Pegasus iPhone Hacks Used as Bait in Extortion Scam
A new extortion fraud attempts to profit from the recent Pegasus iOS spyware attacks to threaten victims to pay a...
Keimpx – Check For Valid Credentials Across A Network Over SMB
keimpx is an open source tool, released under the Apache License 2.0. It can be used to quickly check for...
SQLancer – Detecting Logic Bugs In DBMS
SQLancer (Synthesized Query Lancer) is a tool to automatically test Database Management Systems (DBMS) in order to find logic bugs...
Security Affairs newsletter Round 328
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
T-Mobile data breach could be worse than initially thought, 54 million customers impacted
T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals...
U.S. State Department was recently hit by a cyber attack
The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command might have suffered...
New LockFile ransomware gang uses ProxyShell and PetitPotam exploits
A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang...
CVE-2021-38585
Summary: The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). Reference Links(if available): https://docs.cpanel.net/changelogs/98-change-log/ CVSS Score...
CVE-2021-38584
Summary: The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). Reference Links(if available): https://docs.cpanel.net/changelogs/98-change-log/ CVSS Score...
CVE-2020-0570
Summary: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially...
CVE-2021-38512
Summary: An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur,...
Mozi P2P Malware Targets Netgear, Huawei, and ZTE Network Gateways
Mozi, a peer-to-peer (P2P) malware known to target internet-of-things devices, has developed new capabilities to target network gateways manufactured by...
Zix: Attackers Increasingly Adopting New Techniques to Target Users
Cybercriminals are continuously expanding their toolkit by experimenting with new strategies and approaches in order to improve their effectiveness against...
Hacker Rewarded With $500,000 and a CSA Job by Poly Network
Lately, it has been a turbulence-filled time for Poly Networks. The company creates software to handle the exchange between different...
Database of 70 Million AT&T Users Being Sold on a Hacker Forum
The same threat actor is selling 70 million AT&T customers' records just days after the T-Mobile data leak. The data...
XLMMacroDeobfuscator – Extract And Deobfuscate XLM Macros (A.K.A Excel 4.0 Macros)
XLMMacroDeobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM...
Brutus – An Educational Exploitation Framework Shipped On A Modular And Highly Extensible Multi-Tasking And Multi-Processing Architecture
An educational exploitation framework shipped on a modular and highly extensible multi-tasking and multi-processing architecture. Brutus: an IntroductionLooking for version...
US CISA releases guidance on how to prevent ransomware data breaches
The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks....
Lojas Renner, Brazilian largest clothing store chain, was hit by ransomware
Lojas Renner, the largest Brazilian department stores clothing company, suffered a ransomware attack that impacted its IT infrastructure. Lojas Renner,...
Emsisoft releases free SynAck ransomware decryptor
Emsisoft researchers have released a decryptor for the SynAck Ransomware that could allow victims of the gang to decrypt their...
Cloudflare mitigated the largest ever volumetric DDoS attack to date
Web infrastructure and website security company Cloudflare announced to have mitigated the largest ever volumetric DDoS attack to date. Cloudflare,...
CVE-2021-38589
Summary: In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). Reference Links(if available): https://docs.cpanel.net/changelogs/96-change-log/ CVSS...
CVE-2021-38587
Summary: In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). Reference Links(if available): https://docs.cpanel.net/changelogs/96-change-log/ CVSS Score (if...
CVE-2021-38585
Summary: The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). Reference Links(if available): https://docs.cpanel.net/changelogs/98-change-log/ CVSS Score...
