WordPress Elementor Lite 5.7.1 Arbitrary Password Reset Vulnerability

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level...

mina-sshd: Java unsafe deserialization vulnerability

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...

MGASA-2021-0172 Updated ruby-em-http-request packages fix security vulnerability

Updated ruby-em-http-request packages fix security vulnerability: A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this...

McAfee ATR Thinks in Graphs | McAfee Blogs

ARCHIVED STORY McAfee ATR Thinks in Graphs By Valentine Mairet · MAR 08, 2021 · 19 MIN READ 0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives: “Defenders think in lists. Attackers think in...

CVE-2020-13470

Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data...

Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted

Cyber criminals often exploit fear and uncertainty during major world events by launching cyberattacks. These attacks are often performed with social engineering campaigns leveraging malicious emails that lure victims to install malware that steals financial data and other valuable personal...

Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers

Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in dozens of unsuccessful attacks against our customers, with an unknown number of attacks, some like...

Low Interaction Honeypot: honeytrap

Honeytrap is a low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. In its default configuration, it runs as a daemon and starts server processes on demand when a connection attempt to a port is made. Different modes of operation are available...

Buffer overflow

Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data...

FS-NyarL - Network Takeover & Forensic Analysis Tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

[FS-NyarL] A network takeover & forensic analysis tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

Threat, Attack Data Intelligence Sharing Efforts Fall Short

DENVER – When it comes to information sharing, are companies too scared or too selfish to trade attack data? A number of information security officers from high-profile companies debated the topic this week at the NG Security Summit and came to the conclusion that it’s a little bit of both. Shari...

CVE-2012-1939

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via crafted JavaScript code...

Alex Hutton on the Verizon Data Breach Investigations Report

Dennis Fisher talks with Alex Hutton of the Verizon Business RISK team about the new Data Breach Investigations Report, the involvement of the Secret Service in this year’s report and the need for more and better data on attacks and successful defenses. Podcast audio courtesy of sykboy65 Subscrib...