Olympus US was forced to take down computer systems due to cyberattack
Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a...
Update now! Apple patches another privilege escalation bug in iOS and iPadOS
Apple has released a security update for iOS and iPad that addresses a critical vulnerability reportedly being exploited in the...
ExpressVPN made a choice, and so did I: Lock and Code S02E19
On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber...
GitKraken flaw lead to the generation of weak SSH keys
Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended...
The joy of phishing your employees
Many companies set up phishing test programs for their employees, often as part of a compliance requirement involving ongoing employee...
CVE-2021-37723
Summary: A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,...
CVE-2021-37724
Summary: A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,...
CVE-2021-37725
Summary: A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software...
CVE-2020-3302
Summary: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker...
CVE-2021-41869
Summary: SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. Reference Links(if available): https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22 https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33 https://github.com/salesagility/SuiteCRM...
Inside Apple: How macOS attacks are evolving
The start of fall 2021 saw the fourth Objective by the Sea (OBTS) security conference, which is the only security...
Playbook – 50,538 breached accounts
In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug...
LinuxCatScale – Incident Response Collection And Processing Scripts With Automated Reporting Scripts
Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based...
CVE-2021-30883 – Apple / Multiple – Memory corruption
Summary: CVE-2021-30883 is a memory corruption vulnerability impacting Apple iOS versions 15.0.1 and earlier and Apple iPadOS versions 15.0.1 and...
Microsoft mitigated a record 2.4 Tbps DDoS attack in August
Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August,...
US-CERT Bulletin (SB21-284):Vulnerability Summary for the Week of October 4, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Apple released emergency update to fix zero-day actively exploited
Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the...
Security Service of Ukraine arrested a man operating a huge DDoS botnet
Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch...
Iran-linked DEV-0343 APT target US and Israeli defense technology firms
DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat...
Azur3Alph4 – A PowerShell Module That Automates Red-Team Tasks For Ops On Objective
Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE...
Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing
LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed...
CVE-2020-19131
Summary: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the...
CVE-2020-19131
Summary: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the...
CVE-2021-3749
Summary: axios is vulnerable to Inefficient Regular Expression Complexity Reference Links(if available): https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E CVSS Score (if...
