Google: four zero-day flaws have been exploited in the wild
Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG)...
China-linked LuminousMoth APT targets entities from Southeast Asia
LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the...
CVE-2021-36122
Summary: An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument...
CVE-2021-0600
Summary: In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app...
CVE-2021-36121
Summary: An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload...
CVE-2021-30547
Summary: Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform...
CVE-2020-19907
Summary: A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any...
Is crypto’s criminal rollercoaster approaching a terminal dip?
It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity...
Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday
The list of July 2021 Patch Tuesday updates looks endless. 117 patches with no less than 42 CVEs assigned to...
Sussex-Based Couple Loses £15,000 to Scammers
Loreta and Mindaugas from Horsham, Sussex, were lured in a fake bonus offer from a fraudster who seemed to be...
TrickBot Makes a Comeback with a VNC Module
The ongoing revival of malicious TrickBot malware has been revealed by cybersecurity researchers and shows that the Russia-based transnational cybercriminals...
Chinese Hackers Stole Call Details of Nepal Telecom
China launched a destructive "cyber attack" on Nepal Telecom which resulted in Chinese hackers stealing the phone numbers of all...
Ukraine Seized Gaming Consoles used for Illegal Crypto Mining
The Security Service of Ukraine (SBU), Ukraine's top law enforcement agency, reported last week that it had discovered a large-scale...
Arrests of members of Tetrade seed groups Grandoreiro and Melcoz
Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz (also known...
LuminousMoth APT: Sweeping attacks for the chosen few
APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets...
XLS Entanglement
VBA tradecraft is constantly evolving and this past winter, I came across some articles from Adepts of 0xCC. Specifically, their...
Wpscvn – Wpscvn Is A Tool For Pentesters, Website Owner To Test If Their Websites Had Some Vulnerable Plugins Or Themes
wpscvn is a tool for pentesters, website owner to test if their websites had some vulnerable plugins or themesThe author...
Injector – Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows
Complete Arsenal of Memory injection and other techniques for red-teaming in WindowsWhat does Injector do?Process injection support for shellcode located...
Trickbot improve its VNC module in recent attacks
Trickbot botnet is back, its authors implemented updates for the VNC module used for remote control of infected systems. The...
China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks
Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as...
The infrastructure and websites used by REvil ransomware gang are not reachable
The infrastructure and leak sites used by the REvil ransomware gang for its operations went offline last night. Starting last...
This couple lost £15,000 to scammers. We followed the money – and found millions in stolen crypto
A CyberNews investigation uncovered a network of wallet addresses used by a scammer group to store and cash out millions...
Adobe patches critical vulnerabilities in Reader, Acrobat, and Illustrator
Adobe addressed multiple critical vulnerabilities in several products, including Adobe Acrobat and Reader application. Adobe addressed multiple critical remote code...
CVE-2021-24015
Summary: An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before...
