lenovo warranty check/lookup | check warranty status | lenovo support us

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

Categories: News Tags: WhatsApp Tags: security features Tags: Account Protect Tags: Device Verification Tags: Key Transparency Tags: Auditable Key Directory WhatsApp has announced several new security features, including one that makes it a lot easier for you to verify the contact you are communicating with. (Read more...) The post WhatsApp introduces new security features appeared first on Malwarebytes Labs.

Categories: News Tags: Data theft Tags: refine Tags: extortion Tags: blackmail Tags: money laundering Dutch police have arrested three men who stole data belonging to almost every Dutch and Austrian citizen. (Read more...) The post Arrested: Fearmongering data thieves who victimized thousands of businesses appeared first on Malwarebytes Labs.

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.

Categories: News Categories: Ransomware Tags: Ohio History Connection Tags: ransomware Tags: LockBit Tags: SSN Tags: phishing Ohio History Connection acknowledged that in a ransomware attack the attackers may have had access to 7,600 SSNs. (Read more...) The post Social Security Numbers leaked in ransomware attack on Ohio History Connection appeared first on Malwarebytes Labs.

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the host system. Exploitation will require a service or system reboot to restore normal operation. The WFSDELAY parameter is crucial for this exploit. Setting it too high will cause MANY shells (50-100+), while setting it too low will cause no shells to be obtained. WFSDELAY of 10 for a docker image caused 6 shells.

23andMe has responded in a letter to legal representatives of data breach victims that they were to blame themselves for re-using passwords

Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.