Security Affairs newsletter Round 310
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Security
Is BazarLoader malware linked to Trickbot operators?
Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers...
Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model
Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before...
Database containing e-mail addresses of Navalny’s supporters leaked onto the Internet
Navalny's team is now investigating and identifying the source of the leak. The team assured them that they did not...
The United States imposes sanctions against 25 Russian companies for cyber attacks and Crimea
On 15 April, the US Treasury Department put 25 Russian companies, six of which are IT companies, on its sanctions...
Online Learning of University of Hertfordshire Disrupted Due to a Major Cyber-Attack
By now it's a well-known fact that most of the students are relying on online learning and video-conferencing apps due...
IBM: Flags More Cyber Attacks on COVID-19 Vaccine Infrastructure
On Wednesday, IBM reported that its cyber-security unit has discovered more digital attacks targeting the global COVID-19 vaccine supply chain...
Crypto Lending Service, Celsius Suffers Third Party Data Breach
Cryptocurrency rewards portal, Celsius has witnessed a data breach, with the personal details of its clients disclosed by a third-party...
Sish – HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH
An open source serveo/ngrok alternative.DeployBuilds are made automatically for each commit to the repo and are pushed to Dockerhub. Builds...
Android-PIN-Bruteforce – Unlock An Android Phone (Or Device) By Bruteforcing The Lockscreen PIN
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN...
6 out of 11 EU agencies running Solarwinds Orion software were hacked
SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed. European Commissioner for...
Critical RCE can allow attackers to compromise Juniper Networks devices
Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable...
Shady scam bots trick Omegle users into nonconsensual video sex recordings
14-year old Michael (not his real name) from Scandinavia first visited Omegle, the video online chat that has become hugely...
Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have...
Deepfakes were going to change everything. And then they didn’t
For much of 2020, the most visible conversation about the US election and tech was related to deepfakes (images or...
U.S. Agencies Warns of Russian APT Operators Exploiting Five Publicly Known Vulnerabilities
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly...
ParkMobile Data Breach: 21Million User Data Exposed
Due to a data breach, the account details of 21 million customers of ParkMobile, a prominent mobile parking app in...
643GB of Customer Information Exposed in a Data Breach Suffered by Bizongo
The issue of data fraud has been on a rapid rise, as of late, and evidently so as data breaches...
University of Hertfordshire Hit by Cyberattack
The University of Hertfordshire has become the most recent victim of a spate of digital assaults against academic institutions after...
IRTriage – Incident Response Triage – Windows Evidence Collection For Forensic Analysis
Scripted collection of system information valuable to a Forensic Analyst. IRTriage will automatically "Run As ADMINISTRATOR" in all Windows versions...
PentestBro – Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool
Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses...
Russia-linked APT SVR actively targets these 5 flaws
The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The...
Mirai code re-use in Gafgyt
Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt,”some of them re-used Mirai code. ...
Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto
Group-IB observed the North Korea-linked Lazarus APT group stealing cryptocurrency using a never-before-seen tool. In the last five years, JavaScript...
