Adobe addresses a critical vulnerability in ColdFusion product
Adobe has released security updates to address a critical vulnerability in the ColdFusion product (versions 2021, 2016, and 2018) that could lead...
Abusing distance learning software to hack into student PCs
Experts uncovered critical flaws in the Netop Vision Pro distance learning software used by many schools to control remote learning...
CVE-2021-27057
Summary: Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27059. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057 https://www.zerodayinitiative.com/advisories/ZDI-21-334/...
CVE-2021-26991
Summary: Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote...
CVE-2021-26992
Summary: Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause...
CVE-2021-28419
Summary: The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to...
CVE-2021-20678
Summary: SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary...
Safe Connections Act could help domestic abuse survivors take control of their digital lives
A bill introduced in the US Senate could help domestic abuse and sex trafficking survivors—including those tracked by stalkerware-type applications—regain...
How to enable Facebook’s hardware key authentication for iOS and Android
Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts....
Report goes “behind enemy lines” to reveal SilverFish cyber-espionage group
The PRODAFT Threat Intelligence Team has published a report (pdf) that gives an unusually clear look at the size and...
Beware of Android Apps While Giving Access to Your Mobile Data
Have you ever thought about privacy while giving access to the app makers about your contact list, camera, recording, location,...
Malware Campaign Targets Telegram Desktop Application
An independent security researcher based in Basel, Switzerland, Jannis Kirschner, began to look for the widely known Telegram desktop version...
PRODAFT Accessed Servers of a SolarWinds Hacker
A Swiss cybersecurity firm says it has accessed servers utilized by a hacking group attached to the SolarWinds breach, uncovering...
ProxyLogon – PoC Exploit for Microsoft Exchange
PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanullHow to use:python proxylogon.py <name or IP of server> <user@fqdn> Example:python proxylogon.py...
Netmap.Js – Fast Browser-Based Network Discovery Module
Fast browser-based network discovery module Descriptionnetmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website...
SOC Automation with InsightIDR and InsightConnect: Three Key Use Cases to Explore to Optimize Your Security Operations
You probably already know that SOC automation with InsightIDR and InsightConnect can decrease your #MeanTimeToResponse. It may not be a...
RCE flaw in Apache OFBiz could allow to take over the ERP system
The Apache Software Foundation fixed a high severity remote code execution flaw in Apache OFBiz that could have allowed attackers...
Which is the Threat landscape for the ICS sector in 2020?
The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering...
CVE-2021-27892
Summary: SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. Reference...
CVE-2021-25289
Summary: An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files...
CVE-2021-28295
Summary: Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure....
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-35654
Summary: In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation...
