Cyber Security

Zimbra Server Bug

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

Cybersecurity researchers of SonarSource have discovered multiple security vulnerabilities in Zimbra Email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious email message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws which tracked as CVE-2021-35208 and CVE-2021-35208 were discovered and reported …

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email Read More »

Microsoft issues Guidance for DNS Cache Poisoning Vulnerability

Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. Successfully exploiting the vulnerability could allow attackers to use modified DNS records to redirect a target to a malicious website under their control as part of DNS spoofing (also known as DNS cache poisoning) attacks. …

Microsoft issues Guidance for DNS Cache Poisoning Vulnerability Read More »

Github Code Scanning – Vulnerability Scanner by Justin Hutchings

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. We’re thrilled to announce the general availability of code scanning. You can enable it on your public repository today! One year ago, GitHub welcomed Semmle. We’ve since worked to bring the revolutionary code analysis capabilities of its CodeQL technology to GitHub …

Github Code Scanning – Vulnerability Scanner by Justin Hutchings Read More »

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called “Gitpaste-12,” which used GitHub to host malicious code containing as …

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices Read More »

PgMiner botnet attacks weakly secured PostgreSQL databases

Security researchers have discovered this week a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner. Codenamed by researchers as PgMiner, the botnet is just the latest in a long list of recent cybercrime operations that target web-tech for monetary profits. According to researchers at Palo Alto Networks’ Unit 42, the botnet operates by …

PgMiner botnet attacks weakly secured PostgreSQL databases Read More »

Microsoft exposes Adrozek, a malware that hijacks Chrome, Edge, and Firefox

Microsoft has raised the alarm today about a new malware strain that infects users’ devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages. Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers – Microsoft 365 Defender Research Team Named Adrozek, the …

Microsoft exposes Adrozek, a malware that hijacks Chrome, Edge, and Firefox Read More »

Tinfoleak – The most complete Open-source tool for Twitter Intelligence Analysis

tinfoleak is an open-source tool within the OSINT (Open Source Intelligence) and SOCMINT (Social Media Intelligence) disciplines, that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence. Taking a user identifier, geographic coordinates or keywords, tinfoleak analyzes the Twitter timeline to extract great volumes of data and show useful and structured …

Tinfoleak – The most complete Open-source tool for Twitter Intelligence Analysis Read More »