The Hacker Behind the Biggest Crypto Heist is Refusing to Return the Remaining Funds
The Poly Network attack took place two weeks ago, but the narrative is far from finished. Mr. White Hat, an...
Month: August 2021
Belarus Organizations are Being Targeted by Cyber Partisan
A clandestine hacking organization successfully attacked both the government of Belarus and their Police, which provided these criminals with access...
Google Play is Infested with Fake Crypto Mining Apps
Google has deleted eight bogus mobile apps from the Play Store that pretend to be bitcoin cloud-mining apps but are...
PackageDNA – Tool To Analyze Software Packages Of Different Programming Languages That Are Being Or Will Be Used In Their Codes
This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being...
FisherMan – CLI Program That Collects Information From Facebook User Profiles Via Selenium
Search for public profile information on FacebookInstallation# clone the repo$ git clone https://github.com/Godofcoffe/FisherMan# change the working directory to FisherMan$ cd...
Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software
The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems...
Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices
Mozi botnet continues to evolve, its authors implemented new capabilities to target Netgear, Huawei, and ZTE network gateways. Microsoft researchers...
Cisco warns of Server Name Identification data exfiltration flaw in multiple products
Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns....
637 flaws in industrial control system (ICS) products were published in H1 2021
During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76...
Threat actors stole $97 million from Liquid cryptocurency exchange
Japanese cryptocurrency exchange Liquid was hit by a cyber attack, threat actors stole $97 Million worth of crypto-currency assets from...
Cisco will not patch critical flaw CVE-2021-34730 in EoF routers
Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W...
CVE-2021-31292
Summary: An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a...
CVE-2021-1106
Summary: NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may...
CVE-2020-28052
Summary: An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method...
CVE-2021-38592
Summary: Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). Reference Links(if available): https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wasm3/OSV-2021-676.yaml https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33554...
CVE-2021-38380
Summary: Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read....
CVE-2020-7246 – qdPM / qdPM – Unrestricted file upload
Summary: CVE-2020-7246 is an unrestricted file upload vulnerability impacting qdPM versions 9.1 and earlier. An exploit was observed in open...
Cisco Small Business routers vulnerable to remote attacks, won’t get a patch
In a security advisory, Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small...
T-Mobile customers, change your PINs
At the end of last week, T-Mobile was investigating reports of a “massive” customer data breach. A hacker claimed to stolen 100...
Beware of COVID Pass scams
You’ve likely seen fake parcel delivery texts in the news recently, and we’ve covered a few of these ourselves. SMS...
Kaspersky Lab detected 1,500 phishing resources targeting crypto investors
Since the beginning of the year, Kaspersky Lab has detected more than 1,500 fraudulent resources around the world aimed at...
HolesWarm Cryptominer Botnet Targets Unpatched Windows, Linux Servers
Researchers at Tencent have issued a warning regarding a HolesWarm cryptominer malware campaign that has exploited more than 20 known...
FBI: Credential Stuffing Attacks on Grocery and Food Delivery Services
According to the FBI, hackers are hacking online accounts at grocery shops, restaurants, and food delivery services using credential stuffing...
Roskomnadzor accused Google of blackmail and pressure on the court
Representatives of Roskomnadzor accused the American corporation Google of blackmail after its statement about possible risks for Russia associated with...
