Mariana Trench – Security Focused Static Analysis Tool For Android And Java Applications
Mariana Trench is a security focused The issue tells you that Mariana Trench found a remote code execution in MainActivity.onCreate...
hacking
Belgian defense ministry hit by cyberattack exploiting Log4Shell bug
The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The...
Alleged APT implanted a backdoor in the network of a US federal agency
An alleged APT group planted a backdoor in the network of a U.S. federal government commission associated with international rights....
log4j-scan – A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts
A fully automated, accurate, and extensive scanner for finding DescriptionWe have been researching the Log4J RCE (CVE-2021-44228) since it was...
A new attack vector exploits the Log4Shell vulnerability on servers locally
Security researchers devised a new attack vector exploiting the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection....
Log4J-Detector – Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046
Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046. It is able to...
Clop ransomware gang is leaking confidential data from the UK police
Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim...
Security Affairs newsletter Round 345
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks
The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. Researchers from...
Western Digital customers have to update their My Cloud devices to latest firmware version
My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud...
Apache releases the third patch to address a new Log4j flaw
Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the...
1.8 Million customers of four sports gear sites impacted by credit cards breach
A cyber attack hit four affiliated online sports gear sites and resulted in the theft of credit cards for 1,813,224...
Conti ransomware gang exploits Log4Shell bug in its operations
The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is...
VMware fixes critical SSRF flaw in Workspace ONE UEM Console
VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. VMware has addressed...
Phorpiex botnet is back, in 2021 it $500K worth of crypto assets
Experts reported the resurgence of the Phorpiex botnet, in one year it allowed to steal crypto assets worth of half...
PseudoManuscrypt, a mysterious massive cyber espionage campaign
Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky...
Flaws in Lenovo laptops allow escalating to admin privileges
The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin...
While attackers begin exploiting a second Log4j flaw, a third one emerges
Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web...
Multiple Nation-State actors are exploiting Log4Shell flaw
Nation-state actors from China, Iran, North Korea, and Turkey are attempting to exploit the Log4Shell vulnerability to in attacks in the wild....
Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials
Threat actors are using a malicious Internet Information Services (IIS) Server module, dubbed Owowa, to steal Microsoft Exchange credentials. Kaspersky...
FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine
While investigating a data breach suffered by a healthcare organization, FBI accidentally revealed that it believes that the HelloKitty ransomware...
Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day
Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. Microsoft December 2021 Patch Tuesday...
Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia
Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. Iran-linked APT...
DHS announces its ‘Hack DHS’ bug bounty program
The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems....
