AnonX – An Encrypted File Transfer Via AES-256-CBC
An Encrypted File transfer via AES-256-CBC AnonX is an encrypted file uploader and downloader. The uploaded archive lasts for one...
Strafer – A Tool To Detect Potential Infections In Elasticsearch Instances
Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud...
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical", the most severe of which is...
China-linked APT31 group was behind the attack on Finnish Parliament
China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place...
WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS
Wintriage is a live response tool that extracts Windows artifacts, it allows to extract the most artifacts as possible, but...
Expert found a 1-Click RCE in the TikTok App for Android
Egyptian security researcher Sayed Abdelhafiz discovered multiple bugs in TikTok Android Application that can be chained to achieve Remote code...
Reading the FBI IC3’s ‘2020 Internet Crime Report’
The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report, which includes data from 791,790 complaints...
Prime Minister Boris Johnson wants to enhance UK cyber capabilities
Prime Minister Boris Johnson declared that Britain needs to boost its cyber capability to conduct cyber attacks on foreign hostile...
Data Breaches Tracker monitor unsecured ElasticSearch servers online
Cybersecurity research at WizCase, an online security and privacy portal, built a tool to track accessible ElasticSearch servers on the internet. ...
CVE-2021-26901
Summary: Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26872, CVE-2021-26898. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26901...
CVE-2021-27918
Summary: encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder)...
CVE-2021-26896
Summary: Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-27063. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26896 CVSS...
CVE-2021-26896
Summary: Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-27063. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26896 CVSS...
CVE-2021-26570
Summary: The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer...
CVE-2020-29553
Summary: The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin...
Mother charged with using deepfakes to shame daughter’s cheerleading rivals
A Pennsylvania woman reportedly sent doctored photos and videos of her daughter’s cheerleader rivals to their coaches, in an attempt...
Apple shines and buffs Mac security—Is it enough to stop today’s malware?
There’s a lot going on in the Mac security world lately. Over the last few months, Apple has ramped up...
FBI warns of increase in PYSA ransomware attacks targeting education
On March 16, the Federal Bureau of Investigation (FBI) issued a “Flash” alert on PYSA ransomware after an uptick on...
The first IPO of a cybersecurity company is being prepared in Russia
Russian cybersecurity company Positive Technologies is about to conduct an initial public offering (IPO) on the Moscow Stock Exchange. In...
FBI Warns of PYSA Ransomware Attacks on Educational Institutions
The Federal Bureau of Investigation (FBI) has issued a warning notifying of an increase in PYSA ransomware attacks targeting educational...
Privacy Essentials Vulnerabilities in the DuckDuckGo Browser Extension
DuckDuckGo, the widely used web extension for Chrome and Firefox, that is meant to protect the privacy of its users...
Turbo-Intruder – A Burp Suite Extension For Sending Large Numbers Of HTTP Requests And Analyzing The Results
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It's intended...
Lazy-RDP – Script For AutomRDPatic Scanning And Brute-Force
Script For AutomRDPatic Scanning And Brute-Force.Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the...
New ZHtrap botnet uses honeypot to find more victims
Netlab 360 experts discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. Researchers from Netlab...
