Deepsecrets – Secrets Scanner That Understands Code
Yet another tool - why? Existing tools don't really "understand" code. Instead, they mostly parse texts. DeepSecrets expands classic regex-search...
Month: November 2023
HackerOne Bug Bounty Disclosure: b-idor-vulnerability-on-profile-picture-changing-mechanism-which-discloses-other-user-s-profile-picture-b-triple-h
Company Name: b'Glassdoor' Company HackerOne URL: https://hackerone.com/glassdoor Submitted By:b'triple_h'Link to Submitters Profile:https://hackerone.com/b'triple_h' Report Title:b"IDOR vulnerability on profile picture changing mechanism...
HackerOne Bug Bounty Disclosure: b-organization-members-can-delete-reports-in-teams-they-have-no-access-to-b-verw-tch
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'0verw4tch'Link to Submitters Profile:https://hackerone.com/b'0verw4tch' Report Title:b'Organization members can delete reports in teams...
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15,...
Medusa Locker Ransomware Victim: Community Hospital
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
AI Solutions Are the New Shadow IT
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is...
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers...
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain...
LockBit 3.0 Ransomware Victim: qautomotive[.]com[.]au
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: floydskerenlaw[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: martinique[.]no
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: phihydraulics[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: therobisongroup[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: bnpmedia[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: merz-elektro[.]de
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: art-eco[.]it
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Archery information disclosure | CVE-2023-48053
NAME__________Archery information disclosurePlatforms Affected:Archery Archery 1.10.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Archery could allow a remote attacker to obtain sensitive information, caused by...
openSIS Community Edition cross-site scripting | CVE-2023-38881
NAME__________openSIS Community Edition cross-site scriptingPlatforms Affected:OS4Ed openSIS Community Edition 9.0Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________openSIS Community Edition is vulnerable to cross-site scripting,...
openSIS Community Edition information disclosure | CVE-2023-38884
NAME__________openSIS Community Edition information disclosurePlatforms Affected:OS4Ed openSIS Community Edition 9.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________openSIS Community Edition could allow a remote attacker...
openSIS Community Edition cross-site scripting | CVE-2023-38882
NAME__________openSIS Community Edition cross-site scriptingPlatforms Affected:OS4Ed openSIS Community Edition 9.0Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________openSIS Community Edition is vulnerable to cross-site scripting,...
openSIS Community Edition directory traversal | CVE-2023-38879
NAME__________openSIS Community Edition directory traversalPlatforms Affected:OS4Ed openSIS Community Edition 9.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________openSIS Community Edition could allow a remote attacker...
SuperAGI information disclosure | CVE-2023-48055
NAME__________SuperAGI information disclosurePlatforms Affected:SuperAGI SuperAGI 0.0.13Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SuperAGI could allow a remote attacker to obtain sensitive information, caused by...
Tenable Nessus Agent denial of service | CVE-2023-6178
NAME__________Tenable Nessus Agent denial of servicePlatforms Affected:Tenable Nessus Agent 10.4.3Risk Level:6.8Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Tenable Nessus Agent is vulnerable to a...
openSIS Community Edition cross-site scripting | CVE-2023-38883
NAME__________openSIS Community Edition cross-site scriptingPlatforms Affected:OS4Ed openSIS Community Edition 9.0Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________openSIS Community Edition is vulnerable to cross-site scripting,...
