Data of 100 Million JustDial Customers Left Unsecured for Over a Year
The Personally Identifiable Information (PII) of approximately 100 million users of local business listing site JustDial was at stake after...
Bugs in the Zimbra Server Could Lead to Unrestricted Email Access
Multiple security flaws have been uncovered in the Zimbra email collaboration software, which could be abused to compromise email accounts...
APT trends report Q2 2021
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of...
Sniffle – A Sniffer For Bluetooth 5 And 4.X LE
Sniffle is a sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware. Sniffle has a number of useful...
Radare2 – UNIX-like Reverse Engineering Framework And Command-Line Toolset
r2 is a rewrite from scratch of radare. It provies a set of libraries, tools and plugins to ease...
LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains
A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers...
Critical flaw in Microsoft Hyper-V could allow RCE and DoS
Experts disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow executing arbitrary code on...
US, UK, and Australian agencies warn of top routinely exploited issues
A joint report published by US, UK, and Australian cyber security agencies warns of the top routinely exploited vulnerabilities in...
Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers
A China-linked cyberespionage group, tracked as PKPLUG, employed a previously undocumented strain of a RAT dubbed THOR in recent attacks....
CVE-2021-36213
Summary: HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action...
CVE-2020-36423
Summary: An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain...
CVE-2020-36426
Summary: An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). Reference...
CVE-2021-34675
Summary: Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports. Reference Links(if available): https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34675 http://basixonline.net/nex-forms-wordpress-form-builder-demo/change-log/ CVSS Score (if...
CVE-2021-34676
Summary: Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation. Reference Links(if available): https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34676 http://basixonline.net/nex-forms-wordpress-form-builder-demo/change-log/ CVSS Score (if...
Step by step guide on Setting up NordLynx Wireguard VPN in PfSense
IF you already use NordVPN, you will be well aware that they refuse to give out the WireGuard config information...
BlackMatter, a new ransomware group, claims link to DarkSide, REvil
There’s a new ransomware gang in town—and, frankly, we’re not at all surprised. After DarkSide disappeared—coincidentally, immediately after Colonial Pipeline...
The Olympics: a timeline of scams, hacks, and malware
The 2020 Olympics are, after a bit of a delayed start, officially in full swing. So too is the possibility...
UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root
Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP...
Signal Patches Zero-Day Bug in its Android App
Signal has patched a critical flaw in its Android app that, in some circumstances, sent random unintended images to contacts...
Cyberattacks Zero in Tokyo Olympics as Games Begin
Malicious malware and websites have targeted both event organizers and regular spectators as the Tokyo Olympics' opening ceremony approaches. According to...
Hackers Applying HTML Smuggling To Distribute Malware
Another latest spam E-mail operation, which abused a technique named "HTML smuggling" to circumvent E-mail security measures and transmit malware...
Fake Windows 11 Installers are Being Used to Spread Malware
Although Windows 11 isn't expected to be released until later this year, hackers have already begun attempting to use it...
DDoS attacks in Q2 2021
News overview In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the...
CredPhish – A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS
CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user...
