Researcher Laxman Muthiyah Awarded with $50,000 for Detecting a Flaw in Microsoft Account
 A bug bounty hunter was awarded $50,000 by Microsoft for revealing a security vulnerability leading to account deprivation. The expert...
BEC Scammer Infects own Device, Exposes their Activity
 In some media depictions, criminal and state-backed hackers are constantly portrayed as cunning and sophisticated, gliding inexorably toward their most...
HiddenEyeReborn – HiddenEye With Completely New Codebase And Better Features Set
HiddenEye: Reborn is my second try on doing multi-featured tool for human mistakes exploitation. Currently, HE: RE has mainly phishing...
Sub404 – A Python Tool To Check Subdomain Takeover Vulnerability
Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it...
How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA
The European Banking Authority (EBA) disclosed a cyberattack that resulted in the hack of its Microsoft Exchange email system. The...
Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs
Microsoft updated its Microsoft Safety Scanner (MSERT) tool to detect web shells employed in the recent Exchange Server attacks. Early...
The launch of Williams new FW43B car ruined by hackers
The presentation of Williams’s new Formula One car was ruined by hackers that forced the team to abandon the launch...
Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange
Thousands of organizations may have been victims of cyberattacks on Microsoft Exchange servers conducted by China-linked threat actors since January....
CVE-2020-8277
Summary: A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could...
CVE-2021-22173
Summary: Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or...
CVE-2021-22174
Summary: Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted...
CVE-2021-21315
Summary: The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed...
CVE-2021-25306
Summary: A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force...
Thousands of U.S. Organizations Attacked in a Chinese Cyber-Espionage Campaign
 Microsoft Exchange servers have become the latest victim of Chinese-sponsored cyber-attack. Chinese hackers targeted the Microsoft Exchange Servers earlier this...
Brave Browser is About to Launch its Own Search Engine
 Brave is a free and open-source web browser based on the Chromium web browser that had been established by...
Creator of McAfee Antivirus Software Charged For Conspiracy?
 Creator of McAfee antivirus software, Businessman John McAfee is charged under a conspiracy to commit fraud and money laundering in...
Active Email Threat from Microsoft Hack, Warns White House
 The administration of Biden is highly alarming about a series of recently found cyber intrusions that were associated with China...
Doosra is Helping to Create an Alternative Digital Identity
 Facebook, WhatsApp, Twitter, and other online media platforms have been approached to verify the identity of their users — this...
Procrustes – A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on...
packetStrider – A Network Packet Forensics Tool For SSH
packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic,...
Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks
Russia-linked APT groups leveraged the Lithuanian nation’s technology infrastructure to launch cyber-attacks against targets worldwide. The annual national security threat...
Security Affairs newsletter Round 304
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims
The REvil ransomware operators are using DDoS attacks and voice calls to journalists and victim’s business partners to force victims...
