Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach
WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all...
What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It?
How businesses can benefit from the adoption of an identity and access management solution. Businesses that use outdated manual processes...
Kaseya obtained a universal decryptor for REvil ransomware attack
The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive...
Threat Report Portugal: Q2 2021
The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2,...
CVE-2021-28903
Summary: A stack overflow in libyang
CVE-2021-28904
Summary: In function ext_get_plugin() in libyang
CVE-2021-28905
Summary: In function lys_node_free() in libyang module can't be NULL. But in some cases, node->module can be null, which triggers...
CVE-2021-28906
Summary: In function read_yin_leaf() in libyang
CVE-2015-5349
Summary: The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values,...
AvosLocker enters the ransomware scene, asks for partners
This blog post was authored by Hasherezade In mid-July we responded to an incident that involved an attack on a...
CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack
Two months after fully restoring its systems, CNA Financial, the leading US insurance company that was attacked by a group...
Busted! Fraud-as-a-Service gang that sold 2FA-proof phishing arrested
The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels....
The work of the Runet was tested in the exercise of disconnection from the global network
In June—July, regular exercises on the stability of the Runet were held. This time the possibility of working in conditions...
Global Outage Disrupts the Services of Major Websites
Several major websites faced outages on Thursday due to a glitch in Akamai Technologies Inc's (AKAM.O) systems, the second widespread...
New Windows and Linux Flaws: Provide Attackers Highest System Privileges
Two new vulnerabilities, one in Windows and the other in Linux, were discovered on Tuesday, allowing hackers with a presence...
Pulse Security Devices Identified with Malware: Alerts CISA
A detailed warning concerning almost 13 malware samples associated with Pulse Secure operated devices has been issued by the Cybersecurity...
Olympic Ticket Data Leaked, Says Japanese Government
Following a breach, user IDs and passwords for the Tokyo Olympic ticket gateway were released on a leak website, a...
In0ri – Defacement Detection With Deep Learning
In0ri is a defacement detection system utilizing a image-classification convolutional neural network. IntroductionWhen monitoring a website, In0ri will periodically take...
TeamsUserEnum – User Enumeration With Microsoft Teams API
Sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email...
CVE-2020-28010
Summary: Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory...
CVE-2021-3518
Summary: There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file...
CVE-2019-17543
Summary: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with...
CVE-2021-22884
Summary: Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When...
CVE-2021-22901
Summary: curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS...
