Malicious commits found in PHP code repository: What you need to know
You’ve probably heard that PHP’s Git repository was recently compromised, allowing backdoors to be added to the code located there....
MIDC’s Server Hacked, Threat to Destroy Data
The server of Maharashtra Industrial Development Corporation was hacked as of late. The ransomware 'SYNack' affected the applications and database...
278,000 GitHub Repositories Affected by a Critical Networking Flaw in Netmask
Security researchers have unearthed a critical networking flaw CVE-2021-28918 in a popular npm library netmask. Netmask is commonly utilized by...
Live Broadcast Got Disrupted Due to Cyber-Attack on The Australian Tv Network- Nine
A cyber-attack on Australia's Channel Nine TV network has interrupted live broadcasts, raising questions about the country's exposure to hackers....
PHP Git Server Hacked to Plant Malware in Code Base
In the most recent software supply chain assault, the official PHP Git repository was hacked and the code base altered....
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
Why is the campaign called A41APT? In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing...
ClearURLs – An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This...
Android_Hid – Use Android As Rubber Ducky Against Another Android Device
Use Android as Rubber Ducky against another Android device HID attack using AndroidUsing Android as Rubber Ducky against Android. This...
MDR Vendor Must-Haves, Part 3: Ingestion of Other Technology Investments
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites
Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28,...
Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations
Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices...
Hundreds of thousands of projects affected by a flaw in netmask npm package
A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could be exploited by attackers to conduct a variety of...
30 Docker images downloaded 20M times in cryptojacking attacks
Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo...
London-based academies Harris Federation hit by ransomware attack
Harris Federation, the multi-academy trust of 50 primary and secondary academies in and around London, was hit by a ransomware...
China-linked RedEcho APT took down part of its C2 domains
China-linked APT group RedEcho has taken down its attack infrastructure after it was exposed at the end of February by...
CVE-2020-23162
Summary: Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read...
CVE-2020-16964
Summary: Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963....
CVE-2021-1373
Summary: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless...
CVE-2019-16869
Summary: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which...
CVE-2020-14209
Summary: Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs...
The one reason your iPhone needs a VPN
For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones,...
5G slicing vulnerability could be used in DoS attacks
The IT security researchers at AdaptiveMobile have called out what looks like an important vulnerability in the architecture of 5G...
Steam users: Don’t fall for the “I accidentally reported you” scam
Suppose that, out of the blue, a Steam user tells you they’ve accidentally reported you for something you didn’t do,...
Beware of Ongoing Brute-Force Attacks Against NAS Devices, QNAP Warns
Taiwanese firm, QNAP has warned its clients of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urged to strengthen...
