SolarWinds hackers had access to components used by Azure, Intune, and Exchange
Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange....
Month: February 2021
WatchDog botnet targets Windows and Linux servers in cryptomining campaign
PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency....
CVE-2021-21450
Summary: SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted...
CVE-2021-21449
Summary: SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted...
CVE-2021-20075
Summary: Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. Reference Links(if available): https://www.tenable.com/security/research/tra-2021-04 CVSS...
CVE-2020-26664
Summary: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via...
CVE-2021-27188
Summary: The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended...
Second malware strain primed to attack Apple’s new M1 chip identified
Along with the Pirrit Mac adware identified earlier this week, researchers from Red Canary identified Thursday a different malware strain...
Cybersecurity in Cyberpunk 2077: the good, the bad, and the cringeworthy
What game caused some players to experience seizures, allows you to have unauthorized sex with Keanu Reeves, features a lead...
Romance scams: FTC reveals $304 million of heartache
In 2020, reported losses to the FTC for romance scams went up by 50% from 2019, totalling $304 million. And...
Ukrainian police arrested members of a well-known cyber ransomware group
Members of the Egregor group, which provides the service using the Ransomware-as-a-Service (RaaS) model, have been arrested by the Ukrainian...
Cybercriminal Gang Clop Attacked an International Law Firm Jones Day For Ransom
 Jones Day, a U.S.-based international law firm has suffered a major ransomware attack, and the allegedly stolen files from Jones...
Data of 14 Million Amazon and eBay Accounts Leaked on Hacking Websites
 An anonymous user offered 14 million data from Amazon and eBay accounts on a prominent hacking website for dissemination. The...
WireBug – A Toolset For Voice-over-IP Penetration Testing
WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to...
Ghidra_Kernelcache – A Ghidra Framework For iOS Kernelcache Reverse Engineering
This framework is the end product of my experience in reverse engineering iOS kernelcache,I do manually look for vulnerabilities in...
Securing Your Web App, One Robot at a Time
Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to...
The OpenSSL Project addressed three vulnerabilities
The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The...
US DoJ charges three members of the North Korea-linked Lazarus APT group
The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department...
ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams
Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift...
CVE-2021-22857
Summary: The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system...
CVE-2021-22856
Summary: The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in...
CVE-2020-36003
Summary: The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads...
CVE-2020-7848
Summary: The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
