Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware
Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and...
Year: 2021
A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentials
A flaw in the Microsoft Exchange Autodiscover feature can be exploited to harvest Windows domain and app credentials. Security researchers...
CVE-2019-10172
Summary: A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but...
CVE-2019-10172
Summary: A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but...
CVE-2021-39123
Summary: Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via...
CVE-2021-41054
Summary: tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of...
CVE-2019-9489
Summary: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions...
CVE-2021-23048
Summary: On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of...
CVE-2021-30869 – Apple / Multiple – Type confusion
Summary: CVE-2021-30869 is a type confusion vulnerability impacting Apple iOS versions 12.5.4 and earlier, and macOS Catalina security update 2021-005...
Microsoft Exchange Autodiscover flaw reveals users’ passwords
Researchers have been able to get hold of 372,072 Windows domain credentials, including 96,671 unique credentials, in slightly over 4...
How to clear your cache
The term “cache” refers to a storage container. If you’re familiar with the outdoor recreational activity geocaching, you may be...
Italian mafia cybercrime sting leads to 100+ arrests
The Spanish National Police (Policía Nacional) has successfully dismantled an organized crime ring of hundreds of members in a sting...
A Second Data Breach at the Ministry of Defence has been Discovered
The email addresses of dozens more Afghans who may be eligible for relocation in the United Kingdom have been exposed...
Hackers hacked the accounts of employees of government agencies in Russia and more than ten other neighboring countries
The British company Cyjax discovered a large-scale attack against employees of state agencies in Russia and neighboring countries. Attackers create...
New Mac Malware Trick Users By Posing as Legitimate macOS Tool
Chinese cybersecurity researcher has discovered a new strain of malware that spreads via "poisoned" search-engine results. The malware dubbed ‘OSX.ZuRu’...
Russia demanded an explanation from the United States about cyber attacks during the State Duma elections
The Russian Embassy in Washington demanded an explanation from the United States about the cyber attacks that were committed on...
Microsoft Discovered a Massive Phishing-as-a-Service Operation
On September 21, Microsoft's security team announced that it has discovered a huge operation that delivers phishing services to cybercrime...
Wake me up till SAS summit ends
What do cyberthreats, Kubernetes and donuts have in common – except that all three end in “ts”, that is? All...
JSPanda – Client-Side Prototype Pullution Vulnerability Scanner
Source code analysis - Screenshot Supporting Materials : https://twitter.com/har1sec/status/1314469278322655233 https://github.com/BlackFan/client-side-prototype-pollution https://github.com/ThePacketBender/notes/blob/01c0b834f6e3ee4d934b087b2d92c9e484dc2a50/web/prototype_pollution.txt https://habr.com/ru/company/huawei/blog/547178/ https://infosecwriteups.com/javascript-prototype-pollution-practice-of-finding-and-exploitation-f97284333b2 https://github.com/securitum/research/tree/master/r2020_prototype-pollution Learn Prototype Pollution in Series -...
Wordlistgen – Quickly Generate Context-Specific Wordlists For Content Discovery From Lists Of URLs Or Paths
wordlistgen is a tool to pass a list of URLs and get back a list of relevant words for your...
BulletProofLink, a large-scale phishing-as-a-service active since 2018
Microsoft uncovered a large-scale phishing-as-a-service operation, dubbed BulletProofLink, that enabled threat actors to easily carry out malicious campaigns. Microsoft researchers...
Crystal Valley hit by ransomware attack, it is the second farming cooperative shut down in a week
Minnesota-based farming supply cooperative Crystal Valley was hit by a ransomware attack, it is the second attack against the agriculture...
CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution
CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security...
US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks
CISA, FBI, and the NSA warned today of an escalation of the attacks of the Conti ransomware gang targeting US...
