CVE-2021-1373
Summary: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless...
CVE-2019-16869
Summary: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which...
CVE-2020-14209
Summary: Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs...
The one reason your iPhone needs a VPN
For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones,...
5G slicing vulnerability could be used in DoS attacks
The IT security researchers at AdaptiveMobile have called out what looks like an important vulnerability in the architecture of 5G...
Steam users: Don’t fall for the “I accidentally reported you” scam
Suppose that, out of the blue, a Steam user tells you they’ve accidentally reported you for something you didn’t do,...
Beware of Ongoing Brute-Force Attacks Against NAS Devices, QNAP Warns
Taiwanese firm, QNAP has warned its clients of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urged to strengthen...
CNA Hit by a Phoenix CryptoLocker Ransomware Attack
Insurance giant, CNA had to shut down its systems and temporarily close its website due to a novel ransomware attack....
$571 Million to be Paid over Bitcoin Scam
The Commodity Futures Trading Commission on 26th March 2021 declared that the U.S. District Court for the Southern District of...
Doxing in the corporate sector
Introduction Doxing refers to the collection of confidential information about a person without their consent for the purpose of inflicting...
KICS – Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx....
Boomerang – A Tool To Expose Multiple Internal Servers To Web/Cloud
Boomerang is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports...
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of...
MDR Vendor Must-Haves, Part 2: Ingestion of Network Device Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code
Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor...
Ziggy ransomware admin announced it will refund victims who paid the ransom
Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have...
New Purple Fox version includes Rootkit and implements wormable propagation
Researchers from Guardicore have spotted a new variant of the Purple Fox Windows malware that implements worm-like propagation capabilities. Researchers...
Experts found two flaws in Facebook for WordPress Plugin
A critical flaw in the official Facebook for WordPress plugin could be abused exploited for remote code execution attacks. Researchers...
CVE-2021-27194
Summary: Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker...
CVE-2021-27962
Summary: Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission...
CVE-2020-35492
Summary: A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who...
CVE-2017-8461
Summary: Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to...
CVE-2021-28956
Summary: ** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows...
Why you need to trust your VPN: Lock and Code S02E05
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we...
