US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments
The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) linked roughly $5.2 billion worth of Bitcoin transactions to ransomware. The...
Month: October 2021
Accenture discloses data breach after LockBit ransomware attack
IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021....
Crawlergo – A Powerful Browser Crawler For Web Vulnerability Scanners
crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole...
Juniper Networks released +40 security advisories to fix +70 vulnerabilities
Cybersecurity provider Juniper Networks released more than 40 security advisories to address over 70 vulnerabilities that affect its solutions. Cybersecurity...
CVE-2021-41794
Summary: ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker...
CVE-2021-28702
Summary: PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions...
CVE-2021-20584
Summary: IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper...
CVE-2021-41916
Summary: A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a...
CVE-2021-41919
Summary: webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is...
Boffins devise a new side-channel attack affecting all AMD CPUs
A group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security devised a new...
Networkit – A Growing Open-Source Toolkit For Large-Scale Network Analysis
NetworKit is an open-source tool suite for high-performance network analysis. Its aim is to provide tools for the analysis of...
What is an .exe file? Is it the same as an executable?
You may often see .exe files but you may not know what they are. Is it the same as an...
Three more ransomware attacks hit Water and Wastewater systems in 2021
A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published...
WhatsApp made available end-to-end encrypted chat backups
WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is...
Since 2020, at least 130 different ransomware families have been active
The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has...
Adblocker promises to blocks ads, injects them instead
Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available...
ForgeCert – “Golden” Certificates
ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for...
Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020
Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced...
For the first time, an Israeli hospital was hit by a major ransomware attack
The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National...
CVE-2021-41124
Summary: Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use (http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the...
CVE-2021-34740
Summary: A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an...
CVE-2021-42086
Summary: An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access,...
CVE-2021-3581
Summary: Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value...
CVE-2021-42093
Summary: An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted...
