New Zealand-based cryptocurrency exchange Cryptopia hacked again
The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019...
Month: February 2021
Security Affairs newsletter Round 303
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Experts found a critical authentication bypass flaw in Rockwell Automation software
A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical...
Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha
‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. A cybercrime group...
CVE-2021-20247
Summary: A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB...
CVE-2020-7846
Summary: Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads...
CVE-2021-22882
Summary: UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause...
CVE-2020-0822
Summary: An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language...
CVE-2020-8022
Summary: A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server...
To pay, or not to pay? That is the VPN question
VPNs have been a subject of deliberation for a long time. Is it even important to use one? I think...
Steris Corporation, The Latest Victim of Ransomware Gang Called ‘Clop’.
Data related to a customer of a recently targeted California-based private cloud solutions firm Accellion is being published online...
SQL Triggers Used by Hackers to Compromise User Database
Over the past year, a broader pattern of WordPress malware with SQL triggers has occurred within infected databases to mask...
Pillager – Filesystems For Sensitive Information With Go
Pillager is designed to provide a simple means of leveraging Go's strong concurrency model to recursively search directories for sensitive...
Gatekeeper – First Open-Source DDoS Protection System
Gatekeeper is the first open source DoS protection system. It is designed to scale to any peak bandwidth, so it...
T-Mobile customers were hit with SIM swapping attacks
The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks....
New Ryuk ransomware implements self-spreading capabilities
French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks....
Microsoft releases open-source CodeQL queries to assess Solorigate compromise
Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack...
CVE-2021-26683
Summary: A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1....
CVE-2020-11223
Summary: Out of bound in camera driver due to lack of check of validation of array index before copying into...
CVE-2021-20247
Summary: A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB...
CVE-2020-7846
Summary: Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads...
CVE-2021-22882
Summary: UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause...
TikTok pays $92 million to end data theft lawsuit
TikTok, the now widely popular social media platform that allows users to create, share, and discover, short video clips has...
Unprotected Private Key Allows Remote Hacking of PLCs
Industrial associations have been cautioned for this present week that a critical authentication bypass vulnerability can permit hackers to remotely...
