CVE-2021-22639
Summary: An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to...
CVE-2021-22655
Summary: Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to...
Cryptojacking malware targeting cloud apps gets new upgrades, worming capability
A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier...
$12m Grindr fine shows GDPR’s got teeth
As thoughts turn to Data Privacy this week in a big way, GDPR illustrates it isn’t an afterthought. Grindr, the...
Russian IT expert Menshakov listed the ways to protect personal data
According to the expert, to protect yourself from phishing attacks and fraud using malicious software aimed at people working remotely,...
Emotet – ‘Most Dangerous Malware in the World’ Disrupted by the Law Enforcement Agencies
The European Union Agency for Law Enforcement announced that a global collaboration of law enforcement agencies had disrupted Emotet, what...
Sophos Victim to Nefilim Ransomware Attack
Threats have changed how the typical ransomware assault works: Instead of encrypting the data and demanding ransom in return for...
Pwn2Own 2021 Will Also Cover Zoom, MS Teams Exploits
Trend Micro's Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes, and rules for the Pwn2Own Vancouver 2021 hacking...
Privacy predictions for 2021
2020 saw an unprecedented increase in the importance and value of digital services and infrastructure. From the rise of remote...
JWT Key ID Injector – Simple Python Script To Check Against Hypothetical JWT Vulnerability
Simple python script to check against hypothetical JWT vulnerability. Let's say there is an application that uses JWT tokens signed...
Tritium – Password Spraying Framework
A tool to enumerate and spray valid Active Directory accounts through Kerberos Pre-Authentication. BackgroundAlthough many Kerberos password spraying tools currently...
TeamTNT group adds new detection evasion tool to its Linux miner
The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group...
LogoKit, a new phishing kit that dynamically creates phishing forms
Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered...
CISA warns of high-severity flaws in Fuji Electric Tellus Lite V-Simulator and Server Lite
The U.S. CISA published a security advisory for High-Severity flaws in some SCADA/HMI products made by Japanese company Fuji Electric....
Law enforcement announced global action against NetWalker Ransomware
A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker...
Emotet Botnet dismantled in a joint international operation
A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet. A global operation of law...
Pwn2Own 2021, more than $1,500,000 in cash and prizes for contestants
Trend Micro’s Zero Day Initiative announced the Pwn2Own Vancouver 2021 hacking competition that will also cover Zoom, MS Teams Exploits....
CVE-2020-6474
Summary: Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap...
CVE-2020-6513
Summary: Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap...
CVE-2020-6530
Summary: Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced...
CVE-2020-4766
Summary: IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by...
CVE-2018-2725
Summary: Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User...
3 tips to top up your privacy
It’s Data Privacy Day—the perennial event that many internet users may have never heard of, but have strong feelings and...
Why Data Privacy Day matters
Our Lock and Code special episode on Data Privacy Day, featuring guests from Mozilla, DuckDuckGo, and Electronic Frontier Foundation can...
