Ransomware gangs target companies involved in time-sensitive financial events, FBI warns
The FBI warns of ransomware attacks on businesses involved in “time-sensitive financial events” such as corporate mergers and acquisitions. The Federal...
Zuckerberg’s Metaverse, and the possible privacy and security concerns
The news is currently jam-packed with tales of Facebook’s Meta project. Of particular interest to me is Facebook’s long-stated desire...
Google patches zero-day vulnerability, and others, in Android
Google has issued security patches for the Android Operating System. In total, the patches address 39 vulnerabilities. There are indications...
Google triples bounty for new Linux Kernel exploitation techniques
Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news...
CVE-2020-9897
Summary: An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2,...
CVE-2020-23546
Summary: IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM...
CVE-2021-30821
Summary: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security...
CVE-2021-30818
Summary: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS...
CVE-2021-34362
Summary: A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability...
50% of internet-facing GitLab installations are still affected by a RCE flaw
Researchers warn of a now-fixed critical remote code execution (RCE) vulnerability in GitLab ‘s web interface actively exploited in the...
What is Twitch?
Twitch is primarily a site dedicated to live streaming content. It also offers the ability to chat with others in...
Trojan Source attack method allows hiding flaws in source code
Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software...
aDLL – Adventure of Dinamic Link Library
aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image...
Is Apple’s Safari browser the last, best hope for web privacy?
What browser do you use? There’s a good chance—roughly one in seven—that it’s Google Chrome. And even if you prefer...
The Toronto Transit Commission (TTC) hit by a ransomware attack
A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations. The Toronto...
Spam and phishing in Q3 2021
Quarterly highlights Scamming championship: sports-related fraud This summer and early fall saw some major international sporting events. The delayed Euro 2020...
US-CERT Bulletin (SB21-305):Vulnerability Summary for the Week of October 25, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Vimana – An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications
Vimana is a modular security framework designed to audit Python web applications.The base of the Vimana is composed of crawlers...
HelloKitty ransomware gang also targets victims with DDoS attacks
The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands)....
Lessons from a real-life ransomware attack
Ransomware attacks, despite dramatically increasing in frequency this summer, remain opaque for many potential victims. It isn’t anyone’s fault, necessarily,...
Squid Game Cryptocurrency exit scam! Operators made $2.1 Million
Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million. Operators behind the Squid Game cryptocurrency have exit...
CVE-2020-24986
Summary: Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file...
CVE-2020-11476
Summary: Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Reference Links(if available):...
CVE-2021-30886
Summary: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.0.1,...
