CISA: Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and...
Month: December 2023
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla Releases Security Updates for Firefox and Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird....
CISA: CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool CISA has published the finalized Microsoft 365 Secure Configuration Baselines,...
Linpmem – A Physical Memory Acquisition Tool For Linux
Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API for reading from any...
CISA: CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool CISA has published the finalized Microsoft 365 Secure Configuration Baselines,...
HackerOne Bug Bounty Disclosure: b-self-xss-when-pasting-html-into-text-app-with-ctrl-shift-v-b-max-nextcloud
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'max_nextcloud'Link to Submitters Profile:https://hackerone.com/b'max_nextcloud' Report Title:b'Self XSS when pasting HTML into Text...
HackerOne Bug Bounty Disclosure: b-admins-can-change-authentication-details-of-user-configured-external-storage-b-st-nzyy
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'st0nzyy'Link to Submitters Profile:https://hackerone.com/b'st0nzyy' Report Title:b'Admins can change authentication details of user...
HackerOne Bug Bounty Disclosure: b-elasticsearch-is-currently-open-without-authentication-on-https-l-b-roland-hack
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'roland_hack'Link to Submitters Profile:https://hackerone.com/b'roland_hack' Report Title:b'Elasticsearch is currently open...
HackerOne Bug Bounty Disclosure: b-default-admin-username-and-password-on-b-maskedpersian
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'maskedpersian'Link to Submitters Profile:https://hackerone.com/b'maskedpersian' Report Title:b'Default Admin Username and...
HackerOne Bug Bounty Disclosure: b-unauthenticated-file-read-adobe-coldfusion-b-r-tdaddy
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'r00tdaddy'Link to Submitters Profile:https://hackerone.com/b'r00tdaddy' Report Title:b'Unauthenticated File Read Adobe...
HackerOne Bug Bounty Disclosure: b-rxss-via-currentfolder-parameter-b-qu-nten
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'qu1nten'Link to Submitters Profile:https://hackerone.com/b'qu1nten' Report Title:b' RXSS via "CurrentFolder"...
HackerOne Bug Bounty Disclosure: b-adobe-coldfusion-access-control-bypass-cve-b-r-nh-ck
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'0r10nh4ck'Link to Submitters Profile:https://hackerone.com/b'0r10nh4ck' Report Title:b'Adobe ColdFusion Access Control...
HackerOne Bug Bounty Disclosure: b-unauthorized-access-to-argo-dashboard-on-b-devdevrl
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'devdevrl'Link to Submitters Profile:https://hackerone.com/b'devdevrl' Report Title:b'Unauthorized access to Argo...
HackerOne Bug Bounty Disclosure: b-pre-auth-rce-in-forgerock-openam-cve-b-fdeleite
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'fdeleite'Link to Submitters Profile:https://hackerone.com/b'fdeleite' Report Title:b'Pre-auth RCE in ForgeRock...
HackerOne Bug Bounty Disclosure: b-rce-in-cve-b-fdeleite
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'fdeleite'Link to Submitters Profile:https://hackerone.com/b'fdeleite' Report Title:b'RCE in 'Report Link:https://hackerone.com/reports/1327769Date...
HackerOne Bug Bounty Disclosure: b-rce-via-file-upload-with-a-null-byte-truncated-file-extension-at-https-b-pizzapower
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'pizzapower'Link to Submitters Profile:https://hackerone.com/b'pizzapower' Report Title:b'RCE via File Upload...
HackerOne Bug Bounty Disclosure: b-rce-on-cve-b-fdeleite
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'fdeleite'Link to Submitters Profile:https://hackerone.com/b'fdeleite' Report Title:b'RCE on 'Report Link:https://hackerone.com/reports/1327701Date...
HackerOne Bug Bounty Disclosure: b-idor-to-delete-profile-images-in-https-b-maskedpersian
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'maskedpersian'Link to Submitters Profile:https://hackerone.com/b'maskedpersian' Report Title:b'IDOR to delete profile...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on December 21, 2023. These...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
Active Exploitation of Zero-Day Vulnerability in Google Chrome
Google has released security updates to address a high-severity zero-day vulnerability (CVE-2023-7024) in Google Chrome. The vulnerability is reportedly being...
German Authorities Dismantle Dark Web Hub ‘Kingdom Market’ in Global Operation
German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales...
Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called...
