CVE-2021-22445
Summary: There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset....
CVE-2021-34622
Summary: A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made...
Taiwanese Computer Hardware Company Gigabyte Suffers Ransomware Attack
Gigabyte, a motherboard developing company from Taiwan and also a hardware giant was attacked by the RansomExx ransomware hacking group,...
Golang Cryptomining Worm Offers 15% Speed Boost
Cybersecurity intelligence at the security firm Intezer has discovered a new Golang-based worm that is attacking Windows and Linux servers...
Personal Information of 2,000 FOID Cardholders Compromised in ISP Website Breach
The Illinois State Police are notifying Firearm Owners Identification cardholders regarding a possible data breach after attackers attempted to breach...
Lithuania has experienced 1,780 cyber incidents in six months
According to the Lithuanian military, the sharp increase in the number of hacks is caused by two main reasons –...
Cisco: Firewall Manager RCE Flaw is a Zero-day, Patch Arriving Soon
In a Thursday security advisory update, Cisco disclosed that a remote code execution (RCE) vulnerability discovered last month in the...
Php-Jpeg-Injector – Injects Php Payloads Into Jpeg Images
Injects php payloads into jpeg images. Related to this post. Use CaseYou have a web application that runs a jpeg...
Solitude – A Privacy Analysis Tool That Enables Anyone To Conduct Their Own Privacy Investigations
Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or...
Security Affairs newsletter Round 326
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
A zero-day RCE in Cisco ADSM has yet to be fixed
A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ADSM) Launcher disclosed in July has yet...
CVE-2021-20090 actively exploited to target millions of IoT devices worldwide
Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090) affecting home routers with Arcadyan firmware. Threat actors actively...
CVE-2021-20228
Summary: A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is...
CVE-2020-27153
Summary: In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker...
CVE-2021-21775
Summary: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A...
CVE-2021-21779
Summary: A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web...
CVE-2021-32791
Summary: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party,...
OrderSnapp – 1,304,447 breached accounts
In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data...
MMG Fusion – 2,660,295 breached accounts
In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M...
Telegram Bug in Mac Allows User To Save Secret Chats
Cybersecurity experts have found a technique for Telegram users of Mac to keep self disappearing texts or view the messages...
Detecting Cobalt Strike: Cybercrime Attacks
One of the latest researches revealed that cybercriminals who employ malware often use the Cobalt Strike tool to release multiple...
Several Critical Flaws Detected in Las Vegas’s Leading Casinos
External attack surface management platform, Reposify, has discovered multiple vulnerabilities in the IT networks of Las Vegas’s leading casinos. Recently,...
New DNS Flaw Enables ‘Nation-State Level Spying’ on Companies
Researchers discovered a new category of DNS vulnerabilities hitting major DNS-as-a-Service (DNSaaS) providers, which may enable attackers to get access...
Inadequate Payment Leads the Affiliate to Leak the Ransomware Gang’s Technical Manual
A frustrated Conti affiliate revealed the gang's training material during attacks and released details on one of the administrators of...
