Security daily (21-03-2021)

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an (The Hacker News)

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the (The Hacker News)


/security-daily/ 22-03-2021 23:44:23