Russian-speaking cybercrime evolution: What changed from 2016 to 2021
Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in...
Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in...
A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated...
Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers...
Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).MetabadgerPurpose and functionalityDiagnose...
A student at a high school in Cook County successfully hacked into the Internet-of-Things (IoT) devices of one of the...
Snapchat is an instant messaging app popular with youngsters that allows users to send pictures and videos that are only...
Summary: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4...
Summary: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4...
Summary: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4...
Summary: An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary...
Summary: Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This...
Summary: In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure...
Summary: In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that...
Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors...
China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A...
A tool which creates a spoof code signing  to sign a file with a valid code signing certificate use the...
Zero-day exploit broker Zerodium announced it is looking for zero-day vulnerabilities in the Windows clients of ExpressVPN, NordVPN, and Surfshark....
Summary: Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40466, CVE-2021-40467. Reference...
Summary: Windows TCP/IP Denial of Service Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36953 CVSS Score (if available) v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P v3: /...
Summary: Microsoft Exchange Server Denial of Service Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453 CVSS Score (if available) v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P v3:...
Summary: Windows HTTP.sys Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26442 CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P v3: /...
Summary: Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345. Reference Links(if...
Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016...
This blog post was authored by Jérôme Segura Although global e-commerce is continuing to grow rapidly, it seems as though...