The scammers who scam scammers on cybercrime forums: Part 1

Credit to Author: Matt Wixey| Date: Wed, 07 Dec 2022 17:00:36 +0000

A shadowy sub-economy is more than just a curiosity – it’s booming business, and also an opportunity for defenders. In the first of a four-part series, we look at the forums involved, and how they deal with scammers scamming scammers

Read more

Serious vulnerabilities found in ITarian software, patches available for SaaS products

Credit to Author: Pieter Arntz| Date: Mon, 13 Jun 2022 12:25:19 +0000

Researchers at DIVD found vulnerabilities in ITarian products and worked with the vendor to develop patches. These patches are now available.

The post Serious vulnerabilities found in ITarian software, patches available for SaaS products appeared first on Malwarebytes Labs.

Read more

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

Credit to Author: Pieter Arntz| Date: Tue, 17 May 2022 19:37:25 +0000

A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.

The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.

Read more

Threat actor steals email with Zimbra zero-day

Credit to Author: Pieter Arntz| Date: Fri, 04 Feb 2022 16:07:15 +0000

Researchers have uncovered a targeted phishing campaign exploiting a XSS zero-day vulnerability in the Zimbra email platform.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post Threat actor steals email with Zimbra zero-day appeared first on Malwarebytes Labs.

Read more

How to harden AdwCleaner’s web backend using PHP

Credit to Author: Jérôme Boursier| Date: Wed, 06 Dec 2017 16:00:28 +0000

More and more applications are moving from desktop to the web, where they are particularly exposed to security risks. They are often tied to a database backend, and thus need to be properly secured, even though most of the time they are designed to restrict access to authenticated users only. PHP is used to develop…

Categories:

Tags:

(Read more…)

The post How to harden AdwCleaner’s web backend using PHP appeared first on Malwarebytes Labs.

Read more

SSD Advisory – Webmin Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Sun, 15 Oct 2017 06:54:31 +0000

Vulnerability summary The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 Webmin “is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets … Continue reading SSD Advisory – Webmin Multiple Vulnerabilities

Read more