EDR or AV detection

In order to avoid being discovered, hackers used a novel technique that they named “MalDoc in PDF” to embed a…

Google strengthens its Workplace suite protection
29
Aug
2023

Google strengthens its Workplace suite protection

We take a look at how Google is strengthening protections across its Workplace products, and Gmail in particular. Google has…