Google Issues a Warning about Spectre Attacks using JavaScript
It's been over a long time since researchers uncovered a couple of security vulnerabilities, known as Spectre and Meltdown, that...
Russian search engine will be required to be installed in the browser on smartphones
The authorities plan to oblige manufacturers of smartphones and tablets to install domestic search engines by default in the browser....
IBM X-Force Publishes a List of Top 10 Cybersecurity Vulnerabilities of 2020
The severity of cyber-attacks has grown over the past year especially during the global pandemic. Threat actors are looking for...
“Netbounce” Threat Actor Tries to Evade Detection
On the 12th of February, FortiGuard Labs got a solicitation through email from an individual representing an organization called Packity...
Twitter Ads used by Scammers to Promote Fake Cryptocurrency
One must pay attention to all Twitter advertisements that propagate all kinds of the falsified cryptocurrency scam. Tweeters can "promote"...
COVID-19: Examining the threat landscape a year later
A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world...
Confused – Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems
A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt,...
DLLHSC – DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking
DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order HijackingContents...
ProxyLogon Microsoft Exchange exploit is completely out of the bag by now
A security researcher released a new PoC exploit for ProxyLogon issues that could be adapted to install web shells on...
NCSC is not aware of ransomware attacks compromising UK orgs through Microsoft Exchange bugs
The UK’s National Cyber Security Centre (NCSC) urges UK organizations to install the patches for the recently disclosed vulnerabilities in...
Google fixes the third actively exploited Chrome 0-Day since January
Google has addressed a new zero-day flaw in its Chrome browser that has been actively exploited in the wild, the...
CVE-2021-20253
Summary: A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to...
CVE-2021-26862
Summary: Windows Installer Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862 https://www.zerodayinitiative.com/advisories/ZDI-21-285/ CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:C/I:C/A:C v3:...
CVE-2021-26862
Summary: Windows Installer Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862 https://www.zerodayinitiative.com/advisories/ZDI-21-285/ CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:C/I:C/A:C v3:...
CVE-2021-26866
Summary: Windows Update Service Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26866 https://www.zerodayinitiative.com/advisories/ZDI-21-286/ CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P...
CVE-2021-0369
Summary: In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI...
CVE-2020-1921
Summary: In the crypt function, we attempt to null terminate a buffer using the size of the input salt without...
Experts have found vulnerabilities in thousands of surveillance cameras in Russia
More than 6,000 surveillance cameras in Russia are open to the public, some of them are located at industrial enterprises...
ZHtrap, the Latest Malware to Install Honeypots on Devices to Identify More Targets
The security researchers at 360 Netlab have discovered a new botnet that is targeting and converting the infected routers, DVRs,...
WeLeakInfo’s Customer Records Leaked
WeLeakInfo.com was an information breach notification service that was permitting its clients to check if their credentials have been compromised...
A Trio of Vulnerabilities in the Linux Kernel Can Give Attackers Root Privileges
Linux kernel distributions appear explicitly susceptible to recently uncovered vulnerabilities. In the iSCSI module, which is used for viewing shared...
Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE
Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote...
Security Affairs newsletter Round 305
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Google releases Spectre PoC code exploit for Chrome browser
Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google...
