Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape
Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000....
hacking
Email accounts of DHS members were compromised in the SolarWinds hack
Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds...
IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions
IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms...
VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials
VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published...
ClearURLs – An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This...
Android_Hid – Use Android As Rubber Ducky Against Another Android Device
Use Android as Rubber Ducky against another Android device HID attack using AndroidUsing Android as Rubber Ducky against Android. This...
MDR Vendor Must-Haves, Part 3: Ingestion of Other Technology Investments
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites
Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28,...
Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations
Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices...
Hundreds of thousands of projects affected by a flaw in netmask npm package
A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could be exploited by attackers to conduct a variety of...
30 Docker images downloaded 20M times in cryptojacking attacks
Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo...
London-based academies Harris Federation hit by ransomware attack
Harris Federation, the multi-academy trust of 50 primary and secondary academies in and around London, was hit by a ransomware...
China-linked RedEcho APT took down part of its C2 domains
China-linked APT group RedEcho has taken down its attack infrastructure after it was exposed at the end of February by...
KICS – Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx....
Boomerang – A Tool To Expose Multiple Internal Servers To Web/Cloud
Boomerang is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports...
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of...
MDR Vendor Must-Haves, Part 2: Ingestion of Network Device Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code
Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor...
Ziggy ransomware admin announced it will refund victims who paid the ransom
Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have...
New Purple Fox version includes Rootkit and implements wormable propagation
Researchers from Guardicore have spotted a new variant of the Purple Fox Windows malware that implements worm-like propagation capabilities. Researchers...
Experts found two flaws in Facebook for WordPress Plugin
A critical flaw in the official Facebook for WordPress plugin could be abused exploited for remote code execution attacks. Researchers...
BadOutlook – (Kinda) Malicious Outlook Reader
A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a...
CallObfuscator – Obfuscate Specific Windows Apis With Different APIs
Obfuscate (hide) the PE imports from static/dynamic analysis tools. TheoryThis's pretty forward, let's say I've used VirtualProtect and I want...
Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation?
A cyber attack has disrupted the Australian Channel Nine’s live broadcasts, the company was unable to transmit its Sunday morning news...
