Threat profile: Ranzy Locker ransomware
Ranzy Locker ransomware emerged in late 2020, when the variant began to target victims in the United States. According to a flash alert issued...
Month: October 2021
CVE-2020-28969
Summary: Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via...
CVE-2019-10240
Summary: Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of...
CVE-2021-24487
Summary: The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text...
CVE-2021-34854
Summary: This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must...
CVE-2021-34762
Summary: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote...
German investigators identify crypto millionaire behind REvil operations
German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the...
DonPAPI – Dumping DPAPI Credz Remotely
Dumping revelant information on compromised targets without AV detection DPAPI dumpingLots of credentials are protected by DPAPI. We aim at...
What is fileless malware?
Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory...
Crooks steal $130 million worth of cryptocurrency assets from Cream Finance
Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. C.R.E.A.M. Finance...
Extracting type information from Go binaries
During the 2021 edition of the SAS conference, I had the pleasure of delivering a workshop focused on reverse-engineering Go...
Avast releases free decrypters for AtomSilo and LockFile ransomware families
Security firm Avast released today decryptors for AtomSilo and LockFile ransomware that allow victims to recover their files for free....
Grief ransomware gang hit US National Rifle Association (NRA)
Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their...
Clash – A Rule-Based Tunnel In Go
Download Clash If you like the site, please consider joining the telegram channel or supporting us on Patreon using the...
Avast released a free decryptor for Babuk ransomware
Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for...
CVE-2021-38479
Summary: Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory...
CVE-2021-42106
Summary: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and...
CVE-2021-30359
Summary: The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during...
CVE-2021-42107
Summary: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and...
CVE-2021-42108
Summary: Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free...
The 9th edition of the ENISA Threat Landscape (ETL) report is out!
I’m proud to announce the release of the 9th edition of the ENISA Threat Landscape (ETL) on the state of...
Watch out for the Steam skin “free knife” scam
Have you ever had someone run up to you in the street and insist you take their free knife? I...
Update now! Apple patches bugs in iOS and iPadOS
On two consecutive days Apple has released a few important patches. iOS 14.8.1 comes just a month after releasing iOS...
Lorsrf – SSRF Parameter Bruteforce
Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST MethodsNOTELorsrf has been added to scant3r with useful...
