CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on August 31, 2023. These...
Month: September 2023
CISA: VMware Releases Security Update for Tools
VMware Releases Security Update for Tools VMware has released a security update to address a vulnerability in VMware Tools. A...
CISA: CISA Adds One Known Vulnerability to Catalog
CISA Adds One Known Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells The Cybersecurity and Infrastructure Security Agency (CISA) has...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on September 7, 2023. These...
CISA: CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack CISA has released actionable guidance for Federal Civilian...
CISA: CISA Adds Two Known Vulnerabilities to Catalog
CISA Adds Two Known Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on...
CISA: CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 Today, CISA, Federal Bureau of...
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security advisories to address vulnerabilities affecting multiple Cisco products. A...
US-CERT Vulnerability Summary for the Week of September 4, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocanonical_ltd. -- snapd_for_linuxUsing the TIOCLINUX ioctl request, a malicious snap could inject...
Moniorg – Tool That Leverages Crt.Sh Website To Monitor Domains Of A Target
By looking through CT logs an attacker can gather a lot of information about organization's infrastructure i.e. internal domains,email addresses...
HackerOne Bug Bounty Disclosure: b-the-domain-is-truck-admin-eu-east-indriverapp-com-and-enter-the-management-system-of-the-blasting-mobile-phone-verification-code-b-trustworthy
Company Name: b'inDrive' Company HackerOne URL: https://hackerone.com/indrive Submitted By:b'trustworthy'Link to Submitters Profile:https://hackerone.com/b'trustworthy' Report Title:b'the domain is truck-admin.eu-east-1.indriverapp.com and Enter the...
HackerOne Bug Bounty Disclosure: b-xss-reflected-pq-tva-com-b-tvmbug
Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'tvmbug'Link to Submitters Profile:https://hackerone.com/b'tvmbug' Report Title:b'xss reflected - pq.tva.com'Report Link:https://hackerone.com/reports/1362995Date...
HackerOne Bug Bounty Disclosure: b-response-manipulation-to-enable-account-recovery-key-with-out-current-password-b-saiteja
Company Name: b'Mozilla Critical Services' Company HackerOne URL: https://hackerone.com/mozilla_critical_services Submitted By:b'saiteja1231323'Link to Submitters Profile:https://hackerone.com/b'saiteja1231323' Report Title:b'Response Manipulation to enable Account...
HackerOne Bug Bounty Disclosure: b-no-rate-limit-on-forgot-password-page-b-sailesh-nik
Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'sailesh01nik'Link to Submitters Profile:https://hackerone.com/b'sailesh01nik' Report Title:b'No Rate Limit On Forgot...
HackerOne Bug Bounty Disclosure: b-mozilla-mastodon-staging-instance-admin-api-key-disclosure-through-slack-b-griffinf
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'griffinf'Link to Submitters Profile:https://hackerone.com/b'griffinf' Report Title:b'Mozilla Mastodon Staging Instance Admin...
CISA: CISA Adds Two Known Vulnerabilities to Catalog
CISA Adds Two Known Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on...
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot,...
Charming Kitten’s New Backdoor ‘Sponsor’ Targets Brazil, Israel, and U.A.E.
The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities...
How to Prevent API Breaches: A Guide to Robust Security
With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly...
Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2...
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and...
Google Chrome Rolls Out Support for ‘Privacy Sandbox’ to Bid Farewell to Tracking Cookies
Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users,...
Medusa Locker Ransomware Victim: Wave Hill
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
