Suspected Scareware Fraudster Arrested After Decade on the Run
A suspected scammer who used scareware to trick hundreds of thousands of global victims into handing over money has been...
Month: July 2023
WooCommerce Bug Exploited in Targeted WordPress Attacks
Security researchers have recorded over one million attempts to compromise a popular WordPress plugin over the past few days.Wordfence said...
IT Security Pro Jailed for Attempted Extortion
A former IT security analyst has been jailed for three years and seven months after attempting to extort his employer,...
CISA Unveils Guide to Aid Firms Transition to Cloud Security
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive factsheet on July 17, 2023, to assist businesses...
drIBAN Fraud Operations Target Corporate Banking Customers
Threat actors have extensively been using a sophisticated web-inject kit called drIBAN to orchestrate fraudulent attacks on corporate banking institutions...
JumpCloud Confirms Data Breach By Nation-State Actor
Identity and access management solutions provider JumpCloud has revealed on July 12, 2023, that it was the target of a security...
New Vulnerabilities Found in Adobe ColdFusion
Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform.On July...
Roblox Developer Conference – 3,943 breached accounts
HIBP In July 2023, a list of alleged attendees from the 2017-2020 Roblox Developers Conferences was circulated on a forum....
CISA: NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing Today, the National Security Agency (NSA) and CISA published...
CISA: CISA Releases Nine Industrial Control Systems Advisories
CISA Releases Nine Industrial Control Systems Advisories CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These...
CISA: CISA Develops Factsheet for Free Tools for Cloud Environments
CISA Develops Factsheet for Free Tools for Cloud Environments CISA has developed and published a factsheet, Free Tools for Cloud...
CISA: Cisco Releases Security Update for SD-WAN vManage API
Cisco Releases Security Update for SD-WAN vManage API Cisco has released a security update to address a critical vulnerability affecting...
CISA: CISA Adds Two Known Vulnerabilities to Catalog
CISA Adds Two Known Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: Oracle Releases Security Updates
Oracle Releases Security Updates Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July...
CISA: CISA Releases Seven Industrial Control Systems Advisories
CISA Releases Seven Industrial Control Systems Advisories CISA released seven Industrial Control Systems (ICS) advisories on July 18, 2023. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Adobe Releases Security Updates for ColdFusion
Adobe Releases Security Updates for ColdFusion Adobe has released security updates to address a critical vulnerability (CVE-2023-38203) affecting ColdFusion(link is...
CISA: Citrix Releases Security Updates for NetScaler ADC and Gateway
Citrix Releases Security Updates for NetScaler ADC and Gateway Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and...
US-CERT Vulnerability Summary for the Week of July 10, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...
CISA: Citrix Releases Security Updates for NetScaler ADC and Gateway
Citrix Releases Security Updates for NetScaler ADC and Gateway Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and...
HackerOne Bug Bounty Disclosure: xss-in-html-generated-by-rdoc-ooooooo-q
Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:XSS in HTML generated by RDocReport Link:https://hackerone.com/reports/1187156Date...
HackerOne Bug Bounty Disclosure: rdoc-methodattr-is-vulnerable-to-regular-expression-denial-of-service-redos-sighook
Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:RDoc::MethodAttr is vulnerable to Regular Expression Denial...
HackerOne Bug Bounty Disclosure: arbitrary-file-injection-via-symlink-attack-in-rdoc-generator-sighook
Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:Arbitrary file injection via symlink attack in...
HackerOne Bug Bounty Disclosure: stored-xss-in-rdoc-hyperlinks-through-javascript-scheme-sighook
Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:sighookLink to Submitters Profile:https://hackerone.com/sighook Report Title:Stored XSS in RDoc hyperlinks through javascript...
