CVE-2021-24091
Summary: Windows Camera Codec Pack Remote Code Execution Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24091 CVSS Score (if available) v2: / MEDIUM...
CVE-2021-24091
Summary: Windows Camera Codec Pack Remote Code Execution Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24091 CVSS Score (if available) v2: / MEDIUM...
CVE-2021-1648
Summary: Microsoft splwow64 Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1648 CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:C/I:C/A:C v3: /...
CVE-2021-1648
Summary: Microsoft splwow64 Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1648 CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:C/I:C/A:C v3: /...
CVE-2021-1642
Summary: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1642...
CVE-2021-1642
Summary: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1642...
CVE-2021-24087
Summary: Azure IoT CLI extension Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087 CVSS Score (if available) v2: / MEDIUM...
CVE-2021-24087
Summary: Azure IoT CLI extension Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087 CVSS Score (if available) v2: / MEDIUM...
CVE-2021-26704
Summary: EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox...
21 million free VPN users’ data exposed
Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week,...
Patch now! Exchange servers attacked by Hafnium zero-days
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted...
AI makes fewer mistakes than experienced radiologists and takes into account ethnic differences
CureMetrix: AI provides an equalization of care across countries. A well-trained algorithm that has been trained on a variety of...
Top Dairy Group Lactalis Suffers Cyberattack, Company Confirms No Data Breach
Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached...
European E-Ticketing Platform TicketCounter Extorted In Data Breach
A Dutch e-ticketing network witnessed a data breach. The whereabouts came to be known after a customer’s database containing...
New Jailbreak Tool Released By Hackers to Unlock Latest iPhones
Unc0ver, one of the most popular iPhone jailbreaking tools has got a new update. The latest version 6.0 works on...
JFC International Compromised with a Ransomware Attack
JFC International has reported that some of its IT networks have been compromised by a ransomware attack. The food giant...
Teatime – An RPC Attack Framework For Blockchain Nodes
Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a...
Threatspec – Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat...
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, 2021, the Microsoft Threat Intelligence Center (MSTIC) released details on an active state-sponsored threat campaign exploiting four...
IAM Never Gonna Give You Up, Never Gonna Breach Your Cloud
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw
A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any...
Attackers took over the Perl.com domain in September 2020
The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of...
Four zero-days in Microsoft Exchange actively exploited in the wild
Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Microsoft has released...
Google fixes Critical Remote Code Execution issue in Android System component
Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in...
