slopShell – The Only Php Webshell You Need
php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need...
SonicWall fixes an NSM On-Prem bug, patch it asap!
SonicWall urges customers to address a post-authentication flaw that affects on-premises versions of the Network Security Manager (NSM). SonicWall urges...
CVE-2020-15782 flaw in Siemens PLCs allows remote hack
Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated...
CVE-2021-27823
Summary: An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers...
CVE-2021-32606
Summary: In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free....
CVE-2020-25672
Summary: A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Reference Links(if available): https://lists.fedoraproject.org/archives/list/[email protected]/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/ http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.fedoraproject.org/archives/list/[email protected]/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/ https://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.fedoraproject.org/archives/list/[email protected]/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/...
CVE-2021-21659
Summary: Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks....
CVE-2021-20254
Summary: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix...
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances
FireEye Mandiant, working in in tandem with the Cybersecurity and Infrastructure Security Agency and Ivanti, reported details of 16 malware...
Threat spotlight: Conti, the ransomware used in the HSE healthcare attack
On the 14th of May, the Health Service Executive (HSE), Ireland’s publicly funded healthcare system, fell victim to a Conti...
SolarWinds attackers launch new campaign
Nobelium is a synthetic chemical element with the symbol No and atomic number 102. It is named in honor of...
Fujitsu ProjectWEB Tool Used as a Doorway to Target Japanese Government Offices
Cybercriminals have breached the offices of multiple Japanese agencies by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to...
Solid Edge: Solid Modeling Software Affected by Vulnerabilities
Siemens published a consumer notice on Tuesday 25th of May concerning several serious vulnerabilities impacting its Solid Edge product. The...
DubaiCoin: Dubai’s First Cryptocurrency Rose Over 100% Since its Debut
Dubai appears to have developed its own cryptocurrency, known as the DubaiCoin (DBIX). It is established on a public blockchain,...
HookDump – Security Product Hook Detection
EDR function hook dumping Please refer to the Zeroperil blog post for more information https://zeroperil.co.uk/hookdump/Building sourceIn order to build this...
AnalyticsRelationships – Get Related Domains / Subdomains By Looking At Google Analytics IDs
subdomains by looking at Google Analytics IDs > Python/GO versions > By @JosueEncinar ">> Get related domains / subdomains by...
China-linked APT groups targets orgs via Pulse Secure VPN devices
Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers...
Microsoft details new sophisticated spear-phishing attacks from NOBELIUM
Microsoft experts uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind SolarWinds hack. Microsoft Threat Intelligence...
Canada Post disclosed a ransomware attack on a third-party service provider
Canada Post disclosed a ransomware attack on a third-party service provider that exposed shipping information for their customers. Canada Post...
APT hacked a US municipal government via an unpatched Fortinet VPN
The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an...
DHS announces security measures for critical pipeline industry
The US Department of Homeland Security (DHS) has announced new cybersecurity requirements for critical pipeline owners and operators. The Colonial pipeline...
CVE-2021-1084
Summary: NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in...
CVE-2021-1085
Summary: NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to...
CVE-2019-15992
Summary: A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco...
