Threatspec – Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat...
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, 2021, the Microsoft Threat Intelligence Center (MSTIC) released details on an active state-sponsored threat campaign exploiting four...
IAM Never Gonna Give You Up, Never Gonna Breach Your Cloud
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw
A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any...
Attackers took over the Perl.com domain in September 2020
The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of...
Four zero-days in Microsoft Exchange actively exploited in the wild
Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Microsoft has released...
Google fixes Critical Remote Code Execution issue in Android System component
Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in...
Pwn20wnd released the unc0ver v 6.0 jailbreaking tool
The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every...
CVE-2021-24069
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069...
CVE-2021-24069
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069...
CVE-2021-24069
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069...
CVE-2021-24069
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24070. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069...
CVE-2021-24068
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24069, CVE-2021-24070. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068...
CVE-2021-24068
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24069, CVE-2021-24070. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068...
CVE-2021-21157
Summary: Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to...
CVE-2021-1227
Summary: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a...
CVE-2020-8032
Summary: A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to...
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange 0-day
Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in...
Ryuk ransomware develops worm-like capability
The French government’s computer emergency readiness team, that’s part of the National Cybersecurity Agency of France, or ANSSI, has discovered...
Remote Working Susceptible to Data Risks, 83% of Organizations at Suffer Email Breaches
As per the report by Egress, 95% of cybersecurity experts believe company and client data in e-mails is at risk....
Data Analytics Agency Polecat Held To Ransom After Server Exposed 30TB Of Records
On October 29, 2020, the Wizcase CyberResearch Team which was lead by Ata Hakcil has discovered that the server ‘Elasticsearch’...
Data of 21 Million VPN Users Leaked Online
Security experts from Cybernews have discovered a massive data breach which is directly linked to the millions of VPN user....
Google Voice Disruption Caused by Expired TLS Certificates
Google has affirmed that a Google Voice malfunction that had impacted the majority of telephone service users this month was...
Database of 21 million users of popular VPN services leaked
The database contains email addresses, passwords and usernames of Russian users. This information can be used by hackers to obtain...
