Security Affairs newsletter Round 330
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Major IPS in New Zealand hit by massive DDoS, Internet outages reported
A massive DDoS hit New Zealand ‘s third-largest internet operator isolating parts of the country from the Internet. A massive...
SEC warns of investment scams related to Hurricane Ida
The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and...
CVE-2021-33007
Summary: A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted...
CVE-2021-33007
Summary: A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted...
CVE-2021-33019
Summary: A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a...
CVE-2021-33019
Summary: A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a...
CVE-2021-39375
Summary: Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Reference Links(if available):...
CVE-2021-39375
Summary: Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Reference Links(if available):...
CVE-2021-27556
Summary: The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code...
CVE-2021-39371
Summary: An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application...
Critical Flaws in NPM Package Patched by Node.js Developers
Node.js maintainers have launched a major update to the npm package "tar" (aka node-tar) that resolves five critical safety flaws,...
Vulnerabilities Found In Moxa Railway Devices, Can Cause Disruption
Railway and other wireless communication devices developed by Moxa have been affected by 6p vulnerabilities. Moxa is a Taiwan based...
WordPress Sites Affected by Bugs in Gutenberg Template Library and Redux Framework
The Gutenberg Template Library & Redux Framework plugin for WordPress, which is deployed on over 1 million websites, has two...
QakBot (QBot) Campaign: A thorough Analysis
Trojan-Banker QakBot, also known by the names - QBot, QuackBot, and Pinkslipbot, is a modular information stealer that has been...
Autodesk Disclosed it was Targeted in SolarWinds Hack
Autodesk has disclosed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain assault,...
AVOS Locker Ransomware Victim: Pacific City Bank
AvosLocker Ransomware SummaryVictim Name: Pacific City BankPacific City Bank suffered a breach and this is a sample of the files...
Bugs-feed – A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities…
Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented...
Zuthaka – An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools
A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal...
LockBit 2.0 Ransomware Victim: autohausdaehn[.]de
LockBit 2.0 Ransomware NOTE: The information on this page is automated and scraped directly from the LockBit 2.0 Onion Dark...
Apple will delay the rollout of new child pornography protection tools
Apple will delay the introduction of its new child pornography protection tools due to a heated debate raised by privacy...
FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads
FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat...
Source code for the Babuk is available on a hacking forum
The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor...
USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw
USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the...
