CVE-2021-27027
Summary: A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted...
JD – 77,449,341 breached accounts
In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing...
WhatsApp reverses course, will not limit app functionality
WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued...
Cobalt Strike, a penetration testing tool abused by criminals
If you were to compose a list of tools and software developed by security and privacy defenders that ended up...
Kimsuky APT continues to target South Korean government using AppleSeed backdoor
This blog post was authored by Hossein Jazi. The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a...
Russian Man Convicted of $7 Million Digital Advertising Scam
A Russian person was found guilty in the United States of using a bot farm and hiring servers to create...
Deadshot: A Tool That Marks Sensitive Content for Developers
Software code repositories might be hiding credentials, sensitive data, and other secrets of an organization without the knowledge of developers....
Interpol Seize $83 Million in Operation Against Online Financial Fraud
More than 500 suspects were arrested in the Interpol-coordinated Operation ‘HAECHI-I’ and $83 million were seized which belonged to the...
What is a Supply Chain Attack? Here’s How is it Making Your Software Vulnerable
Users receive warnings from public and private organizations asking them to be aware of fraud links and sources, to not...
Pay Attention: These Unsubscribe Emails Only Lead to Further Spam
Scammers send out fake 'unsubscribe' spam emails to validate legitimate email addresses for future phishing and spam campaigns. Spammers have been...
Kids on the Web in 2021: Infinite creativity
For over a year we’ve been living in a world gripped by the COVID-19 pandemic. Not only has the pandemic...
Dent – A Framework For Creating COM-based Bypasses Utilizing Vulnerabilities In Microsoft’s WDAPT Sensors
More InformationIf you want to learn more about the techniques utlized in this framework please take a look at this...
American food processing giant JBS Foods halts production after cyberattack
The American food processing company and meat producer JBS Foods was forced to shut down production at multiple sites worldwide following...
Russian hacker Pavel Sitnikov arrested for distributing malware via Telegram
The popular Russian hacker Pavel Sitnikov was arrested by Russian authorities on charges of distributing malware via his Telegram channel....
Prometheus and Grief – two new emerging ransomware gangs targeting enterprises. Mexican Government data is published for sale.
“Prometheus” and “Grief” – a multi-billion dollar ransomware market obtained two new emerging players. In today’s world, information and data...
Swedish Health Agency discloses hacking attempts
The Swedish Public Health Agency has shut down the country’s infectious diseases database, SmiNet, last week after multiple hacking attempts....
Denmark intel helped US NSA to spy on European politicians
Denmark’s foreign secret service allowed the US NSA to spy on European politicians through a Danish telecommunications hub. Journalists from Danish...
CVE-2020-35517
Summary: A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system...
CVE-2020-18395
Summary: A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial...
CVE-2021-20095
Summary: Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary...
CVE-2021-29350
Summary: SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands...
CVE-2021-21230
Summary: Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption...
Revisiting the NSIS-based crypter
This blog post was authored by hasherezade NSIS (Nullsoft Scriptable Install System) is a framework dedicated to creating software installers....
Threat Actors Release Patient Data Stolen from New Zealand Hospitals to the Local Media
Cybercriminals who targeted hospitals in New Zealand’s Waikato district have published the stolen patient data to the local media outlets,...
