CVE-2021-24190
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2,...
CVE-2021-32918
Summary: An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via...
CVE-2021-32919
Summary: An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for...
CVE-2021-32920
Summary: Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Reference Links(if available): https://blog.prosody.im/prosody-0.11.9-released/ http://www.openwall.com/lists/oss-security/2021/05/13/1...
Yam – 13,258,797 breached accounts
In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in...
Livpure – 269,552 breached accounts
In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270...
DarkSide Affiliates Claim Gang’s Bitcoin Deposit
Multiple associates have protested about not being charged for past services since the DarkSide ransomware operation was shut down a...
Experts reported a twofold increase in the activity of ransomware hackers in Russia
The authors of the study called the growth "staggering." Since the beginning of April, experts have been monitoring ransomware attacks...
Scammers Employ ‘Vishing’ Technique to Steal Personal Details of Online Shoppers
Scammers are using a unique methodology called ‘vishing’ to trick online customers. In a vishing attack, the fraudster impersonates someone...
Cyber Attackers Hijacked Google and Microsoft Services for Malicious Phishing Emails
Over recent months, the cybersecurity industry has seen a huge increase in malicious attackers exploiting the networks of Microsoft and...
Blind SQL Injection Flaw in WP Statistics Affected 600K+ Sites
According to researchers from Wordfence Threat Intelligence, WP Statistics has a Time-Based Blind SQL Injection vulnerability which is a WordPress...
DivideAndScan – Divide Full Port Scan Results And Use It For Targeted Nmap Runs
Divide Et Impera And Scan (and also merge the scan results) DivideAndScan is used to efficiently automate port scanning routine...
AutoPentest-DRL – Automated Penetration Testing Using Deep Reinforcement Learning
AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. The framework determines the most appropriate...
Insurance giant CNA Financial paid a $40 million ransom
The US insurance giant CNA Financial reportedly paid a $40 million ransom to restore access to its files following a...
Bitcoins of DarkSide ransomware gang still locked in hacker forum’s escrow
After DarkSide ransomware gang shut down operations, multiple affiliates have complained about not receiving the payments for successful breaches. The...
Microsoft SimuLand, an open-source lab environment to simulate attack scenarios
Microsoft released SimuLand, an open-source tool that can be used to build lab environments to simulate attacks and verify their...
STRRAT RAT spreads masquerading as ransomware
Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence...
CVE-2021-23009
Summary: On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which...
CVE-2020-28393
Summary: An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires...
CVE-2021-27383
Summary: SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a denial-of-service condition...
CVE-2021-27385
Summary: A remote attacker could send specially crafted packets to a SmartVNC device layout handler on the client side, which...
CVE-2019-3818
Summary: The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations,...
EMLRender
Introduction Sometimes, while investigating incident implying emails, you can get a copy of the original message in EML format. Reading an EML...
Daily Quiz – 8,032,404 breached accounts
In January 2021, the quiz website Daily Quiz suffered a data breach that exposed over 8 million unique email addresses....
