CVE-2020-1416
Summary: An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka...
Year: 2021
CVE-2021-22019
Summary: The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to...
CVE-2020-9759
Summary: A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain...
CVE-2021-40516
Summary: WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that...
CVE-2021-22949
Summary: A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to...
Vaccine passport app leaks users’ personal data
Security and privacy advocates may have cause to worry after all: Portpass, a vaccine passport app in Canada, has been...
Microsoft, CISA and NSA offer security tools and advice, but will you take it?
Microsoft offers to help you with patching Exchange servers, CISA offers an insider threat tool, and together with the NSA...
Instagram Kids put on hold
Instagram has announced it is pausing the development of its newest brainchild, Instagram Kids—a version of Instagram aimed at 10-12-year-olds,...
Japan mentioned Russia in its new cybersecurity strategy
The Japanese government on Tuesday officially approved a new three-year cybersecurity strategy, where Russia, China and North Korea are mentioned...
Kids Fairy Tale App Farfaria Exposed Data of 2.9 Million Users
 Cybersecurity researcher at Comparitech has identified a misconfigured MongoDB database containing a treasure trove of data left uncovered to the...
Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
 A fully working exploit for the remote code execution vulnerability in VMware vCenter labelled as CVE-2021-22005 is now publicly accessible,...
Latest Microsoft Exchange Server Feature Mitigates High-Risk Bugs
 One of the prominent targets for hackers is Microsoft Exchange, and the attack vector typically involves a popular vulnerability which...
Spoofed Zix Encrypted Email is Used in Credential Spear-Phishing
 Hackers have used a credential phishing attack to steal data from Office 365, Google Workspace, and Microsoft Exchange by spoofing...
DarkHalo after SolarWinds: the Tomiris connection
Background In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a...
Webstor – A Script To Quickly Enumerate All Websites Across All Of Your Organization’S Networks, Store Their Responses, And Query For Known Web Technologies, Such As Those With Zero-Day Vulnerabilities
 WebStor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your...
Kodex – A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code
Kodex (Community Edition - CE) is an open-source toolkit for privacy and security engineering. It helps you to automate data...
GriftHorse malware infected more than 10 million Android phones from 70 countries
Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide....
NSA, CISA release guidance on hardening remote access via VPN solutions
The U.S. CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. The U.S....
Group-IB CEO was put under arrest on treason charges
Russian media reported that the police made searches in the Moscow office of security firm Group-IB apparently linked to an...
Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit
Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI...
Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now!
Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro has released security patches...
CVE-2021-41383
Summary: setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the...
CVE-2021-41383
Summary: setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the...
CVE-2020-21547
Summary: Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. Reference Links(if available): https://github.com/saitoha/libsixel/issues/114 CVSS Score...
