North Korean hackers charged with $1.3 billion of cyberheists
The US Department of Justice recently unsealed indictments detailing North Korea's involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states. The first unsealed indictment is for hacking...
0.1AI Score
Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang
The leader of Mexico's Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico's top tourist destinations over the past five years. The scandal is the latest...
6.8AI Score
U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist
The U.S. Department of Justice (DoJ) on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. The three defendants — Jon Chang Hyok, 31; Kim Il, 27; and Park...
-0.4AI Score
U.S. Indicts North Korean Hackers in Theft of $200 Million
The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and...
7AI Score
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s (now owned by Tesla) rebranded ConnectPort X2e...
8.8CVSS
-0.1AI Score
0.001EPSS
mHealth Apps Expose Millions to Cyberattacks
Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one...
-0.3AI Score
Pow! Emotet’s down. Is it out?
In a coordinated action, multiple law enforcement agencies have seized control of the Emotet botnet. Agencies from eight countries worked together to deliver what they hope will be a decisive blow against one of the world's most dangerous and sophisticated computer security threats. The Emotet...
0.6AI Score
Nvidia Squashes High-Severity Jetson DoS Flaw
Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the...
1AI Score
0.0004EPSS
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability (CVE-2020-16044) is separate from a bug reported in Google’s browser engine Chromium, which...
0.4AI Score
0.01EPSS
Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
As requested, your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used to launch cyberattacks across the globe. Needless to say, some source networks have been very naughty (dare we use the word “again,” since these all seem to be repeat offenders). To....
7.4AI Score
Exploit for Generation of Error Message Containing Sensitive Information in Senecajs Seneca
![Logo][] A Node.js toolkit for Microservice architectures ...
5.3CVSS
AI Score
0.001EPSS
An iOS zero-click radio proximity exploit odyssey
Posted by Ian Beer, Project Zero NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020. In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot,....
9.1CVSS
9.3AI Score
0.122EPSS
Understanding Binary and Data Representation with CyberChef
A significant part of reverse engineering and attacking devices relies on viewing and recognising data in various forms and working out how to decode it. We typically use Linux tools and scripts to do this, but you can make the first few steps using a really neat online tool called CyberChef. What....
6.5AI Score
0.1AI Score
'Among Us' Mobile Game Under Siege by Attackers
The meteoric rise of the game Among Us appears to be outpacing its developer’s ability to keep up with malicious actors. On Sunday night, a specific ongoing attack forced InnerSloth, the company behind the game, to hastily roll out an update designed to kick bad actors off the game’s servers —...
-0.2AI Score
[SECURITY] Fedora 33 Update: rubygem-rails-6.0.3.3-1.fc33
Ruby on Rails is a full-stack web framework optimized for programmer happin ess and sustainable productivity. It encourages beautiful code by favoring convention over...
6.5CVSS
1.3AI Score
0.023EPSS
Fedora: Security Advisory for rubygem-rails (FEDORA-2020-4dd34860a3)
The remote host is missing an update for...
6.5CVSS
6.1AI Score
0.023EPSS
EulerOS 2.0 SP3 : libvncserver (EulerOS-SA-2020-2116)
According to the versions of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LibVNCServer makes writing a VNC server (or more correctly, a program exporting a frame-buffer via the Remote Frame Buffer protocol)...
9.8CVSS
7.7AI Score
0.019EPSS
Fedora: Security Advisory for libssh (FEDORA-2020-ac3e29073f)
The remote host is missing an update for...
5.9CVSS
6.1AI Score
0.005EPSS
[SECURITY] Fedora 33 Update: libssh-0.9.5-1.fc33
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...
5.9CVSS
3.6AI Score
0.005EPSS
FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List
The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world. Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and...
0.6AI Score
Fedora: Security Advisory for libssh (FEDORA-2020-f4f5e49cb8)
The remote host is missing an update for...
5.9CVSS
6.1AI Score
0.005EPSS
[SECURITY] Fedora 32 Update: libssh-0.9.5-1.fc32
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...
5.9CVSS
3.6AI Score
0.005EPSS
Programmer Hacks Pregnancy Test to Play Doom
By Waqas A hardware and software reverse engineer managed to run Doom's fully functional game on a pregnancy test. This is a post from HackRead.com Read the original post: Programmer Hacks Pregnancy Test to Play...
2.3AI Score
Achieving Product Platform mindset
Imperva has decided to gradually shift to a company-wide Platform mindset in which, instead of having a set of separate products and features, there is a set of capabilities and building blocks upon which the products and features are built. Until now, special Platform teams have developed...
-0.7AI Score
[SECURITY] Fedora 32 Update: libvncserver-0.9.13-2.fc32
LibVNCServer makes writing a VNC server (or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression...
9.8CVSS
2.2AI Score
0.017EPSS
Fedora: Security Advisory for libvncserver (FEDORA-2020-1a4b1c8271)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.017EPSS
On June 17, we hosted our first "GReAT Ideas. Powered by SAS" session, in which several experts from our Global Research and Analysis Team shared insights into APTs and threat actors, attribution, and hunting IoT threats. Here is a brief summary of the agenda from that webinar: Linking attacks to.....
-0.4AI Score
0.973EPSS
[SECURITY] Fedora 31 Update: libvncserver-0.9.13-2.fc31
LibVNCServer makes writing a VNC server (or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression...
9.8CVSS
2.2AI Score
0.017EPSS
Fedora: Security Advisory for libvncserver (FEDORA-2020-37112ac660)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.017EPSS
Guidance on the North Korean Cyber Threat
Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. The advisory highlights the....
9.4AI Score
Coder-Turned-Kingpin Paul Le Roux Gets His Comeuppance
The programmer who became a flagrant drug lord and weapons trafficker was sentenced in New York City to 25 years in...
3.6AI Score
The Forerunner library is a fast, lightweight, and extensible networking library created to aid in the development of robust network centric applications such as: IP Scanners, Port Knockers, Clients, Servers, etc. In it's current state, the Forerunner library is able to both synchronously and...
6.6AI Score
Fedora: Security Advisory for log4net (FEDORA-2020-cfc319e067)
The remote host is missing an update for...
9.8CVSS
7.6AI Score
0.009EPSS
Fedora: Security Advisory for log4net (FEDORA-2020-73d380e9b9)
The remote host is missing an update for...
9.8CVSS
7.6AI Score
0.009EPSS
Fedora: Security Advisory for log4net (FEDORA-2020-847775bf79)
The remote host is missing an update for...
9.8CVSS
7.6AI Score
0.009EPSS
[SECURITY] Fedora 30 Update: log4net-2.0.8-10.fc30
log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET...
9.8CVSS
1.1AI Score
0.009EPSS
[SECURITY] Fedora 32 Update: log4net-2.0.8-10.fc32
log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET...
9.8CVSS
1.1AI Score
0.009EPSS
[SECURITY] Fedora 31 Update: log4net-2.0.8-10.fc31
log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET...
9.8CVSS
1.1AI Score
0.009EPSS
Riding the State Unemployment Fraud ‘Wave’
When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that's exactly what appears to be going on right now as multiple U.S....
7AI Score
Secured-core PCs help customers stay ahead of advanced data theft
Researchers at the Eindhoven University of Technology recently revealed information around "Thunderspy," an attack that relies on leveraging direct memory access (DMA) functionality to compromise devices. An attacker with physical access to a system can use Thunderspy to read and copy data even...
1.2AI Score
Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers
EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: 9790 CareLink Programmer, 2090 CareLink Programmer, 29901 Encore Programmer Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION As part of the intended functionality of this...
4.6CVSS
4.7AI Score
0.001EPSS
U.S Defense Warns of 3 New Malware Used by North Korean Hackers
Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the...
7.1AI Score
Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack
A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by...
0.1AI Score
SimplePHPGal 0.7 - Remote File Inclusion Vulnerability
Exploit for php platform in category web...
0.1AI Score
-0.1AI Score
7.4AI Score
Fedora: Security Advisory for libssh (FEDORA-2020-6cad41abb0)
The remote host is missing an update for...
5.3CVSS
5.8AI Score
0.004EPSS
[SECURITY] Fedora 32 Update: libssh-0.9.4-2.fc32
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...
5.3CVSS
3.6AI Score
0.004EPSS
Fedora: Security Advisory for libssh (FEDORA-2020-5a77f0d68f)
The remote host is missing an update for...
5.3CVSS
5.8AI Score
0.004EPSS