CVE-2020-19641
Summary: An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with...
CVE-2021-28669
Summary: Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to...
CVE-2021-21727
Summary: A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets...
CVE-2021-25349
Summary: Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via...
CVE-2021-25353
Summary: Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of...
The npm netmask vulnerability explained so you can actually understand it
The popular npm netmask library recently encountered a serious problem, explained as follows: The npm netmask package incorrectly evaluates individual...
IRS Warned of an Ongoing IRS-Impersonation Scam
The Internal Revenue Service (IRS) has cautioned of ongoing phishing assaults impersonating the IRS and targeting educational establishments. The assaults...
Here’s How to Safeguard Against Mobikwik Data Breach
Cybersecurity researchers claimed that the KYC data of as many as 11 crores Mobikwik users had been leaked and put...
Data Leak of 10cr Users: ‘The Largest KYC Data Leak in History’
According to cybersecurity researcher Rajshekahar Rajaharia, mobile payment app Mobikwik came under attack after the data of 10 crores of...
Financial Cyberthreats in 2020
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of...
Rubeus – C# Toolset For Raw Kerberos Interaction And Abuses
Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project...
InveighZero – Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool
InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to...
5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter
Experts warn that cybercriminals are targeting Indonesia’s major banks posing as bank representatives or customer support team members on Twitter....
Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape
Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000....
Email accounts of DHS members were compromised in the SolarWinds hack
Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds...
IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions
IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms...
VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials
VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published...
CVE-2021-1460
Summary: A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829...
CVE-2020-28243
Summary: An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a...
CVE-2020-35662
Summary: In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated....
CVE-2021-21309
Summary: Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug...
CVE-2021-23840
Summary: Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length...
PYSA, the ransomware attacking schools
The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March,...
Malicious commits found in PHP code repository: What you need to know
You’ve probably heard that PHP’s Git repository was recently compromised, allowing backdoors to be added to the code located there....
