Thursday, September 23, 2021

Malware and Vulnerabilities

Microsoft Releases Mitigations For New PetitPotam NTLM Relay Attack

Microsoft releases mitigations and advisory For the New PetitPotam NTLM Relay Attack that abuses a remote access protocol called Encrypting File System Remote Protocol (MS-EFSRPC).Microsoft also posted detailed instructions on how to protect Windows domain controllers and other Windows...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver software.According to the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold...

Kaseya releases patches for flaws exploited in the REvil ransomware attack

Kaseya Florida-based software vendor On Sunday rolled out a security update for the VSA zero-day vulnerabilities exploited by the REvil ransomware gang in the massive ransomware supply chain attack.Kaseya VSA is a remote management and monitoring solution commonly used...

Critical bug found in Cortex XSOAR Allows Remote ‘War Room’ Access

A critical vulnerability in Palo Alto Networks, Cortex XSOAR system could have allowed an attacker to perform a command and control in the Cortex XSOAR War Room as well as perform other actions on the platform, without having to...

Critical ThroughTek vulnerability attackers access Millions of Connected Cameras

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on Friday, Issued an advisory about a critical vulnerability in the ThroughTek software that is being used in the devices, including baby monitoring cameras, which may give hackers access to audio...

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video without the user's permission.On April 17, security researcher Ahmad Talahmeh published a statement outlining how the threat works, as well...

NSA Discovers new critical vulnerabilities in Exchange Servers

The National Security Agency on Tuesday said it had warned Microsoft of several serious problems that criminals could use to hack the Exchange Server email system remotely.Microsoft today released a series of Server Security updates that address a range...

Apple developers targeted by EggShell Backdoor

Xcode malicious projects are used to hijack developer systems and distribute EggShell custom backdoors.The malware, called XcodeSpy, is targeted by Xcode, an integrated development platform (IDE) used in macOS for Apple's software development.According to a study published by Sentinel...

Apple releases a patch for a security flaw found by researchers at Google and Microsoft

Apple releases fix for a bug that could affect iPhone, iPad, and Mac which could lead to arbitrary code execution by visiting malicious web content.Like most bugs, this is a memory-related bug and affects WebKit, the browser behind Safari...

Salt Project patched a privilege escalation bug impacting SaltStack Salt minions

The Salt Project has patched a privilege escalation bug impacting SaltStack Salt minions that could be used during a wider exploit chain. The vulnerability, CVE-2020-28243, is described as a privilege escalation bug impacting SaltStack Salt minions allowing "an unprivileged user to...

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...