Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country's...
Month: December 2023
Black Basta Ransomware Victim: americanalarm[.]com
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Critical Vulnerability in Apache OFBiz
Apache has released updates addressing a critical vulnerability (CVE-2023-51467) in their OFBiz Enterprise Resource Planning (ERP) system. The vulnerability has...
Play Ransomware Victim: CVR Associates
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28...
HCL Launch denial of service | CVE-2023-45702
NAME__________HCL Launch denial of servicePlatforms Affected:HCL Launch 7.3.0.0 HCL Launch 7.2 HCL Launch 7.2.3.7 HCL Launch 7.3.2.2Risk Level:6.2Exploitability:UnprovenConsequences:Denial of Service...
Hotel Management System cross-site scripting | CVE-2023-49270
NAME__________Hotel Management System cross-site scriptingPlatforms Affected:Hotel Management System Hotel Management System 1.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Hotel Management System is vulnerable to...
Audiobookshelf server-side request forgery | CVE-2023-51697
NAME__________Audiobookshelf server-side request forgeryPlatforms Affected:Audiobookshelf Audiobookshelf 2.6.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Audiobookshelf is vulnerable to server-side request forgery, caused by a flaw...
Audiobookshelf server-side request forgery | CVE-2023-51665
NAME__________Audiobookshelf server-side request forgeryPlatforms Affected:Audiobookshelf Audiobookshelf 2.6.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Audiobookshelf is vulnerable to server-side request forgery, caused by a flaw...
ReVanced API denial of service | CVE-2023-52075
NAME__________ReVanced API denial of servicePlatforms Affected:ReVanced ReVanced APIRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________ReVanced API is vulnerable to a denial of service,...
tj-actions changed-files code execution | CVE-2023-51664
NAME__________tj-actions changed-files code executionPlatforms Affected:tj-actions changed-files 40.2.3Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________tj-actions changed-files could allow a remote authenticated attacker to execute arbitrary...
HCL Launch information disclosure | CVE-2023-45701
NAME__________HCL Launch information disclosurePlatforms Affected:HCL Launch 7.0.0.0 HCL Launch 7.3.0.0 HCL Launch 7.1 HCL Launch 7.1.2.14 HCL Launch 7.2 HCL...
NVIDIA Triton Inference Server directory traversal | CVE-2023-31036
NAME__________NVIDIA Triton Inference Server directory traversalPlatforms Affected:NVIDIA Triton Inference Server 2.30Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________NVIDIA Triton Inference Server could allow a...
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat...
BianLian Ransomware Victim: Northland Mechanical Contractors
BianLian Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
Kroll Reveals Ftx Customer Info Exposed In August Data Breach
Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information...
Easypark Discloses Data Breach That May Impact Millions Of Users
Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December...
Apache Ofbiz Rce Flaw Exploited To Find Vulnerable Confluence Servers
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. Apache...
Blockchain Devs Wallet Emptied In Job Interview Using Npm Package
A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development...
Eagers Automotive Halts Trading In Response To Cyberattack
Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it...
Microsoft Disables Msix Protocol Handler Abused In Malware Attacks
Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows...
Russian Military Hackers Target Ukraine With New Masepie Malware
Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously...
Game Mod On Steam Breached To Push Password Stealing Malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push...
Active Exploitation of Critical Vulnerability in Barracuda Networks’ Email Security Gateway
Barracuda Networks has released security updates addressing a critical vulnerability (CVE-2023-7102) in its Email Security Gateway (ESG) appliance. The vulnerability...
