Exploit released for Juniper firewall bugs allowing RCE attacks
Proof-of-concept exploit code has been publicly released for vulnerabilities in Juniper SRX firewalls that, when chained, can allow unauthenticated attackers...
Month: August 2023
Spain warns of LockBit Locker ransomware phishing attacks
The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country...
Microsoft will enable Exchange Extended Protection by default this fall
Microsoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019 starting this...
Juniper Junos OS Multiple Vulnerabilities
Multiple vulnerabilities were identified in Juniper Junos OS. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
US-CERT Vulnerability Summary for the Week of August 21, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoqemu -- qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model...
Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application...
HackerOne Bug Bounty Disclosure: b-unsanitized-input-goes-to-regex-function-leads-to-redos-that-make-request-hangs-b-shin
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'shin24'Link to Submitters Profile:https://hackerone.com/b'shin24' Report Title:b'unsanitized input goes to regex...
HackerOne Bug Bounty Disclosure: b-staff-and-triage-can-modify-the-initial-post-of-a-report-including-of-already-disclosed-reports-b-zerotea
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'zerotea'Link to Submitters Profile:https://hackerone.com/b'zerotea' Report Title:b'Staff and Triage can modify the initial...
HackerOne Bug Bounty Disclosure: b-http-request-smuggling-via-empty-headers-separated-by-cr-b-yadhukrishnam
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'yadhukrishnam'Link to Submitters Profile:https://hackerone.com/b'yadhukrishnam' Report Title:b'HTTP Request Smuggling via Empty...
HackerOne Bug Bounty Disclosure: b-stored-xss-on-promo-indrive-com-b-kristoferent
Company Name: b'inDrive' Company HackerOne URL: https://hackerone.com/indrive Submitted By:b'kristoferent'Link to Submitters Profile:https://hackerone.com/b'kristoferent' Report Title:b'Stored XSS on promo.indrive.com'Report Link:https://hackerone.com/reports/2051085Date Submitted:28 August...
Cyberattacks Targeting E-commerce Applications
Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and...
Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages...
KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities
An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out...
Akira Ransomware Victim: Voss Enterprises, Di vvies
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Intertek
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Penny Publications
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
IBM Security Guardium cross-site scripting | CVE-2022-43909
NAME__________IBM Security Guardium cross-site scriptingPlatforms Affected:IBM Security Guardium 11.4Risk Level:4.6Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________IBM Security Guardium 11.4 is vulnerable to cross-site scripting....
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects denial of service | CVE-2023-20200
NAME__________Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects denial of servicePlatforms Affected:Cisco UCS 6300...
IBM Security Guardium information disclosure | CVE-2022-43904
NAME__________IBM Security Guardium information disclosurePlatforms Affected:IBM Security Guardium 11.3 IBM Security Guardium 11.4Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Security Guardium 11.3 and...
Apache Airflow, Airflow SMTP Provider and Airflow IMAP Provider man-in-the-middle | CVE-2023-39441
NAME__________Apache Airflow, Airflow SMTP Provider and Airflow IMAP Provider man-in-the-middlePlatforms Affected:Apache Airflow 2.6.3 Apache Airflow SMTP Provider 1.2.0 Apache Airflow...
IBM Security Guardium command execution | CVE-2022-43907
NAME__________IBM Security Guardium command executionPlatforms Affected:IBM Security Guardium 11.4Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IBM Security Guardium 11.4 could allow a remote authenticated...
Supermicro X11, X12, X13, and H11, H12, H13 motherboards privilege escalation | CVE-2023-34853
NAME__________Supermicro X11, X12, X13, and H11, H12, H13 motherboards privilege escalationPlatforms Affected:Supermicro X11 Supermicro H11 Supermicro H12 Supermicro X12 Supermicro...
Maxon Cinema 4D code execution | CVE-2023-40491
NAME__________Maxon Cinema 4D code executionPlatforms Affected:Maxon Cinema 4DRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Maxon Cinema 4D could allow a remote attacker to execute...
LG Simple Editor information disclosure | CVE-2023-40507
NAME__________LG Simple Editor information disclosurePlatforms Affected:LG Simple EditorRisk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________LG Simple Editor could allow a remote attacker to obtain...