Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code
Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor...
Year: 2021
Ziggy ransomware admin announced it will refund victims who paid the ransom
Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have...
New Purple Fox version includes Rootkit and implements wormable propagation
Researchers from Guardicore have spotted a new variant of the Purple Fox Windows malware that implements worm-like propagation capabilities. Researchers...
Experts found two flaws in Facebook for WordPress Plugin
A critical flaw in the official Facebook for WordPress plugin could be abused exploited for remote code execution attacks. Researchers...
CVE-2021-27194
Summary: Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker...
CVE-2021-27962
Summary: Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission...
CVE-2020-35492
Summary: A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who...
CVE-2017-8461
Summary: Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to...
CVE-2021-28956
Summary: ** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows...
Why you need to trust your VPN: Lock and Code S02E05
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we...
Ransomware Attacks Targeting UK’s Education Sector Increased, says NCSC
According to the warning by GCHQ's cybersecurity arm, NCSC, there has been a substantial spike in the number of ransomware...
Here are Some Interesting Facts About Website Hacking
How many websites are hacked every day? How frequently do hackers attack? Are there any solutions to fix the vulnerabilities?...
Great Britain named Russia as the main threat in cyberspace
Lindy Cameron, executive director of Britain's National Cyber Security Center (NCSC), said on Friday that the Russian Federation poses the...
BadOutlook – (Kinda) Malicious Outlook Reader
A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a...
CallObfuscator – Obfuscate Specific Windows Apis With Different APIs
Obfuscate (hide) the PE imports from static/dynamic analysis tools. TheoryThis's pretty forward, let's say I've used VirtualProtect and I want...
Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation?
A cyber attack has disrupted the Australian Channel Nine’s live broadcasts, the company was unable to transmit its Sunday morning news...
QNAP urges users to take action to protect devices against Brute-Force attacks
Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported...
Security Affairs newsletter Round 307
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
US Gov Executive Order would oblige to disclose security breach impacting gov users
According to a proposed executive order of the Biden administration, software vendors would have to disclose breaches to U.S. government...
Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom
Clop ransomware operators now email victim’s customers and ask them to demand a ransom payment to protect their privacy to...
Experts spotted a new advanced Android spyware posing as “System Update”
Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts...
CVE-2021-20214
Summary: A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client...
CVE-2021-29097
Summary: Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and...
CVE-2020-28346
Summary: ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference. Reference Links(if available): https://github.com/projectacrn/acrn-hypervisor/pull/5453 https://github.com/projectacrn/acrn-hypervisor/pull/5453/commits/ae0ab82434509d6e75f4a2f1e1a0dd2ee3dc3681 CVSS Score (if available) v2:...
