In this edition, we’ll give new updates to the Fortinet flaws abuse we discussed last week, 3 major social network leaks, new Android malware spreads by creating auto-replies to messages in WhatsApp, and our CVE of the week: a pre-auth RCE found in a QNAP QTS plugin.

Two Manufacturing Plants Shut Down Due to Fortinet Vulnerability

In this edition, we’ll give new updates to the North Korean campaign targeting security researchers, Chinese police arresting the biggest video game cheats syndicate, FBI and CISA warning about hackers abusing FortiNet flaws, and our CVE of the week: an SSRF vulnerability found in VMware’s vRealize.

New Updates to the Campaign Targeting Security Researchers

In this edition, we’ll give new updates to the Google Project Zero findings, hackers trying to add a backdoor RCE through PHP’s Git, a security researcher being sued for bug disclosure, and our CVE of the week: a bug in netmask endangering more than 200 thousand projects.

Updates on Google Project Zero

In this edition, we’ll discuss the Mirai botnet attack on IoT devices, Google Project Zero discovering 11 vulnerabilities exploited in 2020, Trail of Bits security researcher creates a tool to weaponize insecure pickled Python files, and our CVE of the week: an RCE vulnerability in F5 Big IP.

The Mirai Botnet Attacking IoT Devices

DD-WRT is a Linux-based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. This firmware is suitable for many systems with many routers using it like Netgear Nighthawk, Asus, and Linksys routers.

It provides superior firmware to some WiFi routers and improves their built-in basic firmware. Firmwares like these also provide a higher level of security than regular routers which makes them hard to exploit but not impossible. We will have a look at some of these vulnerabilities here.

CVE-2020–13976 — Remote Command Execution via Shell Metacharacters

This vulnerability was discovered on the diagnostics page of DD-WRT. A remote attacker could execute arbitrary…

In this edition, we’ll follow up on the MS Exchange Server Leak and its origins, a hacker gaining access to 150,000 Verkada security cameras, the new Regexploit tool, and three 15-year-old vulnerabilities found in the Linux Kernel.

The Microsoft Exchange Hack

There you are, sitting on your sofa, the clock shows another five seconds ‘till the next episode comes on, you press the button and another useless day goes by.

We all had this experience, especially during the last year. Covid gave us so much free time being stuck at home.

This time doesn’t have to be spent binge-watching Netflix. We can use these extra hours to grow and improve ourselves. There are many productive things we can do to achieve these goals. …

This is SSD’s weekly security recap.

In this edition, we’ll talk about the Microsoft vulnerabilities affecting governments around the world, GitHub and Docker Hub used for crypto mining attacks, User Data exposed Online from the Maza Cybercrime Forum, and our CVE of the week: GNU GRUB elevated access.

The Microsoft Exchange Hack

After the SolarWinds attack that has been troubling the US, this new threat has been putting US organizations like credit unions, town governments, and small businesses at potential risk.

Of course, this vulnerability may also be used against organizations in Asia and Europe.

It was found that vulnerabilities in Microsoft exchange servers…