Viper – Intranet Pentesting Tool With Webui
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process...
At long last, Microsoft is disabling Excel 4.0 macros by default
Sometimes good news in the security world comes unexpectedly. This is one of those times. After three decades of macro...
CVE-2021-39226
Summary: Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view...
CVE-2021-33600
Summary: A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because...
CVE-2021-33601
Summary: A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings...
CVE-2017-18640
Summary: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. Reference...
CVE-2021-37274
Summary: Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights...
The Netherlands declares war on ransomware operations
The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services...
Covert-Tube – Youtube As Covert-Channel – Control Systems Remotely And Execute Commands By Uploading Videos To Youtube
A program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener,...
Making better cybersecurity training: Q&A with Malwarebytes expert Kelsey Prichard
If you hadn’t noticed by now, we are in the first week of National Cybersecurity Awareness Month, which, according to...
CVE-2021-1810 – Apple / Multiple – Unspecified
Summary: CVE-2021-1810 is an unspecified vulnerability impacting Apple macOS Big Sur versions 11.2.3 and earlier and Apple macOS Catalina. A...
Google warns of APT28 attack attempts against 14,000 Gmail users
Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google...
Discord scammers lure victims with promise of free Nitro subscriptions
A number of bogus offers are doing the rounds in Discord land at the moment. Discord, a group text chat/VoiP...
GnuPG fixes a problem with Let’s Encrypt certificate chain validation
Despite advance warnings that a root certificate provided by Let’s Encrypt would expire on September 30, users reported issues with...
Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw
Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in...
Ransomware in the CIS
Introduction These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. In 2020–2021, with the outbreak...
FIN12 ransomware gang don’t implement double extortion to prioritize speed
Researchers detailed the activities of the FIN12 ransomware group that earned million of dollars over the past years. Researchers from...
Attack-Surface-Framework – Tool To Discover External And Internal Network Attack Surface
ASF aims to protect organizations acting as an attack surface watchdog, provided an “Object” which might be a: Domain, IP...
US Navy ship Facebook page hijacked to stream video games
The official Facebook page of the US Navy’s destroyer-class warship, USS Kidd, has been hijacked. According to Task & Purpose,...
PoC exploit for 2 flaws in Dahua cameras leaked online
A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to...
CVE-2021-39836
Summary: Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free...
CVE-2021-1565
Summary: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software...
CVE-2021-37273
Summary: A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway...
CVE-2021-36297
Summary: SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary...
