CISA: CISA Releases Five Industrial Control Systems Advisories
CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on August 3, 2023. These...
Month: August 2023
CISA: Microsoft Releases August 2023 Security Updates
Microsoft Releases August 2023 Security Updates Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can...
CISA: CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022
CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 The U.S. Cybersecurity and...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...
CISA: Fortinet Releases Security Update for FortiOS
Fortinet Releases Security Update for FortiOS Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A...
CISA: Adobe Releases Security Updates for Multiple Products
Adobe Releases Security Updates for Multiple Products Adobe has released security updates to address multiple vulnerabilities in Adobe software. An...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on August 8, 2023. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Releases Twelve Industrial Control Systems Advisories
CISA Releases Twelve Industrial Control Systems Advisories CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
HackerOne Bug Bounty Disclosure: b-improper-restriction-of-excessive-authentication-attempts-on-webdav-endpoint-b-unknownsh
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'unknownsh'Link to Submitters Profile:https://hackerone.com/b'unknownsh' Report Title:b'Improper restriction of excessive authentication attempts on...
HackerOne Bug Bounty Disclosure: b-new-apppassword-can-be-generated-without-password-confirmation-b-mikaelgundersen
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'mikaelgundersen'Link to Submitters Profile:https://hackerone.com/b'mikaelgundersen' Report Title:b'New AppPassword can be generated without password...
HackerOne Bug Bounty Disclosure: b-missing-brute-force-protection-on-oauth-api-controller-b-mikaelgundersen
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'mikaelgundersen'Link to Submitters Profile:https://hackerone.com/b'mikaelgundersen' Report Title:b'Missing brute force protection on OAuth2 API...
HackerOne Bug Bounty Disclosure: b-any-non-admin-user-from-an-instance-can-destroy-any-user-and-or-global-external-filesystem-b-cult
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'cult'Link to Submitters Profile:https://hackerone.com/b'cult' Report Title:b'Any (non-admin) user from an instance can...
HackerOne Bug Bounty Disclosure: b-notes-attachments-render-html-in-preview-mode-b-tareq
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'tareq4'Link to Submitters Profile:https://hackerone.com/b'tareq4' Report Title:b'Notes attachments render HTML in preview mode'Report...
CISA: CISA Releases Twelve Industrial Control Systems Advisories
CISA Releases Twelve Industrial Control Systems Advisories CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These...
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk
A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal...
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Malicious actors are using a legitimate Rust-based injector called Freezers to deploy a commodity malware called XWorm in victim environments....
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking...
Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that...
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue...
Akira Ransomware Victim: TIMECO
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: independenceia[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: el-cerrito[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
