Experts warn of scanning activity for critical SAP SolMan flaw after the release of exploit
Experts warn of automated scanning activity for servers affected by a critical SAP SolMan flaw after the release of an
Read more
SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation
Microsoft’s report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware
Read more
Cisco fixed multiple flaws in Cisco SD-WAN products and Smart Software Manager Satellite Web UI
Cisco fixed multiple flaws in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against its devices.
Read more
Logic bugs found in popular apps, including Signal and FB Messenger
Flaws in popular messaging apps, such as Signal and FB Messenger allowed to force a target device to transmit audio
Read more
CVE-2021-21248
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job parameters can run arbitrary code on OneDev’s server by injecting arbitrary Groovy code. The ultimate result is in the injection of a static constructor that will run arbitrary code. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by escaping special characters such as quote from user input.
Read more
CVE-2021-1701
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.
Read more
CVE-2021-21246
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/{id}` endpoint there are no security checks enforced so it is possible to retrieve arbitrary user details including their Access Tokens! These access tokens can be used to access the API or clone code in the build spec via the HTTP(S) protocol. It has permissions to all projects accessible by the user account. This issue may lead to `Sensitive data leak` and leak the Access Token which can be used to impersonate the administrator or any other users. This issue was addressed in 4.0.3 by removing user info from restful api.
Read more
CVE-2021-21247
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application’s BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to `post-auth RCE` This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.
Read more
CVE-2021-1704
Windows Hyper-V Elevation of Privilege Vulnerability
Read more
Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems
Oracle Co-Founder Larry Ellison delivers a keynote address at the Oracle OpenWorld conference in 2006. Researchers discovered a new Internet
Read more
Zoom watermarking: pros and cons
Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often
Read more
3 Unique Procedures to Counter Money Laundering in India
The main weapon used by money launders to launder cash is bitcoin and other cryptocurrencies alternatives. India’s cryptocurrency exchanges
Read more
AnyVan 4.1 Million Users Comprised with Data-Breach
Headquartered in Hammersmith, London (UK)- AnyVan is a European online platform for the patrons to access consignment, transport, and
Read more
DMV Warns New Yorkers of Text Phishing Schemes
The New York State Department of Motor Vehicles cautioned New Yorkers of progressing text message phishing schemes. These counterfeit
Read more
Reconftw – Simple Script For Full Recon
This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go
Read more
MobileHackersWeapons – Mobile Hacker’s Weapons / A Collection Of Cool Tools Used By Mobile Hackers
A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Weapons OS Type Name Description All
Read more
You Can Now Buy (And Renew) Five More Rapid7 Products Through AWS Marketplace
Purchasing software through AWS Marketplace has to be one of the most under-appreciated perks of being an Amazon Web Services
Read more
Livecoin halted operations after the December attack
The Russian cryptocurrency exchange Livecoin has announced it is terminating its operation following the December cyberattack. The Russian cryptocurrency exchange
Read more
FireEye releases an auditing tool to detect SolarWinds hackers’ activity
Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached
Read more
Malwarebytes ‘s email systems hacked by SolarWinds attackers
Cyber security firm Malwarebytes announced that threat actor behind the SolarWinds attack also breached its network last year. Malwarebytes revealed
Read more
Raindrop, a fourth malware employed in SolarWinds attacks
The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts
Read more
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
Read more
CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Read more
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=”null” (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
Read more