Securing Your Web App, One Robot at a Time
Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to...
The OpenSSL Project addressed three vulnerabilities
The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The...
US DoJ charges three members of the North Korea-linked Lazarus APT group
The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department...
ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams
Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift...
CVE-2021-22857
Summary: The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system...
CVE-2021-22856
Summary: The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in...
CVE-2020-36003
Summary: The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads...
CVE-2020-7848
Summary: The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
Clubhouse under scrutiny for sending data to Chinese servers
The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now...
Yandex sysadmin caught selling access to email accounts
Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had...
Lithuanian Police Investigate Leak of 110,000 User Records of CityBee
Police in Lithuania is investigating after the personal information of 110,000 individuals was leaked to an online hacker site. The...
UK Cryptocurrency Exchange EXMO Suffers a ‘Massive’ DDoS Assault
Cryptocurrency exchange EXMO, a British company was targeted in a distributed denial-of-service (DDoS) attack. As a precautionary measure company has...
The press secretary of the Russian president denied Russia’s connection with the hackers who attacked France
As the press secretary of the President of the Russian Federation noted, the report of the French special services "contains...
Trend Micro Detects Vulnerabilities in The SHAREit Program
In the SHAREit program, Trend Micro has found several vulnerabilities. The bugs may be exploited by extracting sensitive data from...
Bitcoin Surpasses $50,000 Mark For The First Time Ever
The cost of Bitcoin on Tuesday hopped above $50,000, carrying its year-to-date gain to 74%. Ongoing interest from Wall Street...
CrackerJack – Web GUI for Hashcat
Web Interface for Hashcat by Context Information Security Demo / Start Cracking in Under 5 MinutesIntroductionCrackerJack is a Web GUI...
Chimera – A (Shiny And Very Hack-Ish) PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a (shiny and ver y hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests...
Why More Teams are Shifting Security Analytics to the Cloud This Year
As the threat landscape continues to evolve in size and complexity, so does the security skills and resource gap, leaving...
Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software
French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers....
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans...
Telegram flaw could have allowed access to users secret chats
Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to...
CVE-2020-13585
Summary: An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed...
CVE-2020-13583
Summary: A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can...
