Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7
Do you know about CVE-2013-4866? No? It details a hardcoded PIN in a Smart Bidet giving attackers access to the...
APT32 state hackers target human rights defenders with spyware
Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. Vietnam-linked APT32 (aka Ocean Lotus)...
Airplane manufacturer Bombardier has disclosed a security breach, data leaked online
Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers...
VMware addresses a critical RCE issue in vCenter Server
VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has...
Twitter removes 100 accounts linked to Russia disseminating disinformation
Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has...
IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS
IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions. IBM has released...
CVE-2020-24606
Summary: Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all...
CVE-2021-0351
Summary: In wlan driver, there is a possible system crash due to a missing bounds check. This could lead to...
CVE-2021-27097
Summary: The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. Reference Links(if available): https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b CVSS...
CVE-2021-27138
Summary: The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. Reference Links(if available):...
CVE-2021-23839
Summary: OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support...
Clop targets execs, ransomware tactics get another new twist
Ransomware peddlers have come up with yet another devious twist on the recent trend for data exfiltration. After interviewing several...
The mystery of the Silver Sparrow Mac malware
Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This...
The Russian created Clubhouse for Android in one day
The former developer of the Android version of the application of the Russian social network VKontakte Grigory Klyushnikov created Clubhouse...
Malwarebytes Report Confirms the Change in Tactics of Cybercriminals During Covid-19
Malwarebytes, an American security firm announced the findings of its annual ‘State of Malware’ report, this report explored the working...
Alert for Smart Phone Users, How Their Data is Extracted by Apps Via Location Tracking
With more mobile apps entering the new world of smartphone users, only a few know about the dangers of the...
Chinese Hackers Cloned Exploit Tool Belonging to NSA
A Chinese hacking group allegedly "cloned" and deployed a zero-day exploit created by the U.S. National Security Agency's Equation Group...
HaE – BurpSuite Highlighter And Extractor
HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages.Read Chinese simplified version...
RAT-el – An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works...
FIN11 cybercrime group is behind recent wave of attacks on FTA servers
FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka...
NurseryCam daycare cam service shut down after security breach
Daycare camera product NurseryCam was hacked last week, the company was forced to shut down its IoT camera service. On...
Ukraine sites suffered massive attacks launched from Russian networks
Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites....
Georgetown County has yet to recover from a sophisticated cyber attack
The systems of Georgetown County have been hacked at the end of January, and the county staff is still working...
CVE-2017-14119
Summary: In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers...
