CVE-2020-23960
Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform...
CVE-2021-25440
Summary: Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an...
CVE-2020-24036
Summary: PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote...
CVE-2021-32740
Summary: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource...
CVE-2021-28931
Summary: Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes...
Experts discussed how to fight cyberbullying on children at Cyber Polygon 2021
At the international online cybersecurity training Cyber Polygon 2021, organized by BI.ZONE, Stanislav Kuznetsov, Deputy Chairman of Sberbank, and Henrietta...
Chinese Hackers Target Taiwanese Telecom Firms
The Insikt Group, the intelligence research department of the US network security consulting firm Recorded Future, published a report on...
Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign
A sophisticated campaign aimed at big multinational oil and gas firms has been running for more than a year, spreading...
Job Seeking Engineers Have Become Lazarus Gang’s New Target
Amid operations sending malicious documentation to work-seekers, the renowned group Lazarus advanced persistent threat (APT) has been identified. In this...
After a Ransomware Attack, CNA Reports a Data Breach
Following a Phoenix CryptoLocker ransomware attack in March, CNA Financial Corporation, a leading US-based insurance firm, is notifying clients of...
RemotePotato0 – Just Another “Won’t Fix” Windows Privilege Escalation From User To Domain Admin
Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to...
JWTweak – Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm
With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that,...
Hackers accessed Mint Mobile subscribers’ data and ported some numbers
Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers. Mint...
Security Affairs newsletter Round 322
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Iran’s railroad system was hit by a cyberattack, hackers posted fake delay messages
Iran’s railroad system was hit by a cyberattack, hackers posted fake messages about delays or cancellations of the trains on...
CVE-2020-25868
Summary: Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can...
CVE-2020-24144
Summary: Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to...
CVE-2021-34620
Summary: The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site...
CVE-2021-21807
Summary: An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file...
CVE-2021-21775
Summary: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A...
Are Online Brands Prioritizing Speed Over Security? Here’s a Quick Look
Concern over online security has risen significantly in recent times. According to research published by Trulioo, consumers around the world...
Online Support Agents Being Targeted Through Live Chat Platforms
Phishing scammers are pretending to be customers contact live-chat assistance agents with fake issues, making them open infected files, says...
Millions of Login Credentials Stolen By an ‘Unnamed Malware’
Cybersecurity researchers from Nord Security have unearthed a new set of Trojan-type malware that has exploited over three million Windows...
Email Fatigue Elevates Cyber Crime Rates
According to research, email is indeed the most preferred medium of communication by almost 86 percent of professionals. Whilst the...
