White House Directs Federal Agencies to Improve Logging Capabilities
The White House has directed federal agencies to improve their logging capabilities in order to accelerate cybersecurity incident response, according...
Month: September 2021
Hackers are Selling Tool to Hide Malware in GPUs
Cybercriminals are moving towards malware attacks that can execute code from a hacked system's graphics processing unit (GPU). Although the...
QakBot technical analysis
Main description QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a...
Community Contributors Program
Now that Defcon and Blackhat are checked off for the year, we can get back to real work the fun...
KnockOutlook – A Little Tool To Play With Outlook
"The best feeling is to win by knockout." - Nonito Donaire OverviewKnockOutlook is a C# project that interacts with Outlook's...
Assless-Chaps – Crack MSCHAPv2 Challenge/Responses Quickly Using A Database Of NT Hashes
Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes IntroductionAssless CHAPs is an efficient way to recover the NT...
Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE
Threat actors are actively exploiting a recently patched vulnerability in Atlassian’s Confluence enterprise collaboration product. Threat actors were spotted exploiting...
Cyber Defense Magazine – September 2021 has arrived. Enjoy it!
Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with 161 pages of excellent...
Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists
Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code...
Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93
Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty...
Mozi infections will slightly decrease but it will stay alive for some time to come
The Mozi botnet continues to spread despite the arrest of its alleged author and experts believe that it will run...
QNAP will patche OpenSSL flaws in its NAS devices
Network-attached storage (NAS) appliance maker QNAP is working on security patches for its products affected by recently fixed OpenSSL flaws. Taiwanese...
CVE-2021-3682
Summary: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs...
CVE-2021-1523
Summary: A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated,...
CVE-2021-1523
Summary: A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated,...
CVE-2021-24580
Summary: The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the...
CVE-2021-38714
Summary: In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability...
CVE-2017-16875
Summary: An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue...
FTC bans SpyFone and its CEO from continuing to sell stalkerware
Nearly two years after the US Federal Trade Commission first took aim against mobile apps that can non-consensually track people’s...
Google Play sign-ins can be abused to track another person’s movements
Even people that have been involved in cybersecurity for over 20 years make mistakes. I’m not sure whether that is...
Macs turn on apps signed by Symantec, treat them as malware
On August 23, following an update to Apple’s XProtect system—one of the security features built into macOS—some Mac users began...
Kaspersky Lab has reported about Android viruses designed to steal money automatically
Viktor Chebyshev, a leading researcher of mobile threats at Kaspersky Lab, spoke in an interview with Russian newspaper Izvestia about...
Experts Find Vulnerabilities in AMD Zen Processor
German cybersecurity experts at TU Dresden discovered that Zen processor of AMD is susceptible to data-bothering meltdown like attacks in...
Do Not Use Single-Factor Authentication on Internet-Exposed Systems, CISA Warns
The US Cybersecurity and Infrastructure Security Agency (CISA) this week added single-factor authentication (SFA) to a very short list of...
