Researchers warn of a surge in cyber attacks against Microsoft Exchange
Researchers warn of a surge in cyber attacks against Microsoft Exchange servers exploiting the recently disclosed ProxyLogon vulnerabilities. Researchers at...
Malspam campaign uses icon files to delivers NanoCore RAT
Researchers at Trustwave spotted a new malspam campaign that is abusing icon files to trick victims into installing the NanoCore...
Expert publishes PoC exploit code for Microsoft Exchange flaws
This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon...
Hack the box guide to: Phonebook
Phonebook - 30 points So at always lets fire up burp and visit the page to see what is there...
CVE-2020-27869
Summary: This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM:...
CVE-2020-27871
Summary: This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication...
CVE-2020-27874
Summary: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is...
CVE-2020-29020
Summary: Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from...
CVE-2020-29032
Summary: Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious...
Police credit “unlocked” SKY ECC encryption for organized crime bust
At the moment, I’m really torn, and I need your help. Let me tell you what is going on. I...
5 common VPN myths busted
Virtual Private Networks (VPNs) are popular but often misunderstood. There are many misconceptions about them—misconceptions that may be stopping people...
Russian authorities slow access to Twitter over banned content
The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) accused Twitter of numerous violations and failure...
After OTP Issues,TRAI Suspends New SMS Rules For 7 Days
The Telecom Regulatory Authority of India (TRAI) has temporarily suspended its new rules for curbing spam messages, following major disruptions...
Malware WannaCry And Vulnerability EternalBlue Remain at Large
One specific aspect of malware and one vulnerability continues to develop as security companies have been reconstructing the highest trends...
GitHub Informed Clients of “Potentially Serious” Security Bug
GitHub on Monday informed clients that it had found what it described as an “extremely rare, but potentially serious” security...
Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020
2020 was a tumultuous year for vulnerability risk management. Defenders had to contend with a growing volume of high-priority security...
Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws
Norway parliament, the Storting, has suffered a new cyberattack, hackers stole data by exploiting recently disclosed Microsoft Exchange vulnerabilities. Norway...
RedXOR, a new powerful Linux backdoor in Winnti APT arsenal
Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the...
F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ
Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as...
White hat hackers gained access more than 150,000 surveillance cameras
A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies...
CVE-2021-27963
Summary: SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can...
CVE-2021-26963
Summary: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities...
CVE-2021-26962
Summary: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities...
CVE-2021-26961
Summary: A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0....
