Month: November 2023

HackerOne Bug Bounty Disclosure: b-rt-torproject-org-no-rate-limitting-on-login-form-b-xspade

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'0xspade'Link to Submitters Profile:https://hackerone.com/b'0xspade' Report Title:b' No Rate Limitting on Login Form'Report...

HackerOne Bug Bounty Disclosure: b-zip-bomb-b-zerx

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'zerx'Link to Submitters Profile:https://hackerone.com/b'zerx' Report Title:b'Zip bomb'Report Link:https://hackerone.com/reports/263663Date Submitted:28 November 2023 A...

HackerOne Bug Bounty Disclosure: b-potential-ip-revealing-using-unc-path-in-windows-file-picker-b-newfunction

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'newfunction'Link to Submitters Profile:https://hackerone.com/b'newfunction' Report Title:b'Potential IP revealing using UNC Path in...

HackerOne Bug Bounty Disclosure: b-sql-injection-in-parameter-report-b-wiloos

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'wiloos'Link to Submitters Profile:https://hackerone.com/b'wiloos' Report Title:b'SQL Injection in parameter REPORT'Report Link:https://hackerone.com/reports/269347Date Submitted:28...

HackerOne Bug Bounty Disclosure: b-use-of-unitialized-value-in-crypto-pk-num-bits-src-common-crypto-c-b-geeknik

November 28, 2023

Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'geeknik'Link to Submitters Profile:https://hackerone.com/b'geeknik' Report Title:b'Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)'Report...

CISA

CISA: Juniper Releases Security Advisory for Juniper Secure Analytics

November 28, 2023

Juniper Releases Security Advisory for Juniper Secure Analytics Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure...

CISA

CISA: CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector

November 28, 2023

CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector Today, CISA released the Mitigation Guide: Healthcare and Public...

CISA

CISA: CISA Releases Five Industrial Control Systems Advisories

November 28, 2023

CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on November 21, 2023. These...

CISA

CISA: CISA Requests Comment on Draft Secure Software Development Attestation Form

November 28, 2023

CISA Requests Comment on Draft Secure Software Development Attestation Form CISA has opened a 30-day Federal Register notice to receive...

CISA

CISA: Citrix Releases Security Updates for Citrix Hypervisor

November 28, 2023

Citrix Releases Security Updates for Citrix Hypervisor Citrix has released security updates addressing vulnerabilities in Citrix Hypervisor 8.2 CU1 LTSR....

CISA

CISA: CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

November 28, 2023

CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development Today, in a landmark collaboration, the U.S. Cybersecurity...

CISA

CISA: Adobe Releases Security Updates for ColdFusion

November 28, 2023

Adobe Releases Security Updates for ColdFusion On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software....

CISA

CISA: CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

November 28, 2023

CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed Today, the Cybersecurity and Infrastructure Security...

CISA

CISA: Mozilla Releases Security Updates for Firefox and Thunderbird

November 28, 2023

Mozilla Releases Security Updates for Firefox and Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird....

CISA

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 28, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...

Brute Ratel C4 Detected – 13[.]113[.]204[.]244:80

November 28, 2023

The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...

Akira Ransomware Victim: Legacy Mail Manageme nt

November 28, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

LockBit 3.0 Ransomware Victim: stsaviationgroup[.]com

November 28, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Legal Pages Plugin for WordPress cross-site scripting | CVE-2023-47824

November 28, 2023

NAME__________Legal Pages Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP EXtra Plugin for WordPress 6.4Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Legal Pages Plugin for...

WP EXtra Plugin for WordPress cross-site request forgery | CVE-2023-47825

November 28, 2023

NAME__________WP EXtra Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WP EXtra Plugin for WordPress 6.4Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WP EXtra Plugin...

eCommerce Product Catalog Plugin for WordPress cross-site scripting | CVE-2023-47839

November 28, 2023

NAME__________eCommerce Product Catalog Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress eCommerce Product Catalog Plugin for WordPress 3.3.26Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________eCommerce Product...

m-privacy mprivacy-tools security bypass | CVE-2023-47251

November 28, 2023

NAME__________m-privacy mprivacy-tools security bypassPlatforms Affected:m-privacy GmbH mprivacy-toolsRisk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________m-privacy mprivacy-tools could allow a remote attacker to bypass security restrictions,...

Call Button Plugin for WordPress cross-site scripting | CVE-2023-47829

November 28, 2023

NAME__________Call Button Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Quick Call Button Plugin for WordPress 1.2.9Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Call Button Plugin...

Email Encoder Bundle Plugin for WordPress cross-site scripting | CVE-2023-47821

November 28, 2023

NAME__________Email Encoder Bundle Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Email Encoder Bundle Plugin for WordPress 2.1.8Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Email Encoder...

Month: November 2023

HackerOne Bug Bounty Disclosure: b-rt-torproject-org-no-rate-limitting-on-login-form-b-xspade

HackerOne Bug Bounty Disclosure: b-zip-bomb-b-zerx

HackerOne Bug Bounty Disclosure: b-potential-ip-revealing-using-unc-path-in-windows-file-picker-b-newfunction

HackerOne Bug Bounty Disclosure: b-sql-injection-in-parameter-report-b-wiloos

HackerOne Bug Bounty Disclosure: b-use-of-unitialized-value-in-crypto-pk-num-bits-src-common-crypto-c-b-geeknik

CISA: Juniper Releases Security Advisory for Juniper Secure Analytics

CISA: CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector

CISA: CISA Releases Five Industrial Control Systems Advisories

CISA: CISA Requests Comment on Draft Secure Software Development Attestation Form

CISA: Citrix Releases Security Updates for Citrix Hypervisor

CISA: CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

CISA: Adobe Releases Security Updates for ColdFusion

CISA: CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

CISA: Mozilla Releases Security Updates for Firefox and Thunderbird

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

Brute Ratel C4 Detected – 13[.]113[.]204[.]244:80

Akira Ransomware Victim: Legacy Mail Manageme nt

LockBit 3.0 Ransomware Victim: stsaviationgroup[.]com

Legal Pages Plugin for WordPress cross-site scripting | CVE-2023-47824

WP EXtra Plugin for WordPress cross-site request forgery | CVE-2023-47825

eCommerce Product Catalog Plugin for WordPress cross-site scripting | CVE-2023-47839

m-privacy mprivacy-tools security bypass | CVE-2023-47251

Call Button Plugin for WordPress cross-site scripting | CVE-2023-47829

Email Encoder Bundle Plugin for WordPress cross-site scripting | CVE-2023-47821

[KILLSEC] – Ransomware Victim: Followup CRM

[HUNTERS] – Ransomware Victim: Mantinga

Fortifying Your Digital Fortress: The Role of Firewall Technology in Cybersecurity

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

You may have missed