Wp_Hunter – Static Analysis Of WordPress Plugins
Static analysis to search for vulnerabilities in Wordpress plugins. __ ____________ ___ ___ __ / / ______ / | __...
threatintel
Patch Tuesday – December 2020
We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than...
2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities
Penetration testing (“pentesting”) is the practice of simulating a criminal breach of a sensitive area in order to uncover and...
Re: Disable Windows Defender and most other 3rd party antiviruses
Posted by Exibar on Dec 08Would this not be the same as uninstalling the AV application in safemode? -----Original Message-----...
Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering
Russian citizen Alexander Vinnik was sentenced in Paris to five years in prison for money laundering and ordered to pay 100,000...
Expert discloses zero-click, wormable flaw in Microsoft Teams
Security expert disclosed technical details about a wormable, cross-platform flaw in Microsoft Teams that could allow stealth attacks. Security researcher...
Critical remote code execution fixed in PlayStation Now
Security flaws in the PlayStation Now cloud gaming Windows application allowed hackers to execute arbitrary code on Windows systems. Bug bounty...
QNAP fixed eight flaws that could allow NAS devices takeover
Network-attached storage (NAS) vendor QNAP addressed vulnerabilities that could enable attackers to take over unpatched NAS devices. The Taiwanese vendor...
DoppelPaymer ransomware gang hit Foxconn electronics giant
Electronics contract manufacturer Foxconn is the last victim of the DoppelPaymer ransomware operators that hit a Mexican facility. DoppelPaymer ransomware operators...
Cisco fixes exploitable RCEs in Cisco Security Manager
Cisco released security updates to fix multiple pre-authentication RCE flaws with public exploits affecting Cisco Security Manager. Cisco has released security updates...
Lock and Code S1Ep21: Lesson planning your school’s cybersecurity with Doug Levin
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
50 percent of schools did not prepare for secure distance learning, Labs report reveals
Education in the United States faced a crisis this year. The looming threat of the coronavirus—which spreads easily in highly-populated,...
Researchers call for a determined path to cybersecurity
Despite our continuous research efforts to detect cyberattacks and enable defense, we often feel that we, as members of a...
Disable Windows Defender and most other 3rd party antiviruses
Posted by Roberto Franceschetti on Dec 07Windows Defender and most other antivirus applications can be disabled by booting into safe...
Request for full disclosure of CVE-2020-25889 & CVE-2020-25955
Posted by krishna yadav on Dec 07Dear Team, Please find attached POC and detailed information for CVE-2020-25889 & CVE-2020-25955. For...
Baphomet – Basic Concept Of How A Ransomware Works
This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack...
Js-X-Ray – JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)
JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and...
Congrats to the winners of the 2020 December Metasploit community CTF
Thank you all that participated in the 2020 December Metasploit community CTF! The four day CTF was well received by...
NICER Protocol Deep Dive: Internet Exposure of memcached
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns
The National Security Agency (NSA) warns that Russia-linked hackers are exploiting a recently patched VMware flaw in a cyberespionage campaign. The...
US Cyber Command and Australian IWD to develop shared cyber training range
US Cyber Command and the Information Warfare Division (IWD) of the Australian Defense Force to develop a virtual cyber training...
LockBit Ransomware operators hit Swiss helicopter maker Kopter
LockBit ransomware operators have compromised the systems at the helicopter maker Kopter and published them on their darkweb leak site....
Peatix – 4,227,907 breached accounts
In January 2019, the event organising platform Peatix suffered a data breach. The incident exposed 4.2M email addresses, names and...
Facial recognition payments(Face ID) to be introduced in Moscow metro in 2021
Deputy Mayor for Transport Maxim Liksutov said that paying for public transport in Moscow using facial recognition technology (Face ID)...
