Critical LFI Vulnerability Reported in Hashnode Blogging Platform
Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server’s IP address, and other network i…
Website with embedded PDFs and JavaScript for Acrobat
Context
On my website, users can upload their PDF files, and then some, other users can view the uploaded PDF files.
I was wondering if this could come with security issues.
The uploaded PDF are simply displayed on the website thanks to: &…
NimPackt-v1 – Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit
By Cas van Cooten (@chvancooten) With special thanks to Marcello Salvati (@byt3bl33der) and Fabian Mosch (@S3cur3Th1sSh1t) Description Update: NimPackt-v1 is among the worst code I have ever written (I was just starting out learning Nim). Because …
A strange notification from Eset IS
Could anyone shed a light about the meaning of this notification? Does this indicate a harmful action? I have never seen such before
Conti ransomware offshoot targets Russian organizations
A new Conti variant was explicitly designed to target Russian organizations.
The post Conti ransomware offshoot targets Russian organizations appeared first on Malwarebytes Labs.
E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware
Senior officials in the European Union were allegedly targeted with NSO Group’s infamous Pegasus surveillance tool, according to a new report from Reuters.
At least five individuals, including European Justice Commissioner Didier Reynders, are said to…
How to password protect a folder
This article explains how to password protect a folder on Windows and macOS systems. What are your free options?
The post How to password protect a folder appeared first on Malwarebytes Labs.
Apps removed from Google Play for harvesting user data
We take a look at a collection of apps which were all harvesting user data via an SDK promising “monetisation”.
The post Apps removed from Google Play for harvesting user data appeared first on Malwarebytes Labs.
USPS “Your package could not be delivered” text is a smishing scam
We look at an SMS which claims you have a USPS redelivery needing to be rescheduled, and explain why it’s not what it seems.
The post USPS “Your package could not be delivered” text is a smishing scam appeared first on Malwarebytes Labs.