Month: July 2023

CISA

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

July 22, 2023

CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...

CISA

CISA: CISA Releases One Industrial Control Systems Advisory

July 22, 2023

CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on July 20, 2023. This...

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

July 22, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...

News

US-CERT Vulnerability Summary for the Week of July 10, 2023

July 21, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...

HackerOne Bug Bounty Disclosure: b-password-reset-endpoint-is-not-brute-force-protected-b-rullzer

July 21, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'rullzer'Link to Submitters Profile:https://hackerone.com/b'rullzer' Report Title:b'Password reset endpoint is not brute force...

CISA

CISA: Atlassian Releases Security Updates

July 21, 2023

Atlassian Releases Security Updates Atlassian has released its Security Bulletin for July 2023(link is external) to address vulnerabilities in Confluence Data...

Posh C2 Detected – 103[.]230[.]142[.]243:443

July 21, 2023

The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...

Akira Ransomware Victim: Bright Future Electr ic, LLC

July 21, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

Akira Ransomware Victim: Yamaha Canada Music Ltd

July 21, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

myCred plugin for WordPress cross-site request forgery | CVE-2023-35096

July 21, 2023

NAME__________myCred plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress myCred plugin for WordPress 2.5Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________myCred plugin for WordPress is...

Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgery | CVE-2023-35089

July 21, 2023

NAME__________Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Recipe Maker For Your...

InfoDoc Document On-line Submission and Approval System server-side request forgery | CVE-2023-37290

July 21, 2023

NAME__________InfoDoc Document On-line Submission and Approval System server-side request forgeryPlatforms Affected:InfoDoc Document On-line Submission and Approval System 22547 InfoDoc Document...

WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgery | CVE-2023-36514

July 21, 2023

NAME__________WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Shipping Multiple Addresses 3.8.5Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce...

Open Enclave security bypass | CVE-2023-37479

July 21, 2023

NAME__________Open Enclave security bypassPlatforms Affected:Open Enclave Open Enclave SDK 0.19.2Risk Level:5.9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Open Enclave could allow a remote attacker to...

AutomateWoo plugin for WordPress cross-site request forgery | CVE-2023-36513

July 21, 2023

NAME__________AutomateWoo plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress AutomateWoo Plugin for WordPress 5.7.5Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AutomateWoo plugin for WordPress is...

xHTTP denial of service | CVE-2023-38434

July 21, 2023

NAME__________xHTTP denial of servicePlatforms Affected:xHTTP xHTTPRisk Level:7.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________xHTTP is vulnerable to a denial of service, caused...

MeterSphere directory traversal | CVE-2023-37461

July 21, 2023

NAME__________MeterSphere directory traversalPlatforms Affected:MeterSphere MeterSphere 2.10.2 LTSRisk Level:3.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________MeterSphere could allow a remote authenticated attacker to traverse directories on...

KOMET privilege escalation | CVE-2023-3786

July 21, 2023

NAME__________KOMET privilege escalationPlatforms Affected:AURES Technologies KOMETRisk Level:4.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________KOMET could allow a physical attacker to gain elevated privileges on the...

WooCommerce Brands plugin for WordPress cross-site request forgery | CVE-2023-35880

July 21, 2023

NAME__________WooCommerce Brands plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Brands plugin for WordPress 1.6.49Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce Brands plugin...

Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK unspecified | CVE-2023-22051

July 21, 2023

NAME__________Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM Enterprise Edition 21.3.6 Oracle GraalVM Enterprise Edition 22.3.2...

Ultimate Member plugin for WordPress cross-site request forgery | CVE-2023-31216

July 21, 2023

NAME__________Ultimate Member plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Membership Plugin for WordPress 3.2.2Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Ultimate Member plugin for...

WooCommerce Order Barcodes plugin for WordPress cross-site request forgery | CVE-2023-36511

July 21, 2023

NAME__________WooCommerce Order Barcodes plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Order Barcodes Plugin for WordPress 1.6.4Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce...

Oracle MySQL Server unspecified | CVE-2023-22005

July 21, 2023

NAME__________Oracle MySQL Server unspecifiedPlatforms Affected:Oracle MySQL Server 8.0.33Risk Level:4.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________An unspecified vulnerability in Oracle MySQL Server related to...

Jaeger UI cross-site scripting | CVE-2023-36656

July 21, 2023

NAME__________Jaeger UI cross-site scriptingPlatforms Affected:Jaegertracing Jaeger UI 1.31.0Risk Level:5.7Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Jaeger UI is vulnerable to cross-site scripting, caused by improper...

Month: July 2023

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA: CISA Releases One Industrial Control Systems Advisory

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

US-CERT Vulnerability Summary for the Week of July 10, 2023

HackerOne Bug Bounty Disclosure: b-password-reset-endpoint-is-not-brute-force-protected-b-rullzer

CISA: Atlassian Releases Security Updates

Posh C2 Detected – 103[.]230[.]142[.]243:443

Akira Ransomware Victim: Bright Future Electr ic, LLC

Akira Ransomware Victim: Yamaha Canada Music Ltd

myCred plugin for WordPress cross-site request forgery | CVE-2023-35096

Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgery | CVE-2023-35089

InfoDoc Document On-line Submission and Approval System server-side request forgery | CVE-2023-37290

WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgery | CVE-2023-36514

Open Enclave security bypass | CVE-2023-37479

AutomateWoo plugin for WordPress cross-site request forgery | CVE-2023-36513

xHTTP denial of service | CVE-2023-38434

MeterSphere directory traversal | CVE-2023-37461

KOMET privilege escalation | CVE-2023-3786

WooCommerce Brands plugin for WordPress cross-site request forgery | CVE-2023-35880

Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK unspecified | CVE-2023-22051

Ultimate Member plugin for WordPress cross-site request forgery | CVE-2023-31216

WooCommerce Order Barcodes plugin for WordPress cross-site request forgery | CVE-2023-36511

Oracle MySQL Server unspecified | CVE-2023-22005

Jaeger UI cross-site scripting | CVE-2023-36656

Advanced Email Attacks Target Manufacturing Sector: Rise of Phishing and BEC

Ransomware Groups Driving 40% of Cyber-Attacks in 2024: Key Insights

MITRE Reveals Top 25 Most Critical Software Flaws of 2024

Microsoft Disrupts Phishing Operations by Seizing 240 Fraudulent Websites

Black Friday Spam Emails: 77% Identified as Scams in 2024

You may have missed