Windows DNS SIGRed bug gets first public RCE PoC exploit

A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability. Microsoft issued security updates to address the security flaw tracked as CVE-2020-1350 on July 14, 2020, together with a registry-based workaround that helps protect affected Windows servers from attacks. SIGRed has existed in Microsoft's … Continue reading Windows DNS SIGRed bug gets first public RCE PoC exploit

DHS orders agencies to urgently patch or disconnect Exchange servers

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 21-02 Wednesday after Microsoft patched four zero-day Exchange bugs in emergency out-of-band security updates and shared info on active exploitation in … Continue reading DHS orders agencies to urgently patch or disconnect Exchange servers

Top 100 Cybersecurity Hackers

The following list, in no particular order, contains the names, their countries of origins, their (biggest) victim (s) and a short piece about who they are. Some are reformed and act as security consultants while others remain at large and are being hunted by the FBI, InterPol and others for their cybercrimes: Behzad Mesri Country: … Continue reading Top 100 Cybersecurity Hackers

“Mentally ill demon hackers” blamed for massive Gab data leak

Far-right service allegedly breached via SQL injection vulnerability More than 40 million posts, messages, profiles, and hashed passwords compromised Gab, the Twitter-like social networking service known for its far-right userbase, has reportedly been hacked – putting more than 40 million public and private posts, messages, as well as user profiles and hashed passwords, at risk … Continue reading “Mentally ill demon hackers” blamed for massive Gab data leak

Microsoft Concludes Internal Investigation into Solorigate Breach

The software giant found no evidence that attackers gained extensive access to services or customer data. Microsoft, which calls the SolarWinds supply chain attack a "moment of reckoning," declared on Thursday it had completed an internal investigation of its own compromised network. It advises companies to strengthen security by adopting a zero trust mindset and … Continue reading Microsoft Concludes Internal Investigation into Solorigate Breach