Open Source Tool | vPrioritization | Risk Prioritization Framework
Posted by Pramod Rana on Sep 04It is no secret that today we have more vulnerabilities than we can assess...
Year: 2020
Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) – exploit
Posted by Red Timmy Security on Sep 04Hi, we have just released an exploit for CVE-2020-13162. This vulnerability affects the...
Noise-Java ChaChaPolyCipherState.encryptWithAd() insufficient boundary checks
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java ChaChaPolyCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25021...
Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25023...
Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25022...
PCI DSS compliance: why it’s important and how to adhere
PCI DSS is short for Payment Card Industry Data Security Standard. Every party involved in accepting credit card payments is...
Russian experts warn about security risks of Bluetooth on a smartphone
Associate Professor of computer science at the Russian University of Economics, Alexander Timofeev said that hackers can use Bluetooth to...
Norwegian Parliament Hit by a Cyber-Attack on Its Internal Email System
Stortinget, the Norwegian Parliament succumbed to a cyber-attack that targeted its internal email system. The news came in on Tuesday...
Emotet Botnet Operators Switching to a New Template Named ‘Red Dawn’
Emotet malware has been continually evolving to the levels of technically sophisticated malware that has a major role in the...
IT threat evolution Q2 2020. Mobile statistics
IT threat evolution Q2 2020. ReviewIT threat evolution Q2 2020. PC statistics These statistics are based on detection verdicts of...
IT threat evolution Q2 2020. PC statistics
IT threat evolution Q2 2020. ReviewIT threat evolution Q2 2020. Mobile statistics These statistics are based on detection verdicts of...
IT threat evolution Q2 2020
IT threat evolution Q2 2020. PC statisticsIT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight...
Geo-Recon – An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.SetupThis tool is compactible...
Bbrecon – Python Library And CLI For The Bug Bounty Recon API
Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide...
How to keep K–12 distance learners cybersecure this school year
With the pandemic still in full swing, educational institutions across the US are kicking off the 2020–2021 school year in...
Cyber Criminals broke into the database of patients of the Russian cancer center and demanded a ransom
The Sverdlovsk Regional Clinical Center was hacked. Svetlana Lavrova, a neurophysiologist, told about this on her Facebook page.“The data of...
Anubis Malware that Attacks Windows Users
In a recent cybersecurity incident, Microsoft reports of a new malware called 'Anubis.' Anubis is not related to any banking...
Operation PowerFall: CVE-2020-0986 and variants
In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a...
SpaceSiren – A Honey Token Manager And Alert System For AWS
SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and...
LOLBITS v2.0.0 – C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion
LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service (BITS) to establish the communication channel between the...
SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W
Posted by SEC Consult Vulnerability Lab on Sep 02SEC Consult Vulnerability Lab Security Advisory < 20200902-0 > ======================================================================= title: Multiple...
This One Time on a Pen Test: Playing Social Security Slots
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Apple notarization process, meant to protect, approved Shlayer malware
Apple appears to have inadvertently approved OSX.Shlayer malware as part of the security notarization process it has touted would boost...
Experian (South Africa) – 1,284,637 breached accounts
In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of...
