Month: July 2023

CISA

CISA: Adobe Releases Security Updates for ColdFusion and InDesign

July 16, 2023

Adobe Releases Security Updates for ColdFusion and InDesign Adobe has released security updates to address vulnerabilities affecting ColdFusion(link is external) and...

CISA

CISA: Mozilla Releases Security Update for Firefox and Firefox ESR

July 16, 2023

Mozilla Releases Security Update for Firefox and Firefox ESR Mozilla has released a security update to address a vulnerability in...

CISA

CISA: CISA Releases Four Industrial Control Systems Advisories

July 16, 2023

CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on July 11, 2023. These...

CISA

CISA: Microsoft Releases July 2023 Security Updates

July 16, 2023

Microsoft Releases July 2023 Security Updates Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can...

CISA

CISA: CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

July 16, 2023

CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online The Cybersecurity and Infrastructure...

CISA

CISA: CISA Adds Two Known Vulnerabilities to Catalog

July 16, 2023

CISA Adds Two Known Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...

CISA

CISA: CISA Releases Nine Industrial Control Systems Advisories

July 16, 2023

CISA Releases Nine Industrial Control Systems Advisories CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These...

CISA

CISA: Juniper Releases Multiple Security Updates for Juno OS

July 16, 2023

Juniper Releases Multiple Security Updates for Juno OS Juniper has released updates to address multiple vulnerabilities in Juno OS(link is...

CISA

CISA: Cisco Releases Security Update for SD-WAN vManage API

July 16, 2023

Cisco Releases Security Update for SD-WAN vManage API Cisco has released a security update to address a critical vulnerability affecting...

News

US-CERT Vulnerability Summary for the Week of July 3, 2023

July 15, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infosem-cms -- semcmsFile Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers...

Akira Ransomware Victim: 4LEAF, Inc

July 15, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

LockBit 3.0 Ransomware Victim: eyedoc[.]com[.]na

July 15, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

SAP S/4HANA security bypass | CVE-2023-35870

July 15, 2023

NAME__________SAP S/4HANA security bypassPlatforms Affected:SAP S/4HANA 104 SAP S/4HANA 105 SAP S/4HANA 106 SAP S/4HANA 107Risk Level:6.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________SAP S/4HANA...

WP Mail Log plugin for WordPress cross-site scripting | CVE-2023-3088

July 15, 2023

NAME__________WP Mail Log plugin for WordPress cross-site scriptingPlatforms Affected:WPVibes WP Mail Log plugin for WordPress 1.1.1Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP Mail...

Google Android privilege escalation | CVE-2023-21256

July 15, 2023

NAME__________Google Android privilege escalationPlatforms Affected:Google AndroidRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Google Android could allow a local attacker to gain elevated privileges on...

Google Android privilege escalation | CVE-2023-21400

July 15, 2023

NAME__________Google Android privilege escalationPlatforms Affected:Google AndroidRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Google Android could allow a local authenticated attacker to gain elevated privileges...

Google Android denial of service | CVE-2023-21240

July 15, 2023

NAME__________Google Android denial of servicePlatforms Affected:Google AndroidRisk Level:6.2Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Google Android is vulnerable to a denial of service, caused...

Wireshark denial of service | CVE-2023-3649

July 15, 2023

NAME__________Wireshark denial of servicePlatforms Affected:Wireshark Wireshark 4.0.6 Wireshark Wireshark 3.6.14Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Wireshark is vulnerable to a denial of...

Wireshark denial of service | CVE-2023-3648

July 15, 2023

Google Android information disclosure | CVE-2023-21261

July 15, 2023

NAME__________Google Android information disclosurePlatforms Affected:Google AndroidRisk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Google Android could allow a remote attacker to obtain sensitive information, caused...

YaySMTP plugin for WordPress cross-site scripting | CVE-2023-3093

July 15, 2023

NAME__________YaySMTP plugin for WordPress cross-site scriptingPlatforms Affected:YayCommerce YaySMTP plugin for WordPress 2.4.5Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________YaySMTP plugin for WordPress is vulnerable...

WP Mail Catcher plugin for WordPress cross-site scripting | CVE-2023-3080

July 15, 2023

NAME__________WP Mail Catcher plugin for WordPress cross-site scriptingPlatforms Affected:James Ward WP Mail Catcher plugin for WordPress 2.1.2Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP...

GZ Scripts Vacation Rental Website cross-site scripting | CVE-2023-3642

July 15, 2023

NAME__________GZ Scripts Vacation Rental Website cross-site scriptingPlatforms Affected:GZ Scripts Vacation Rental Website 1.8Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________GZ Scripts Vacation Rental Website...

Sourcecodester Service Provider Management System SQL injection | CVE-2023-3644

July 15, 2023

NAME__________Sourcecodester Service Provider Management System SQL injectionPlatforms Affected:Sourcecodester Service Provider Management System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Sourcecodester Service Provider Management System...

Month: July 2023

CISA: Adobe Releases Security Updates for ColdFusion and InDesign

CISA: Mozilla Releases Security Update for Firefox and Firefox ESR

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Microsoft Releases July 2023 Security Updates

CISA: CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

CISA: CISA Adds Two Known Vulnerabilities to Catalog

CISA: CISA Releases Nine Industrial Control Systems Advisories

CISA: Juniper Releases Multiple Security Updates for Juno OS

CISA: Cisco Releases Security Update for SD-WAN vManage API

US-CERT Vulnerability Summary for the Week of July 3, 2023

Akira Ransomware Victim: 4LEAF, Inc

LockBit 3.0 Ransomware Victim: eyedoc[.]com[.]na

SAP S/4HANA security bypass | CVE-2023-35870

WP Mail Log plugin for WordPress cross-site scripting | CVE-2023-3088

Google Android privilege escalation | CVE-2023-21256

Google Android privilege escalation | CVE-2023-21400

Google Android denial of service | CVE-2023-21240

Wireshark denial of service | CVE-2023-3649

Wireshark denial of service | CVE-2023-3648

Google Android information disclosure | CVE-2023-21261

YaySMTP plugin for WordPress cross-site scripting | CVE-2023-3093

WP Mail Catcher plugin for WordPress cross-site scripting | CVE-2023-3080

GZ Scripts Vacation Rental Website cross-site scripting | CVE-2023-3642

Sourcecodester Service Provider Management System SQL injection | CVE-2023-3644

[INCRANSOM] – Ransomware Victim: Darlington EMS

[INCRANSOM] – Ransomware Victim: Schuck-Gruppe

[APT73] – Ransomware Victim: gureco[.]pl

[APT73] – Ransomware Victim: lgpunjab[.]gov[.]in

[INCRANSOM] – Ransomware Victim: IPE Engwicht

You may have missed