Russian experts give tips on how to prevent personal data leakage
In Russia, the number of cyber attacks increased by almost a quarter in the first quarter of 2020, said Anton...
Month: January 2021
India the Internet Blackout Capital of the World
Cutting off the internet and its services has become a trend in a country like India. The government claims that...
NameSouth’s Data Leaked for not Paying Ransom to Cybercriminals
NameSouth is by all accounts the most recent casualty of the ransomware group that surfaced at some point in 2019....
Hack-Tools v0.3.0 – The All-In-One Red Team Extension For Web Pentester
The all-in-one Red Team browser extension for Web PentestersHackTools, is a web extension facilitating your web application penetration tests, it...
[KIS-2021-01] IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability
Posted by Egidio Romano on Jan 06----------------------------------------------------------------------------- IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability ----------------------------------------------------------------------------- Software...
Backdoor.Win32.Zombam.k / Remote Stack Buffer Overflow
Posted by malvuln on Jan 06Discovery / credits: malvuln - Malvuln.com (c) 2021 Original source:https://malvuln.com/advisory/79d9908b6769e64f922e74a090f5ceeb.txt Contact: malvuln13 () gmail com...
Files.com – Auth Bypass (Fat Client)
Posted by Balázs Hambalkó on Jan 06Hi, Vendor: Files.com Product: Fat Client Tested version: 3.3.6 but newer version high likely...
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Posted by Aki Tuomi on Jan 06Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009 (Bug...
What’s New in InsightVM: Q4 2020 in Review
Improvements made to the Goals and SLAs wizardWe’re excited to announce that creating a goal or SLA in InsightVM just...
How to Integrate a Thinkst Canary Token with Telegram
Thinkst Canary Token WTF is a canary token I hear some of you ask? Well, they are pretty nifty little...
Fake Trump sex video used to spread QNode RAT
Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as...
Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack
Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor...
FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack
A joint statement issued by US security agencies confirmed that Russia was likely the origin of the SolarWinds supply chain...
New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users
Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from...
CVE-2020-35269
Summary: Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding –...
CVE-2020-13654
Summary: XWiki Platform before 12.8 mishandles escaping in the property displayer. Reference Links(if available): https://github.com/xwiki/xwiki-platform/compare/xwiki-platform-12.7.1...xwiki-platform-12.8 https://jira.xwiki.org/browse/XWIKI-17374 https://github.com/xwiki/xwiki-platform/pull/1315 CVSS Score (if...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-25845
Summary: Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected...
CVE-2019-19680
Summary: A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22...
Thousands infected by trojan that targets cryptocurrency users on Windows, Mac and Linux
Researchers have found a new remote access trojan (RAT) written from scratch in Golang that lures cryptocurrency users to download...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
VPN usage is increasing, says December 2020 survey
I won’t reveal my mom’s exact age, but she’s in her late 60s. Other than her phone, my mom doesn’t...
Security Analysis: The Rise of Cybercrime Underworld and Hacking Groups
During the Covid-19 pandemic, educational institutions, health agencies, and other significant organizations have suffered the most from cyberattacks. As if...
SolarWinds Attack Update: Russian Hackers Breached 250 US Agencies and Top Companies
More than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. The attackers gained...
