April 2021 Security Patch Day fixes a critical flaw in SAP Commerce
April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them...
Month: April 2021
For the second time in a week, a Google Chromium zero-day released online
For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple...
WhatsApp flaws could have allowed hackers to remotely hack mobile devices
WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s...
CVE-2021-30185
Summary: CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. Reference Links(if available): https://github.com/indico/indico/releases/tag/v2.3.4...
CVE-2020-14104
Summary: A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50. Reference...
CVE-2021-30184
Summary: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related...
CVE-2021-24027
Summary: A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed...
CVE-2021-21423
Summary: `projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`,...
FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box
A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. A press release from...
Update now! Chrome needs patching against two in-the-wild exploits
A day late and a dollar short is a well-known expression that comes in a few variations. But this version...
Ransomware disrupts food supply chain, Exchange exploitation suspected
When malware found its way into the network of Bakker Logistiek, a company specializing in the transport and warehousing of...
Linux, MacOS Malware Hidden in Fake Browserify NPM Package
Over the course of the weekend, Sonatype's automated malware detection system spotted a serious exceptional malware sample published to the...
Banks have assessed the security of digital ruble payments
Major Russian banks are ready to take part in testing the digital ruble and have no doubt that it will...
Cybercriminals Are Using Google URLs as a Weapon to Spread Malware
Security researchers at Microsoft warned the organizations of a new phishing campaign, they have been tracking activity where contact forms...
Russian expert give tips on how to protect yourself from “eavesdropping” on your smartphone
A smartphone can "eavesdrop" on its owner, said information and computer security expert Sergei Vakulin. In an interview with Radio...
Research Study shows that 100 Million IOT Devices are at Risk
Forescout Research Labs has disclosed a new collection of DNS vulnerabilities in collaboration with JSOF, potentially impacting over 100 million...
MoveKit – Cobalt Strike Kit For Lateral Movement
Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the execute_assembly function with the SharpMove and...
Adfsbrute – A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks
A script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing...
FireEye: 650 new threat groups were tracked in 2020
FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked...
FBI silently removed web shells planted on Microsoft Exchange servers in the US
FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious...
Sweden blames Russia for Swedish Sports Confederation hack
The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The Swedish...
Microsoft fixes 2 critical Exchange Server flaws reported by the NSA
Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the...
Adobe addresses two critical vulnerabilities in Photoshop
Adobe has addressed security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Adobe has fixed ten security...
NAME:WRECK, a potential IoT trainwreck
A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Potentially...
