A Trio of Vulnerabilities in the Linux Kernel Can Give Attackers Root Privileges
Linux kernel distributions appear explicitly susceptible to recently uncovered vulnerabilities. In the iSCSI module, which is used for viewing shared...
Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE
Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote...
Security Affairs newsletter Round 305
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Google releases Spectre PoC code exploit for Chrome browser
Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google...
Experts found three new 15-year-old bugs in a Linux kernel module
Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on...
CVE-2018-16873
Summary: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when...
CVE-2018-16874
Summary: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed...
CVE-2019-16276
Summary: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Reference Links(if available): https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ https://github.com/golang/go/issues/34540 https://lists.fedoraproject.org/archives/list/[email protected]/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/ https://lists.fedoraproject.org/archives/list/[email protected]/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/ https://lists.fedoraproject.org/archives/list/[email protected]/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/...
CVE-2019-17596
Summary: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid...
CVE-2021-22880
Summary: The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS)...
Russian military-industrial complex announced a ban on the use of WhatsApp and Zoom for work
Business communication between defense industry employees in WhatsApp, Skype and Zoom has become stricter suppressed by the managementA source in...
Beverge Manufacturer Molson Coors Targeted in Cyber Attack
Brewing giant Molson Coors revealed on Thursday that it has experienced a ‘cybersecurity incident’ that has disrupted its operations and...
Cutwail Botnet-Led Dridex and Malicious PowerShell Related Attacks, Increase with new Scripts
IBM X-Force intelligence has observed an increase in the Cutwail botnet-led Dridex-related network attacks. Dridex is shipped via e-mail with...
HTTP Bridge – Send TCP Stream Packets Over Simple HTTP Request
I've wrote this program as a proof of concept to test the idea of be able to send tcp stream...
Gitls – Enumerate Git Repository URL From List Of URL / User / Org
Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when...
The fire in the OVH datacenter also impacted APTs and cybercrime groups
The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT...
New variant for Mac Malware XCSSET compiled for M1 Chips
Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips....
10,000+ WeLeakInfo customer records leaked
An actor claimed to have registered one of the domains of WeLeakInfo, accessed details of 10000+ WeLeakInfo’ s customers, and...
CVE-2021-26864
Summary: Windows Virtual Registry Provider Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26864 CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P...
CVE-2021-26863
Summary: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26875, CVE-2021-26900, CVE-2021-27077. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26863...
CVE-2021-26862
Summary: Windows Installer Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862 CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:C/I:C/A:C v3: /...
CVE-2021-26861
Summary: Windows Graphics Component Remote Code Execution Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26861 CVSS Score (if available) v2: / MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P v3:...
Liker – 465,141 breached accounts
In March 2020, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab...
Ransomware is targeting vulnerable Microsoft Exchange servers
The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking...
