CVE-2021-39893
Summary: A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. Reference...
CVE-2021-3749
Summary: axios is vulnerable to Inefficient Regular Expression Complexity Reference Links(if available): https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E CVSS Score (if...
CVE-2021-36160
Summary: A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue...
Security expert published NMAP script for Apache CVE-2021-41773 vulnerability
Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security...
Sky.com servers exposed via misconfiguration
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ https://cybernews.com/news/sky-com-servers-exposed-via-misconfiguration/ CyberNews...
AF-ShellHunter – Auto Shell Lookup
AF-ShellHunter: Auto shell lookupAF-ShellHunter its a script designed to automate the search of WebShell's in AF TeamHow topip3 install -r...
Cox Media Group took down broadcasts after a ransomware attack
American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio...
Hacktoberfest 2021
It’s that time of year again! This means it’s the season for Halloween, Oktoberfest, and HACKTOBERFEST! So what is Hacktoberfest?...
Firefox reveals sponsored ad “suggestions” in search and address bar
Mozilla is trying a novel experiment into striking a balance between ad revenue generation and privacy protection by implementing a...
58% of all nation-state attacks in the last year were launched by Russian nation-state actors
Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft...
Viper – Intranet Pentesting Tool With Webui
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process...
At long last, Microsoft is disabling Excel 4.0 macros by default
Sometimes good news in the security world comes unexpectedly. This is one of those times. After three decades of macro...
CVE-2021-39226
Summary: Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view...
CVE-2021-33600
Summary: A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because...
CVE-2021-33601
Summary: A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings...
CVE-2017-18640
Summary: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. Reference...
CVE-2021-37274
Summary: Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights...
The Netherlands declares war on ransomware operations
The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services...
Covert-Tube – Youtube As Covert-Channel – Control Systems Remotely And Execute Commands By Uploading Videos To Youtube
A program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener,...
Making better cybersecurity training: Q&A with Malwarebytes expert Kelsey Prichard
If you hadn’t noticed by now, we are in the first week of National Cybersecurity Awareness Month, which, according to...
CVE-2021-1810 – Apple / Multiple – Unspecified
Summary: CVE-2021-1810 is an unspecified vulnerability impacting Apple macOS Big Sur versions 11.2.3 and earlier and Apple macOS Catalina. A...
Google warns of APT28 attack attempts against 14,000 Gmail users
Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google...
Discord scammers lure victims with promise of free Nitro subscriptions
A number of bogus offers are doing the rounds in Discord land at the moment. Discord, a group text chat/VoiP...
GnuPG fixes a problem with Let’s Encrypt certificate chain validation
Despite advance warnings that a root certificate provided by Let’s Encrypt would expire on September 30, users reported issues with...
