VMware fixes command injection issue in vSphere Replication
VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches...
France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers
French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security...
CVE-2020-11858
Summary: Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility...
CVE-2020-8639
Summary: An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading...
CVE-2021-21289
Summary: Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before...
CVE-2021-0326
Summary: In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This...
CVE-2020-25237
Summary: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions...
Ge.tt – 2,481,121 breached accounts
In May 2017, the file sharing platform Ge.tt suffered a data breach. The data was subsequently put up for sale...
Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E01
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Gang arrested for SIM-swapping celebrities, stealing $100 million
The UK’s National Crime Agency (NCA)—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorney’s...
Yandex Suffers Data Breach, Exposes Email Accounts
Russian internet and search organization Yandex declared on Friday that one of its system administrators had enabled unapproved access to...
US court sentenced Ukrainian to seven years in prison for electronic fraud
A court in the United States has sentenced Ukrainian citizen Alexander Musienko to more than seven years in prison for...
RansomExx Gang Target French Health Insurance Company in a Ransomware Attack
Mutuelle Nationale des Hospitaliers (MNH), a French health insurance company has been hit by a ransomware attack that has severely...
PayPal Suffered Cross-Site Scripting -XSS Vulnerability
The PayPal currency converter functionality was damaged by severe cross-site scripting (XSS) vulnerability. An attacker might be able to run...
FBI Warns About Using TeamViewer and Windows 7
The FBI issued this week a Private Industry Notification (PIN) caution to warn organizations about the dangers of utilizing obsolete...
Spam and phishing in 2020
Figures of the year In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 p.p....
Gitlab-Watchman – Monitoring GitLab For Sensitive Data Shared Publicly
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally....
OSV – Open Source Vulnerability DB And Triage Service
OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and...
The malicious code in SolarWinds attack was the work of 1,000+ developers
Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed...
French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine
An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the...
The kingpin behind Joker’s Stash retires with a billionaire exit
The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the...
CVE-2021-26117
Summary: The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this...
CVE-2021-3156
Summary: Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line...
CVE-2021-3156
Summary: Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line...
