CVE-2021-22350
There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart.
A security researcher has published a PoC test code to exploit a worm-like vulnerability (CVE-2021-31166) in Windows IIS server. The issue scored 9.8 out of 10 maximum on the CVSSv3 scale and is a memory corruption vulnerability in the HTTP protocol stack included in recent versions of Windows. The stack is used by the embedded…
Photo: Drew Angerer (Getty Images) Former U.S. intelligence operatives are facing federal charges after allegedly having worked as cyber-mercenaries for the United Arab Emirates. The men, all of whom are ex-employees of the National Security Agency, are accused of helping the UAE government to break into computer systems all over the world, including some in…
A newly published report form the U.S. Government Accountability Office (GAO) describes the risks of cyber-attacks on the electricity grid’s distribution systems, along with the scale of the potential impact of such attacks. Following a performance audit conducted between September 2019 and March 2021, GAO has discovered that the electricity grid’s distribution systems are increasingly…
BOSTON: In the past few weeks, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered. Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much…
Breach Notification , Cybercrime , Cybercrime as-a-service 40 Million Credit Applications Also Stolen; Social Security Numbers Exposed Mathew J. Schwartz (euroinfosec) • August 18, 2021 T-Mobile’s store in Times Square, New York (Photo: T-Mobile) T-Mobile USA has confirmed that its systems were breached and that investigators have found that details for 8.6 million…
Three new Kaseya zero-day vulnerabilities were just disclosed in Kaseya Unitrends, including an RCE and an authenticated privilege escalation on the client-side. According to a recently released public advisory warning, the Kaseya serice should be kept off the internet until a patch is made available. “Do not expose this service or the clients directly to…