Cybersecurity News

A weakness in the Cisco IOS XR Software Input Packet Processing Feature for Cisco ASR 9000 Series Aggregation Services Routers may allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. According to its self-reported version, IOS-XR is affected by a denial of service (DoS) vulnerability in the…
Read more

This Security Alert addresses CVE-2020-14750, a vulnerability in Oracle WebLogic Server for remote code execution. This vulnerability is identified with CVE-2020-14882, which was tended to in the October 2020 Critical Patch Update.  It is remotely exploitable without authentication, i.e., might be misused over an organization without the requirement for a username and password. The Security Alert Advisory is…
Read more

Imperva security researchers discovered a botnet that exploits vulnerabilities in the underlying content management systems of websites and then uses these compromised servers to mine for cryptocurrencies or deliver more spam to victims. The botnet, which the researchers dubbed KashmirBlack, began operating in November 2019 and since then infiltrated thousands of websites by targeting vulnerabilities…
Read more

The presence of address bar spoofing vulnerabilities in various smartphone browsers has recently been exposed by cybersecurity company Rapid7. Upon exploitation, these bugs will do significant harm to the multiple users since they won’t even recognize the bogus pages. The seven smartphone browsers, including some common ones, were infected by about 10 different vulnerabilities. Specifically,…
Read more

Hacking is rather seen as dangerous or in a bad light. But many hackers make their living out of using their hacking skills for ethical purposes. Bug Bounty refers to the programs organized by companies, software developers and websites to find and report bugs in exchange for recognition and compensation. Bug Bounty Industry Bug Bounties…
Read more

CVE represents Common Vulnerabilities and Exposures and is alluded to as “a word reference of freely known information security vulnerabilities and exposures.” Currently, MITRE Corporation works under an agreement with the U.S. Dept. of Homeland Security.  Practically speaking, The National Vulnerability Database (NVD) is a database of publicly recognized security vulnerabilities in operation. The CVE…
Read more

GravityRAT is a bit of malware which is named spyware: it helps cybercriminals to steal certain information from infected computers. It is realized that cybercriminals behind this malware target Windows, macOS, and Android devices. If there is a reason to believe that a computer or cell phone is equipped with GravityRAT, it should be removed…
Read more

OSINT Framework, as its name suggests, is a cybersecurity platform, a set of OSINT resources that support the information and data collection activities. This tool is often used for digital footprinting, OSINT analysis, intelligence gathering, and reconnaissance by security researchers and penetration testers. It offers a simple web-based interface that helps you to access various…
Read more

FinFisher, a Munich-based German spyware company got raided on the suspicion of illegally exporting their product to foreign countries. FinSpy, a very powerful spying tool used by various governments around the world owned by FinFisher, was found to be used by oppressive and doubtful regimes for spying on opposition parties, journalists and NGO’s which suggests…
Read more