Pro-Trump Social Media Platform GETTR Hacked Shortly After Launch
A Twitter-like platform, GETTR was launched on July 4 by Jason Miller, who served as a spokesperson for former U.S. President Donald Trump. The social media service claims to welcome people from all over the world and to promote freedom of speech. Both the site and the GETTR mobile app highly resemble Twitter, and the…
Continuous Updates: Everything You Need to Know About the Kaseya Ransomware Attack
The attack appears to impact tens of Kaseya customers and hundreds of downstream businesses. The cybercrime group that launched the attack used the ransomware to encrypt files on compromised systems and they are hoping to earn tens of millions of dollars as a result. SecurityWeek is covering all the new information that emerges and here…
Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw
NSM is a firewall management application that provides the ability to monitor and manage all network security services from a single interface, as well as to automate tasks to improve security operations. The product is available for on-premises deployments or as a SaaS offering. Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the…
Microsoft Confirms ‘PrintNightmare’ is New Windows Security Flaw
Microsoft’s confirmation of a new, unpatched Windows Print Spooler bug comes days after researchers noticed that published proof-of-concept code for a different vulnerability was reliably exploiting fully patched Windows machines. Microsoft’s own misdiagnosis of a Print Spooler flaw that was just patched in June this year also added to the confusion. In a pre-patch advisory…
Malvuln Project Catalogues 260 Vulnerabilities Found in Malware
Malvuln, an interesting project of security researcher John Page (aka hyp3rlinx), catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited. Since launching the project in early January 2021, Page has discovered more than 260 vulnerabilities across an estimated 105 individual malware families, including trojans, worms, backdoors, droppers, and ransomware….
XSS Vulnerability in Cisco Security Products Exploited in the Wild
Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…
GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016
According to the company, in 2020, it paid out over half a million dollars for more than 200 vulnerabilities affecting its products and services. The amount is roughly the same as in the previous year. GitHub said it received more than 1,000 submissions through its public and private bug bounty programs, and claimed that its…
Google Rolling Out Security Update for Google Drive
With this update, the search advertising giant is adding a resource key to sharing links, which will impact access to the files for those users who haven’t yet viewed the files. “Once the update has been applied to a file, users who haven’t viewed the file before will have to use a URL containing the…
Old Vulnerability Exploited to Hack, Wipe WD Storage Devices
Victims said a factory reset had been initiated on their device, which resulted in all files being erased. Some users reported losing very important data. WD NAS device vulnerability exploitedOne post on the WD Community forum received more than 160 replies and it has been viewed nearly 15,000 times in just over 24 hours. A…
Vulnerabilities in Zephyr’s Bluetooth LE Stack May Lead to DoS Attacks
Six of the flaws, the researcher explains, could be abused by an attacker by sending malformed input that would cause the device to freeze. This could result in the device rebooting itself or may even allow for remote code execution in some instances. Other vulnerabilities could be exploited either to cause the device to misbehave…
