Microsoft releases open-source CodeQL queries to assess Solorigate compromise
Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack...
CVE-2021-26683
Summary: A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1....
CVE-2020-11223
Summary: Out of bound in camera driver due to lack of check of validation of array index before copying into...
CVE-2021-20247
Summary: A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB...
CVE-2020-7846
Summary: Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads...
CVE-2021-22882
Summary: UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause...
TikTok pays $92 million to end data theft lawsuit
TikTok, the now widely popular social media platform that allows users to create, share, and discover, short video clips has...
Unprotected Private Key Allows Remote Hacking of PLCs
 Industrial associations have been cautioned for this present week that a critical authentication bypass vulnerability can permit hackers to remotely...
AIVD says they face cyber attacks from Russia and China every day
According to the head of the country's General Intelligence and Security Service, these hackers break into the computers of companies...
Google Reveals Details of a Recently Patched Windows Flaw
 Google Project Zero team disclosed the details of a recently fixed Windows flaw, tracked as CVE-2021-24093, that can be compromised...
15,000 Clients Data Leaked Accidently by a Turkish Firm
 Accidentally, a law firm has disclosed client data of 15,000 incidents in which individuals have been killed and wounded after...
Turkey Dog Activity Continues to use COVID Lures
 A year into the pandemic, Turkey Dog-related activity is ongoing with campaigns that keep on utilizing the "free internet" lures....
The state of stalkerware in 2020
 The state of stalkerware in 2020 (PDF) Main findings Kaspersky’s data shows that the scale of the stalkerware issue has...
CornerShot – Amplify Network Visibility From Multiple POV Of Other Hosts
In warfare, CornerShot is a weapon that allows a soldier to look past a corner (and possibly take a shot),...
OpenWifiPass – An Open Source Implementation Of Apple’s Wi-Fi Password Sharing Protocol In Python
An open source implementation of the grantor role in Apple's Wi-Fi Password Sharing protocol. DisclaimerOpenWifiPass is experimental software and is...
Data Breach: Turkish legal advising company exposed over 15,000 clients
Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket....
Hackers are selling access to Biochemical systems at Oxford University Lab
Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of...
Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack
Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by...
China-linked TA413 group target Tibetan organizations
The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked...
Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS
Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine,...
North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor
North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus...
CVE-2020-11296
Summary: Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon...
CVE-2020-11194
Summary: Possible out of bound access in TA while processing a command from NS side due to improper length check...
CVE-2020-11287
Summary: Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to...
