CVE-2021-21156
Summary: Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap...
CVE-2021-21157
Summary: Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to...
CVE-2021-23336
Summary: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from...
CVE-2020-9484
Summary: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if...
CVE-2021-27509
Summary: In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code....
SuperVPN & GeckoVPN – 20,339,937 breached accounts
In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The...
Tibetan Organizations Targeted in a Chinese Sponsored Phishing Campaign
Cybersecurity experts from Proofpoint have unearthed a Chinese-sponsored phishing campaign and published a report on Thursday; as per the findings,...
American Telecommunications Firm, T-Mobile Confirmed Data Breach and Sim Swapping Attacks
After an undisclosed number of subscribers were reportedly hit by SIM swap attacks, American telecommunications company T-Mobile has announced a...
IBM: Cyber attacks on Linux systems of Russian government agencies will increase
The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import...
Alexa Skills can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could permit a threat...
WdToggle – A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching
A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and...
Gargamel – A Forensic Evidence Acquirer
A Forensic Evidence AcquirerCompileAssuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release...
New Zealand-based cryptocurrency exchange Cryptopia hacked again
The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019...
Security Affairs newsletter Round 303
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Experts found a critical authentication bypass flaw in Rockwell Automation software
A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical...
Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha
‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. A cybercrime group...
CVE-2021-20247
Summary: A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB...
CVE-2020-7846
Summary: Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads...
CVE-2021-22882
Summary: UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause...
CVE-2020-0822
Summary: An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language...
CVE-2020-8022
Summary: A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server...
To pay, or not to pay? That is the VPN question
VPNs have been a subject of deliberation for a long time. Is it even important to use one? I think...
Steris Corporation, The Latest Victim of Ransomware Gang Called ‘Clop’.
Data related to a customer of a recently targeted California-based private cloud solutions firm Accellion is being published online...
SQL Triggers Used by Hackers to Compromise User Database
Over the past year, a broader pattern of WordPress malware with SQL triggers has occurred within infected databases to mask...
