CVE-2018-8172
Summary: A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup...
Twitter says it out loud: Removing anonymity will not stop online abuse
An investigation by Twitter into racist tweets levied against three Black players on the English football team following the national...
If a QR code leads you to a Bitcoin ATM at a gas station, it’s a scam
Rogue QR code antics have been back in the news recently. They’re not exactly a mainstay of fakery, but they...
Thief pulls off colossal, $600m crypto-robbery …and gives the money back
The largest crypto-robbery in history is rapidly turning into the most bizarre as well. Let’s start at the beginning… In...
PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday
The sheer number of patches (44 security vulnerabilities) should be enough to scare us, but unfortunately we have gotten used...
Cinobi Banking Malware Targets Japanese Cryptocurrency Exchange Users via Malvertising Campaign
Researchers at Trend Micro discovered a new social engineering-based malvertising campaign targeting Japanese users with a malicious application disguised as...
Android Malware ‘FlyTrap’ Hacks Facebook Accounts
A new Android trojan has been discovered to breach the Facebook accounts of over 10,000 people in at least 144...
IISpy: Installs Backdoor on Microsoft’s Web Server Software
Cybersecurity investigators have detected malware that could deploy backdoor Internet Information Services (IIS) on Microsoft's Web server software. Labeled IISpy,...
FBI Told Congress That Ransomware Payments Shouldn’t be Prohibited
After meeting with the business sector and cybersecurity experts, the Biden administration backed away from the concept of barring ransomware...
Wsh – Web Shell Generator And Command Line Interface
wsh (pronounced woosh) is a web shell generator and command line interface. This started off as just an http client...
Jarm – Active Transport Layer Security (TLS) server fingerprinting tool
Please read the initial JARM blog post for more information. JARM is an active Transport Layer Security (TLS) server fingerprinting...
Adobe fixes critical flaws in Magento, patch it immediately
Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect. Adobe security...
Microsoft patch Tuesday security updates fix PrintNightmare flaws
Microsoft released patch Tuesday security updates for August that address 120 CVEs in Microsoft products including a zero-day actively exploited...
$611 million stolen in Poly Network cross-chain hack
The cross-chain protocol Poly Network has been hacked, threat actors stole $611 million making this hack the largest DeFi hack to...
CVE-2021-21866
Summary: A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17....
CVE-2020-13962
Summary: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue,...
CVE-2021-27943
Summary: The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable...
CVE-2021-34628
Summary: The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in...
CVE-2021-34632
Summary: The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php...
Check your passwords! Synology NAS devices under attack from StealthWorker
Synology PSIRT (Product Security Incident Response Team) has put out a warning that it has recently seen and received reports...
Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business
Last week, The Record broke the news that a self-described “pen tester” for the infamous Conti ransomware gang, who goes...
Researchers Reveal DBREACH as New Attack Against Databases
In reference to the past record, many organizations have observed that databases are critical applications for any organization, which give...
Credential Leak Detection Device Scrapesy Limits Incident of Data Breaches
Red team analysts at Standard Industries, have designed an open-source device to assist organizations to detect incidents of the data...
Black Hat 2021: Zero-days, Ransoms and Supply Chains
During Black Hat 2021, Corellium COO Matt Tait warned that the amount of zero-days exploited in the open is "off...
