Administrators of bulletproof hosting sentenced to prison in the US
The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United...
Month: October 2021
CVE-2021-42340
Summary: The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and...
CVE-2021-29679
Summary: IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing...
CVE-2021-42369
Summary: Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement...
CVE-2021-29745
Summary: IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access...
CVE-2021-40991
Summary: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x...
Update now! Chrome fixes more security issues
For the third time in a month Google has issued an update to patch for several security issues. This time...
Chrome targeted by Magnitude exploit kit
Exploit kits (EK) are not as widespread as they used to be. One of the reasons is likely that most...
NTFSTool – Forensics Tool For NTFS (Parser, MTF, Bitlocker, Deleted Files)
NTFSTool is a forensic tool focused on NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also...
US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes
The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes....
Top 5 Attack Vectors to Look Out For in 2022
Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look...
Russian-speaking cybercrime evolution: What changed from 2016 to 2021
Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in...
YouTube creators’ accounts hijacked with cookie-stealing malware
A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated...
PurpleFox botnet variant uses WebSockets for more secure C2 communication
Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers...
Metabadger – Prevent SSRF Attacks On AWS EC2 Via Automated Upgrades To The More Secure Instance Metadata Service V2 (IMDSv2)
Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).MetabadgerPurpose and functionalityDiagnose...
High school student rickrolls entire school district, and gets praised
A student at a high school in Cook County successfully hacked into the Internet-of-Things (IoT) devices of one of the...
How to delete your Snapchat account
Snapchat is an instant messaging app popular with youngsters that allows users to send pictures and videos that are only...
CVE-2021-30869
Summary: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4...
CVE-2021-30869
Summary: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4...
CVE-2021-30869
Summary: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4...
CVE-2020-19954
Summary: An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary...
CVE-2018-13982
Summary: Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This...
CVE-2021-29427
Summary: In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure...
CVE-2021-29428
Summary: In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that...
