RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries
RockYou2021, the largest password compilation of all time has been leaked on a popular hacker forum, it contains 8.4 billion...
Siloscape, first known malware that drops a backdoor into Kubernetes clusters
Siloscape is a new strain of malware that targets Windows Server containers to execute code on the underlying node and...
CVE-2021-31525
Summary: net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic)...
CVE-2016-20011
Summary: libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents...
CVE-2018-6383
Summary: Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not...
CVE-2021-22908
Summary: A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges...
CVE-2021-28676
Summary: An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block...
New Siloscape malware targets Windows containers and highlights security pitfalls
A visitor photographs a symbol of a cloud at the Deutsche Telekom stand the day before the CeBIT technology trade...
DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime
The US Department of Justice announced Monday that it recovered much of the ransomware payment that Colonial Pipeline paid to...
Can two VPN “wrongs” make a right? Lock and Code S02E10
This week on Lock and Code, we’re presenting you something a little different. We’re telling you a story—with no guest...
White hat, black hat, grey hat hackers: What’s the difference?
When you think of the world of ethical hackers (white hat), malicious hackers (black hat), and hackers that flirt with...
Amazon Sidewalk starts sharing your WiFi tomorrow, thanks
Amazon smart device owners only have until June 8 to opt out of a new program that will group their...
Ukraine Suspects Russia Behind a Spear Phishing Campaign
Three of the many Ukrainian cybersecurity organizations – the Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine - cautioned...
Hackers Target American Retail Businesses, FINRA Scolds Brokerage Firms
Besides the American corporations facing threats from overwhelming cyberattacks, American retail businesses are also struggling to fight against the rise...
Geneva: The Hot Topic For the Meeting Between US and Russian President
President Joe Biden will meet in person for the first time since taking office with Russian President Vladimir Putin in...
Facebook Under Investigation by EU and UK Competition Watchdogs
Competition authorities in the United Kingdom and Europe are looking into Facebook's use of advertising data to obtain an unfair...
Cisco Discovers High-Severity Flaws in its Software
The IT and networking giant Cisco has outlined multiple vulnerabilities in its Webex, SD-WAN, and ASR 5000 devices, that could...
Gootkit: the cautious Trojan
Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially it...
Totp-Ssh-Fluxer – Take Security By Obscurity To The Next Level (This Is A Bad Idea, Don’T Really Use This Please)
Some people change their SSH port on their servers so that it is slightly harder to find for bots or...
RedWarden – Flexible CobaltStrike Malleable Redirector
RedWarden - Flexible CobaltStrike Malleable Redirector(previously known as proxy2's malleable_redirector plugin) Let's raise the bar in C2 redirectors IR resiliency,...
Russia behind a massive spear-phishing campaign that hit Ukraine
Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. Three...
Experts found an RCE vulnerability in QNAP Q’center
Researchers at cybersecurity firm Shielder discovered a remote code execution on QNAP Q’center through a manipulated QPKG installation package. Researchers...
Russian cybercrime forums launch contests for cryptocurrency hacks
Cybercriminals in Russian underground forums have been invited to take part in competitions for hacking cryptocurrency and NFT. Several Russian...
CVE-2020-11993
Summary: Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic...
