Daily Threat Intelligence – April 11 – 2023
Crypto exchanges are being targeted left, right, and center. A South Korean cryptocurrency exchange experienced a major attack that culminated...
Month: April 2023
HackerOne Bug Bounty Disclosure: idor-in-talentmap-api-can-be-abused-to-enumerate-personal-information-of-all-the-usersbynepalihacker0x01
Programme HackerOne U.S. Department of State U.S. Department of State Submitted by nepalihacker0x01 nepalihacker0x01 Report IDOR in TalentMAP API can...
HackerOne Bug Bounty Disclosure: sensitive-information-for-phpinfo-php-at-https://products-ean-com/byexploitmsf
Programme HackerOne Expedia Group Bug Bounty Expedia Group Bug Bounty Submitted by exploitmsf exploitmsf Report Sensitive information for phpinfo.php at...
HackerOne Bug Bounty Disclosure: testing-flow-includes-a-deepsource-secretbytriplesided
Programme HackerOne Weblate Weblate Submitted by triplesided triplesided Report Testing flow includes a DeepSource secret Full Report A considerable...
HackerOne Bug Bounty Disclosure: can-delete-other-user’s-post-and-company-page-postbyanandpingsafe
Programme HackerOne LinkedIn LinkedIn Submitted by anandpingsafe anandpingsafe Report Can delete other user's post and company page post Full Report...
Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security
Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as...
Newly Discovered “By-Design” Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers
A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally...
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages...
[eBook] A Step-by-Step Guide to Cyber Risk Assessment
In today's perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing,...
LockBit 3.0 Ransomware Victim: gregoire[.]fr
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: mundocuervo[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: fiamma[.]com[.]my
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: agp[.]ph
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: disltd[.]ca
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: artri[.]net
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: euromotors[.]com[.]pe
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: arcc[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
BugCrowd Bug Bounty Disclosure: – Linux client – command injection – local privilege escalation – By mmmdspl
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
Veritas Appliance HTTP header injection | CVE-2023-26788
NAME__________Veritas Appliance HTTP header injectionPlatforms Affected:Veritas Appliance 4.1.0.1Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Veritas Appliance is vulnerable to HTTP header injection, caused by...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scripting | CVE-2023-20148
NAME__________Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scriptingPlatforms Affected:Cisco Small Business RV042 Dual WAN VPN...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scripting | CVE-2023-20146
NAME__________Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scriptingPlatforms Affected:Cisco Small Business RV042 Dual WAN VPN...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scripting | CVE-2023-20151
NAME__________Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scriptingPlatforms Affected:Cisco Small Business RV042 Dual WAN VPN...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scripting | CVE-2023-20140
NAME__________Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scriptingPlatforms Affected:Cisco Small Business RV042 Dual WAN VPN...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scripting | CVE-2023-20138
NAME__________Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers cross-site scriptingPlatforms Affected:Cisco Small Business RV042 Dual WAN VPN...
