Tag Barnakle Targets Various Web Servers with Malicious Ads
In a persistent campaign that features malicious ads on tens of millions, if not hundreds of millions, computers, the criminals...
Eversource Energy Data Breach: Due to Unsecured Cloud Storage
New England's largest energy provider, Eversource experienced a data breach after sensitive details of customers were exposed on an unsecured...
Vulnerablecode – A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the...
Kubesploit – A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang
BuildTo build this project, run the make command from the root folder. Quick BuildTo run quick build for Linux, you...
Privacy and security in the software designing
The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information...
Cellebrite ‘s forensics tool affected by arbitrary code execution issue
Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Moxie...
Pareto Botnet, million infected Android devices conduct fraud in the CTV ad ecosystem
Researchers from Human Security have uncovered a huge botnet of Android devices being used to conduct fraud in the connected...
Trend Micro flaw actively exploited in the wild
Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions...
Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang
During an undercover interview, a CyberNews researcher tricked ransomware operators affiliated with Ragnar Locker into revealing their ransom payout structure,...
WhatsApp Pink malware spreads via group chat messages
A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp...
CVE-2015-2876
Summary: Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie...
CVE-2015-7788
Summary: ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. Reference...
CVE-2015-7907
Summary: Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors...
CVE-2015-6481
Summary: The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password,...
Phone House España – 5,223,350 breached accounts
In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware attack that also exposed significant volumes of customer...
FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram
Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters...
Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild
Pulse Secure has alerted customers to the existence of an exploitable chain of attack against its Pulse Connect Secure (PCS)...
Microsoft Fixes LPE Vulnerability Impacting Windows 7 and Server 2008
Microsoft quietly patched a local privilege escalation (LPE) flaw that affects both Windows 7 and Server 2008 R2 computers. This...
Lazarus E-Commerce Attackers Adapt Web Skimming for Stealing Cryptocurrency
Cybercriminals with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data...
Sweden accused Russia of a hacking attack on the Confederation of Sports
The Swedish Prosecutor's Office and the Swedish State Security Service accused Russia's Main Intelligence Directorate of a hacking attack on...
SOCTA: Here’s a Quick Look into the Report by Europol
The Serious Organized Crime Threat Assessment study 2021 by Europol summarises the criminal threat from the last four years and...
Chinese WeChat Users Targeted by Attackers Using Recent Chromium Bug
According to a local security firm, a Chrome exploit published online last week has been weaponized and exploited to target...
Targeted Malware Reverse Engineering Workshop follow-up. Part 2
If you have read our previous blogpost “Targeted Malware Reverse Engineering Workshop follow-up. Part 1“, you probably know about the...
Dnspeep – Spy On The DNS Queries Your Computer Is Making
dnspeep lets you spy on the DNS queries your computer is making. Here's some example output: $ sudo dnspeepquery name...
