CISA releases CHIRP, a tool to detect SolarWinds malicious activity
US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises...
Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft
Department of Justice announced that Swiss hacker Till Kottmann, 21, has been indicted for conspiracy, wire fraud, and aggravated identity...
Security Affairs newsletter Round 306
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Microsoft Defender can now protect servers against ProxyLogon attacks
Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now protects users against attacks exploiting Exchange Server vulnerabilities....
A threat actor exploited 11 zero-day flaws in 2020 campaigns
A hacking group has employed at least 11 zero-day flaws as part of an operation that took place in 2020...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2021-27364
Summary: An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an...
CVE-2021-27364
Summary: An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an...
CVE-2021-27365
Summary: An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length...
CVE-2021-27365
Summary: An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length...
CVE-2021-28375
Summary: An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from...
CVE-2019-12425
Summary: Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host Reference Links(if available): https://s.apache.org/7sr1x https://lists.apache.org/thread.html/r5181b36218225447d3ce70891eeccfb6d6885309dffd7e0e59091817@%3Cuser.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r907ce90745b52d2d5b6a815de03fd1d5f3831ab579a81d70cfda6f3d@%3Cuser.ofbiz.apache.org%3E...
CopperStealer Malware Steals Social Media Credentials
Researchers discovered a certain malware that was so far unidentified which silently hijacked Facebook, Apple, Amazon, Google, and other web...
E-Sim Fraud and Prevention
Some mobile service providers have eSIM-enabled cell phones which don't need an actual SIM card. They have a little chip...
Polish authorities got hacked for the sake of a fake allegation of nuclear waste leakage from Lithuania
Two Polish government websites were hacked to spread false information about a nuclear waste "leak" in neighboring Lithuania.The incident took...
Electronics Giant Acer Hit by $50 MIllion Ransomware Attack
The ransomware gang known as ‘REvil’ stole confidential files from computer giant Acer and demanded an unprecedented ransom of US$50...
Scammers Disguised as Tesco are Stealing Data Via Phone Scam, Warns Police
Wales Police have warned residents of a new phone fraud in which criminals try to trick customers for hundreds of...
Invoke-SocksProxy – Socks Proxy, And Reverse Socks Server Using Powershell
Creates a local or "reverse" Socks proxy using powershell. The local proxy is a simple Socks 4/5 proxy. The reverse...
Reverse-Shell-Generator – Hosted Reverse Shell Generator With A Ton Of Functionality
Hosted Reverse Shell generator with a ton of functionality -- (great for CTFs) Hosted Instancehttps://revshells.com FeaturesGenerate common listeners and reverse...
REvil ransomware gang hacked Acer and is demanding a $50 million ransom
Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant...
Russian National pleads guilty to conspiracy to plant malware on Tesla systems
The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. The U.S. Justice...
Threat actors are attempting to exploit CVE-2021-22986 in F5 BIG-IP devices in the wild
Cybersecurity experts warn of ongoing attacks aimed at exploiting a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking...
Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?
Amazon Elastic Kubernetes Service (EKS), a platform which gives customers the ability to run Kubernetes apps in the AWS cloud...
CVE-2021-21180
Summary: Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit...
