Microsoft Windows Message Queuing code execution | CVE-2023-36575
NAME__________Microsoft Windows Message Queuing code executionPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32 Microsoft...
Month: October 2023
cURL libcurl security bypass | CVE-2023-38546
NAME__________cURL libcurl security bypassPlatforms Affected:cURL libcurl 8.0.1 cURL libcurl 8.1.2 cURL libcurl 8.2.1 cURL libcurl 8.3.0 cURL libcurl 8.2.0 cURL...
Microsoft Windows Media Foundation Core code execution | CVE-2023-36710
NAME__________Microsoft Windows Media Foundation Core code executionPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32...
XenSource Xen denial of service | CVE-2023-34327
NAME__________XenSource Xen denial of servicePlatforms Affected:XenSource Xen 4.5 XenSource Xen 4.6 XenSource Xen 4.7 XenSource Xen 4.8 XenSource Xen 4.9...
Microsoft SQL ODBC Driver code execution | CVE-2023-36420
NAME__________Microsoft SQL ODBC Driver code executionPlatforms Affected:Microsoft SQL Server 2019 for X64-based systems (GDR) x64 Microsoft SQL Server 2022 for...
Microsoft Windows Message Queuing code execution | CVE-2023-36583
NAME__________Microsoft Windows Message Queuing code executionPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32 Microsoft...
Microsoft Skype for Business privilege escalation | CVE-2023-41763
NAME__________Microsoft Skype for Business privilege escalationPlatforms Affected:Microsoft Skype for Business Server 2015 CU13 Microsoft Skype for Business Server 2019 CU7Risk...
Play Ransomware Victim: Metro Transit
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
A Primer on Cyber Risk Acceptance and What it Means to Your Business
At its core, cybersecurity is the practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access....
Google makes passkeys the default sign-in for personal accounts
Google announced today that passkeys are now the default sign-in option across all personal Google Accounts across its services and...
New ‘HTTP/2 Rapid Reset’ zero-day attack breaks DDoS records
A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since...
Mirai DDoS malware variant expands targets with 13 router exploits
A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based...
Air Europa data breach: Customers warned to cancel credit cards
Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to...
Microsoft Exchange gets ‘better’ patch to mitigate critical bug
The Exchange Team asked admins to deploy a new and "better" patch for a critical Microsoft Exchange Server vulnerability initially...
New critical Citrix NetScaler flaw exposes ‘sensitive’ data
Citrix NetScaler ADC and NetScaler Gateway are impacted by a critical severity flaw that allows the disclosure of sensitive information...
Microsoft to kill off VBScript in Windows to block malware delivery
Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand...
Microsoft Monthly Security Update (October 2023)
Microsoft has released monthly security update for their products: Vulnerable ProductRisk LevelImpactsNotesBrowser Low Risk Windows Extremely High RiskRemote Code Execution Denial of...
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
Sirius – First Truly Open-Source General Purpose Vulnerability Scanner
Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most...
HackerOne Bug Bounty Disclosure: b-rce-and-dos-in-cosmovisor-b-strikeout
Company Name: b'Cosmos' Company HackerOne URL: https://hackerone.com/cosmos Submitted By:b'strikeout'Link to Submitters Profile:https://hackerone.com/b'strikeout' Report Title:b'RCE and DoS in Cosmovisor'Report Link:https://hackerone.com/reports/2094056Date Submitted:10...
HackerOne Bug Bounty Disclosure: b-limited-path-traversal-in-node-js-sdk-leads-to-pii-disclosure-b-zerodivisi-n
Company Name: b'Stripe' Company HackerOne URL: https://hackerone.com/stripe Submitted By:b'zerodivisi0n'Link to Submitters Profile:https://hackerone.com/b'zerodivisi0n' Report Title:b'Limited path traversal in Node.js SDK leads...
HackerOne Bug Bounty Disclosure: b-rce-of-burp-scanner-crawler-via-clickjacking-b-mattaustin
Company Name: b'PortSwigger Web Security' Company HackerOne URL: https://hackerone.com/portswigger Submitted By:b'mattaustin'Link to Submitters Profile:https://hackerone.com/b'mattaustin' Report Title:b'RCE of Burp Scanner /...
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967
Description of Problem Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway)....
LockBit 3.0 Ransomware Victim: atlantatech[.]edu
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...