Month: December 2023

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

December 21, 2023

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of...

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

December 21, 2023

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300...

Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster

December 21, 2023

Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially...

Product Explained: Memcyco’s Real-Time Defense Against Website Spoofing

December 21, 2023

Hands-On Review: Memcyco's Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant...

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP

December 21, 2023

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said...

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

December 21, 2023

The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity...

Integrate Google Drive Plugin for WordPress cross-site request forgery | CVE-2023-49769

December 21, 2023

NAME__________Integrate Google Drive Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Integrate Google Drive Plugin for WordPress 2.2.24Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Integrate...

Block for Font Awesome Plugin for WordPress cross-site request forgery | CVE-2023-49751

December 21, 2023

NAME__________Block for Font Awesome Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Block for Font Awesome Plugin for WordPress 1.4.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain...

Biteship Plugin for WordPress cross-site scripting | CVE-2023-49767

December 21, 2023

NAME__________Biteship Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Biteship Plugin for WordPress 2.2.24Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Biteship Plugin for WordPress is vulnerable...

Apache Dubbo code execution | CVE-2023-29234

December 21, 2023

NAME__________Apache Dubbo code executionPlatforms Affected:Apache Dubbo 3.1.0 Apache Dubbo 3.1.10 Apache Dubbo 3.2.0 Apache Dubbo 3.2.4Risk Level:5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache Dubbo...

Adobe Experience Manager cross-site scripting | CVE-2023-51457

December 21, 2023

NAME__________Adobe Experience Manager cross-site scriptingPlatforms Affected:Adobe Experience Manager Cloud Service (CS) Adobe Experience Manager 6.5.18.0Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Adobe Experience Manager...

Adobe Experience Manager cross-site scripting | CVE-2023-51460

December 21, 2023

HPE Integrated Lights-Out security bypass | CVE-2023-50272

December 21, 2023

NAME__________HPE Integrated Lights-Out security bypassPlatforms Affected:HPE Integrated Lights-Out 5 (iLO 5) HPE Integrated Lights-Out 6 (iLO 6)Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________HPE...

Hitachi Energy RTU500 series products denial of service | CVE-2023-6711

December 21, 2023

NAME__________Hitachi Energy RTU500 series products denial of servicePlatforms Affected:Hitachi Energy RTU500 series CMU Firmware 13.3.2 Hitachi Energy RTU500 series CMU...

Adobe Experience Manager cross-site scripting | CVE-2023-51458

December 21, 2023

Adobe Experience Manager cross-site scripting | CVE-2023-51459

December 21, 2023

Subnet Solutions PowerSYSTEM Center privilege escalation | CVE-2023-6631

December 21, 2023

NAME__________Subnet Solutions PowerSYSTEM Center privilege escalationPlatforms Affected:Subnet Solutions PowerSYSTEM Center 5.0 Subnet Solutions PowerSYSTEM Center 5.16Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Subnet Solutions...

Month: December 2023

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster

Product Explained: Memcyco’s Real-Time Defense Against Website Spoofing

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

Integrate Google Drive Plugin for WordPress cross-site request forgery | CVE-2023-49769

Block for Font Awesome Plugin for WordPress cross-site request forgery | CVE-2023-49751

Biteship Plugin for WordPress cross-site scripting | CVE-2023-49767

Apache Dubbo code execution | CVE-2023-29234

Adobe Experience Manager cross-site scripting | CVE-2023-51457

Adobe Experience Manager cross-site scripting | CVE-2023-51460

HPE Integrated Lights-Out security bypass | CVE-2023-50272

Hitachi Energy RTU500 series products denial of service | CVE-2023-6711

Adobe Experience Manager cross-site scripting | CVE-2023-51458

Adobe Experience Manager cross-site scripting | CVE-2023-51459

Subnet Solutions PowerSYSTEM Center privilege escalation | CVE-2023-6631

Adobe Experience Manager cross-site scripting | CVE-2023-51462

EFACEC UC 500E information disclosure | CVE-2023-50706

IBM Informix JDBC code execution | CVE-2023-35895

Apache Pulsar WebSocket Proxy denial of service | CVE-2023-37544

Foxit PDF Reader code execution | CVE-2023-51556

Adobe Experience Manager cross-site scripting | CVE-2023-51461

Foxit PDF Reader information disclosure | CVE-2023-51555

[RANSOMHUB] – Ransomware Victim: allconstructiongroupwv[.]com

[FOG] – Ransomware Victim: Waters Truck and Tractor (waterstruck[.]com)

[HUNTERS] – Ransomware Victim: Dorner Law & Title Services

[AKIRA] – Ransomware Victim: H2OBX Waterpark

[AKIRA] – Ransomware Victim: HUTTER ACUSTIX

You may have missed