DoJ: Investigations into ransomware attacks must have similar priority as terrorism
The U.S. Department of Justice was to assign investigation on ransomware attacks the same priority as terrorism in the wake...
US CISA published a guide to better use the MITRE ATT&CK framework
The U.S. CISA announced the availability of a new guide for cyber threat intelligence experts on the use of the...
Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE
Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware....
Necro Python bot now enhanced with new VMWare, server exploits
Operators behind the Necro Python botnet have added new features to their bot, including VMWare and server exploits. Experts from...
CVE-2015-5232
Summary: Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. Reference Links(if available): https://github.com/01org/opa-fm/commit/c5759e7b76f5bf844be6c6641cc1b356bbc83869 https://github.com/01org/opa-fm/commit/5f4087aabb5d03c42738b320af0fc60e9df4d1f7 https://github.com/01org/opa-ff/commit/080ab97461d80a01636f77ba6aecc667c3c0087c https://bugzilla.redhat.com/show_bug.cgi?id=1257098 http://www.openwall.com/lists/oss-security/2015/09/22/17 CVSS...
CVE-2021-33623
Summary: The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service...
CVE-2021-33587
Summary: The css-what package before 5.0.1 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to...
CVE-2021-33558
Summary: Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html,...
CVE-2021-22359
Summary: There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker...
Security pros agree about threats—convincing everyone else is the problem
How about that Colonial Pipeline? As troubling as this event may be, for those of us working in the world of...
Ransomware to be investigated like terrorism
The impact of recent ransomware attacks on vital infrastructure in the US has triggered a reaction from the US Attorney’s...
Ex-SEC Enforcer: Crypto Investors are Enabling Hackers
The founder of the Securities and Exchange Commission's internet enforcement bureau warned Thursday that investors in bitcoin and other digital...
Furniture Village Hit by a Week-Long Cyber Attack
Customers have been left 'with nothing to sit on' and unable to pay while waiting for sofas, beds, and tables...
What is Email Spoofing? How Hackers Impersonate Legitimate Senders
Email spoofing is easily the most commonly employed way by threat actors for initiating phishing and spam attacks. Normally, hackers...
Vulnerabilties Found in Realtek Module
A new type of severe rated vulnerabilities has been revealed in the Realtek RTL8170C Wi-Fi module. A hacker could exploit...
FujiFilm Shuts Down Network Following Ransomware Attack
Japanese multinational conglomerate FujiFilm, headquartered in Tokyo suffered a ransomware attack on Tuesday night. The company has shut down portions...
Metarget – Framework Providing Automatic Constructions Of Vulnerable Infrastructures
1 IntroductionMetarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated...
Penglab – Abuse Of Google Colab For Cracking Hashes
Abuse of Google Colab for fun and profit. What is it ?Penglab is a ready-to-install setup on Google Colab for...
China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day
China-linked APT breached New York City’s Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. China-linked threat...
The dark web index 2021, report
PrivacyAffairs released the Dark Web Index 2021, the document provides the prices for illegal services/products available in the black marketplaces....
Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS
Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724, that impacts macOS, iOS and iPadOS....
Cisco fixes High-severity issues in Webex, SD-WAN, ASR 5000 software
Cisco addressed multiple security flaws, including high-severity vulnerabilities, in Webex Player, SD-WAN software, and ASR 5000 series software. Cisco has...
CVE-2020-4300
Summary: IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML...
CVE-2021-22734
Summary: Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could...
