Month: September 2023

All Users Messenger Plugin for WordPress security bypass | CVE-2023-4023

September 4, 2023

NAME__________All Users Messenger Plugin for WordPress security bypassPlatforms Affected:WordPress All Users Messenger Plugin for WordPress 1.24Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________All Users...

Cloudflare WARP Mobile Client spoofing | CVE-2023-0654

September 4, 2023

NAME__________Cloudflare WARP Mobile Client spoofingPlatforms Affected:Cloudflare WARP mobile client (Android) 6.28Risk Level:3.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Cloudflare WARP Mobile Client could allow a...

PostX – Gutenberg Post Grid Blocks Plugin for WordPress cross-site scripting | CVE-2023-3992

September 4, 2023

NAME__________PostX - Gutenberg Post Grid Blocks Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress PostX - Gutenberg Post Grid Blocks Plugin for...

Acronis Cyber Protect Home Office privilege escalation | CVE-2022-46869

September 4, 2023

NAME__________Acronis Cyber Protect Home Office privilege escalationPlatforms Affected:Acronis Cyber Protect Home Office (Windows)Risk Level:7.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Acronis Cyber Protect Home Office...

Acronis Cyber Protect Home Office privilege escalation | CVE-2022-46868

September 4, 2023

NAME__________Acronis Cyber Protect Home Office privilege escalationPlatforms Affected:Acronis Cyber Protect Home Office (Windows)Risk Level:7.5Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Acronis Cyber Protect Home Office...

Waiting: One-click countdowns Plugin for cross-site request forgery, | CVE-2023-4000

September 4, 2023

NAME__________Waiting: One-click countdowns Plugin for cross-site request forgery,Platforms Affected:WordPress One-click countdowns Plugin for WordPress 0.6.2Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Waiting: One-click countdowns...

GDPR Cookie Compliance Plugin for WordPress cross-site request forgery | CVE-2023-4013

September 4, 2023

NAME__________GDPR Cookie Compliance Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress GDPR Cookie Compliance Plugin for WordPress 4.12.4Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GDPR...

One-click countdowns Plugin for WordPress security bypass | CVE-2023-3999

September 4, 2023

NAME__________One-click countdowns Plugin for WordPress security bypassPlatforms Affected:WordPress One-click countdowns Plugin for WordPress 0.6.2Risk Level:6.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________One-click countdowns Plugin for...

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

September 4, 2023

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into...

8 Base Ransomware Victim: VVandA

September 4, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

8 Base Ransomware Victim: Prodegest Assessors

September 4, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

Children’s snack recalled after its website caught serving porn

September 4, 2023

Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK. Except, the reason for the...

University of Sydney data breach impacts recent applicants

September 4, 2023

The University of Sydney (USYD) announced that a breach at a third-party service provider exposed personal information of recently applied...

PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability

September 4, 2023

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations...

CISA

CISA: CISA and FBI Publish Joint Advisory on QakBot Infrastructure

September 4, 2023

CISA and FBI Publish Joint Advisory on QakBot Infrastructure Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau...

CISA

CISA: CISA Releases IOCs Associated with Malicious Barracuda Activity

September 4, 2023

CISA Releases IOCs Associated with Malicious Barracuda Activity CISA has released additional indicators of compromise (IOCs) associated with exploitation of...

CISA

CISA: CISA Releases One Industrial Control Systems Advisory

September 4, 2023

CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on August 29, 2023. This...

CISA

CISA: Mozilla Releases Security Updates for Multiple Products

September 4, 2023

Mozilla Releases Security Updates for Multiple Products Mozilla has released security updates to address vulnerabilities for Firefox 117, Firefox ESR...

CISA

CISA: VMware Releases Security Updates for Aria Operations for Networks

September 4, 2023

VMware Releases Security Updates for Aria Operations for Networks VMware has released security updates to address multiple vulnerabilities in Aria...

CISA

CISA: VMware Releases Security Update for Tools

September 4, 2023

VMware Releases Security Update for Tools VMware has released a security update to address a vulnerability in VMware Tools. A...

CISA

CISA: CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

September 4, 2023

CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware Today, the United Kingdom’s National Cyber Security...

CISA

CISA: Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved

September 4, 2023

Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved Juniper Networks has released a security advisory to...

CISA

CISA: CISA Warns of Hurricane-Related Scams

September 4, 2023

CISA Warns of Hurricane-Related Scams CISA urges users to remain on alert for malicious cyber activity following natural disasters, such...

CISA

CISA: CISA Releases Four Industrial Control Systems Advisories

September 4, 2023

CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on August 31, 2023. These...

Month: September 2023

All Users Messenger Plugin for WordPress security bypass | CVE-2023-4023

Cloudflare WARP Mobile Client spoofing | CVE-2023-0654

PostX – Gutenberg Post Grid Blocks Plugin for WordPress cross-site scripting | CVE-2023-3992

Acronis Cyber Protect Home Office privilege escalation | CVE-2022-46869

Acronis Cyber Protect Home Office privilege escalation | CVE-2022-46868

Waiting: One-click countdowns Plugin for cross-site request forgery, | CVE-2023-4000

GDPR Cookie Compliance Plugin for WordPress cross-site request forgery | CVE-2023-4013

One-click countdowns Plugin for WordPress security bypass | CVE-2023-3999

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

8 Base Ransomware Victim: VVandA

8 Base Ransomware Victim: Prodegest Assessors

Children’s snack recalled after its website caught serving porn

University of Sydney data breach impacts recent applicants

PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability

CISA: CISA and FBI Publish Joint Advisory on QakBot Infrastructure

CISA: CISA Releases IOCs Associated with Malicious Barracuda Activity

CISA: CISA Releases One Industrial Control Systems Advisory

CISA: Mozilla Releases Security Updates for Multiple Products

CISA: VMware Releases Security Updates for Aria Operations for Networks

CISA: VMware Releases Security Update for Tools

CISA: CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

CISA: Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved

CISA: CISA Warns of Hurricane-Related Scams

CISA: CISA Releases Four Industrial Control Systems Advisories

[BLACKSUIT] – Ransomware Victim: hetrhedens[.]nl

[STORMOUS] – Ransomware Victim: uatf[.]edu[.]bo

[KILLSEC] – Ransomware Victim: Buddy Loan

CVE Alert: CVE-2024-9887

CVE Alert: CVE-2024-52398

You may have missed