Grayfly APT uses recently discovered Sidewalk backdoor
Security researchers from Broadcom’s Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. Experts from Broadcom’s Symantec linked...
Experts confirmed that the networks of the United Nations were hacked earlier this year
The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first...
International money launderer sentenced to more than 11 years
A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions...
A new botnet named Mēris is behind massive DDoS attack that hit Yandex
The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked...
CVE-2021-29631
Summary: In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE...
CVE-2021-35062
Summary: A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token...
CVE-2021-39373
Summary: Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte,...
CVE-2021-29630
Summary: In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE...
CVE-2021-39371
Summary: An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application...
500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords
A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices....
Yandex was subjected to the largest DDoS attack in the history of the Runet
Last weekend, the largest DDoS attack in the history of the Runet was carried out on the company's servers. The...
Experts Find Kurdish Espionage Campaign Active on Facebook
Experts at ESET have probed a targeted espionage mobile campaign towards the Kurdish ethnic group, the campaign is in action...
Microsoft Office Users Targeted in a New Zero-Day Attack
Microsoft issued a warning to Windows users on Tuesday that attackers are actively exploiting an unpatched remote execution zero-day vulnerability...
McDonald’s Password for the Monopoly VIP Database Leaked
The fast-food chain McDonald's mistakenly sent out emails with login credentials associated with a database for its Monopoly VIP game. McDonald's...
Millions Of Indonesians Personal Information Leaked Over a Data Breach
In their COVID-19 test-and-trace application, Indonesia investigated a probable security vulnerability that left 1.3 million individuals' data and health status...
Threat landscape for industrial automation systems in H1 2021
The H1 2021 ICS threat report at a glance Percentage of ICS computers attacked During the first half of 2021...
Owt – The Most Compact WiFi Auditing Tool That Works On Command Line Linux
This tool compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface....
Graphw00F – GraphQL fingerprinting tool for GQL endpoints
Credits to Nick Aleks for the logo!How does it work?graphw00f (inspired by wafw00f) is the GraphQL fingerprinting tool for GQL...
Millions of Microsoft web servers powered by vulnerable legacy software
CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet...
TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide
The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers...
Yandex is under the largest DDoS attack in the history of Runet
The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week. The Russian...
Zoho warns of zero-day authentication bypass flaw actively exploited
Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the...
Personal information of 7 million Israelis available for sale
A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million...
Groove gang leaks list of 500k credentials of compromised Fortinet appliances
Groove gang leaked online Fortinet credentials that could be used to breach networks of organizations using the compromised devices. The financially...
