New ransomware group Hive leaks Altus group sample files
On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang...
Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable
CyberNews researchers analyzed the recently discovered Epsilon Red operations and found that more than 3.5K servers are still vulnerable Several...
Marketo Marketplace – Cybercriminals are targeting major law firms
Cybercriminals published for sale in Dark Web 58GB of data stolen from Hollingsworth LLP. One of the emerging underground marketplaces...
Hackers exploit 3-years old flaw to wipe Western Digital devices
Threat actors are wiping many Western Digital (WD) My Book Live and My Book Live Duo NAS devices likely exploiting...
CVE-2021-22212
Summary: ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters....
CVE-2021-28041
Summary: ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such...
CVE-2021-34551
Summary: PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname....
CVE-2021-3603
Summary: PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is...
CVE-2021-22543
Summary: An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks...
Western Digital: Disconnect My Book Live drives immediately
Hackers appeared to be taking advantage of a vulnerability first published in 2019. Western Digital stopped supporting My Live drives...
Russian Foreign Ministry accused the United States of trying to win back the summit agreements on cybersecurity
According to the Russian Foreign Ministry, the words of White House spokesman Jen Psaki that the United States does not...
500 Organizations Affected Via Security Flaw in AWS Route53
Earlier this year in January 2021, Cloud security researchers from Wiz.io accidentally uncovered a ‘novel’ class of Domain Name Service...
Cl0p Ransomware Group Announces New Victim After Police Arrest
The renowned Cl0p ransomware operation appears to be back in business, just days after Ukrainian police arrested six alleged members...
Ursnif Banking Trojan is Back in Italy
The banking trojan 'Ursnif' (aka 'Gozi') is back in business in Italy, targeting a large range of banking users with...
BlobHunter – Find Exposed Data In Azure With This Public Blob Scanner
An opensource tool for scanning Azure blob storage accounts for publicly opened blobs. BlobHunter is a part of "Hunting Azure...
RomBuster – A Router Exploitation Tool That Allows To Disclosure Network Router Admin Password
RomBuster is a router exploitation tool that allows to disclosure network router admin password. FeaturesExploits vulnerabilities in most popular routers...
Flaws in FortiWeb WAF expose Fortinet devices to remote hack
Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote...
Clop gang members recently arrested laundered over $500M in payments
The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors. The members of...
Flaws in Dell BIOSConnect feature affect 128 device models
Flaws affecting the BIOSConnect feature of Dell Client BIOS could be exploited by a privileged attacker to execute arbitrary code...
CVE-2021-29966
Summary: Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption...
CVE-2021-29967
Summary: Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed...
CVE-2021-0548
Summary: In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This...
CVE-2021-31586
Summary: Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. Reference Links(if available): https://github.com/accellion/CVEs...
CVE-2021-32621
Summary: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions...
