Security Affairs newsletter Round 307
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
US Gov Executive Order would oblige to disclose security breach impacting gov users
According to a proposed executive order of the Biden administration, software vendors would have to disclose breaches to U.S. government...
Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom
Clop ransomware operators now email victim’s customers and ask them to demand a ransom payment to protect their privacy to...
Experts spotted a new advanced Android spyware posing as “System Update”
Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts...
CVE-2021-20214
Summary: A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client...
CVE-2021-29097
Summary: Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and...
CVE-2020-28346
Summary: ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference. Reference Links(if available): https://github.com/projectacrn/acrn-hypervisor/pull/5453 https://github.com/projectacrn/acrn-hypervisor/pull/5453/commits/ae0ab82434509d6e75f4a2f1e1a0dd2ee3dc3681 CVSS Score (if available) v2:...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-27216
Summary: In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the...
CVE-2020-11988
Summary: Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By...
Fleeceware apps earned over $400 million on Android and iOS
Researchers at Avast have found an aggregate of 204 fleece ware applications with over a billion downloads and more than...
Threat Actor Targets Guns.com, Spills Sensitive Information on Dark Web
As the domain name suggests, Guns.com is a major Minnesota, US-based platform to buy and sell guns online. It is...
Weintek’s HMI Found with Vulnerabilities which can Allow Attackers to Exploit Devices
Weintek's human-machine interface (HMI) products include three types of critical vulnerabilities, according to a cybersecurity researcher - who specializes in...
Hades Ransomware Attacks US Big Game
An obscure monetarily spurred threat group is utilizing the self-proclaimed Hades ransomware variant in cybercrime activities that have affected at...
Search-That-Hash – Searches Hash APIs To Crack Your Hash Quickly, If Hash Is Not Found Automatically Pipes Into HashCat
The Fastest Hash Cracking System pip3 install search-that-hash && sth Tired of going to every website to crack your hash?...
Obfuscation_Detection – Collection Of Scripts To Pinpoint Obfuscated Code
Automatically detect control-flow flattening and other state machines Author: Tim BlazytkoDescription:Scripts and binaries to automatically detect control-flow flattening and other state...
Apple released out-of-band updates for a new Zero‑Day actively exploited
Apple has released new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero‑day flaw, tracked CVE-2021-1879, actively...
German Parliament Bundestag targeted again by Russia-linked hackers
Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack...
