Malware and Vulnerabilities

Researchers discovered URL-parsing bugs that could impact several web apps. The cybersecurity experts noticed some vulnerabilities borne out of inconsistencies from the affected libraries. Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service (DoS) conditions, information leaks, and remote code execution (RCE) in various web applications, researchers are …

Security Researchers Find Bugs in URL Libraries Allow DoS, RCE, Spoofing & Many More Read More »

A significant security Flaw in Uber‘s email system that anyone can currently send an email from the Uber.com domain. No, Uber has not intentionally done so. It is, however, choosing to ignore the problem at the moment. These emails, which cannot be sent from Uber’s servers, seem legitimate to any email provider (because they technically are) …

Uber Ignores Security Flaw that Anyone Send Emails From Uber.com Domain Read More »

Microsoft releases mitigations and advisory For the New PetitPotam NTLM Relay Attack that abuses a remote access protocol called Encrypting File System Remote Protocol (MS-EFSRPC). Microsoft also posted detailed instructions on how to protect Windows domain controllers and other Windows servers from the NTLM Relay Attack known as PetitPotam. This security vulnerability in the Windows …

Microsoft Releases Mitigations For New PetitPotam NTLM Relay Attack Read More »

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver software. According to the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005.  Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a …

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug Read More »

Kaseya Florida-based software vendor On Sunday rolled out a security update for the VSA zero-day vulnerabilities exploited by the REvil ransomware gang in the massive ransomware supply chain attack. Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers. MSPs can deploy VSA on-premise using their …

Kaseya releases patches for flaws exploited in the REvil ransomware attack Read More »

A critical vulnerability in Palo Alto Networks, Cortex XSOAR system could have allowed an attacker to perform a command and control in the Cortex XSOAR War Room as well as perform other actions on the platform, without having to log in. Found internally by Palo Alto, bug (CVE-2021-3044) may cause an incorrect license, which allows …

Critical bug found in Cortex XSOAR Allows Remote ‘War Room’ Access Read More »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on Friday, Issued an advisory about a critical vulnerability in the ThroughTek software that is being used in the devices, including baby monitoring cameras, which may give hackers access to audio and video streams, and Its feeds. In addition to possible leakage of data, and video, and …

Critical ThroughTek vulnerability attackers access Millions of Connected Cameras Read More »

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video without the user’s permission. On April 17, security researcher Ahmad Talahmeh published a statement outlining how the threat works, as well as a Proof-of-Concept (POC) code that can launch an attack. Facebook Live Video allows users …

An error of coding results attacker will delete a live video of Facebook Read More »

The National Security Agency on Tuesday said it had warned Microsoft of several serious problems that criminals could use to hack the Exchange Server email system remotely. Microsoft today released a series of Server Security updates that address a range of issues ranging from high to low. Modern patches also deal with the risk of …

NSA Discovers new critical vulnerabilities in Exchange Servers Read More »

Xcode malicious projects are used to hijack developer systems and distribute EggShell custom backdoors. The malware, called XcodeSpy, is targeted by Xcode, an integrated development platform (IDE) used in macOS for Apple’s software development. According to a study published by Sentinel Labs on Thursday, the Run Script feature in IDE is used in attacks targeted …

Apple developers targeted by EggShell Backdoor Read More »