APIDetector – Efficiently Scan For Exposed Swagger Endpoints Across Web Domains And Subdomains
APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities...
Month: December 2023
HackerOne Bug Bounty Disclosure: b-how-the-arch-angel-stole-live-events-b-archangel
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'archangel'Link to Submitters Profile:https://hackerone.com/b'archangel' Report Title:b'How the Arch Angel stole Live Events'Report...
HackerOne Bug Bounty Disclosure: b-avatar-url-is-exposed-in-patron-export-for-secret-donations-b-mdivecky
Company Name: b'Liberapay' Company HackerOne URL: https://hackerone.com/liberapay Submitted By:b'mdivecky'Link to Submitters Profile:https://hackerone.com/b'mdivecky' Report Title:b'Avatar URL is exposed in patron export...
CISA: CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords Today, CISA published guidance on How Manufacturers Can Protect...
CISA: CISA Releases Advisory on Cyber Resilience for the HPH Sector
CISA Releases Advisory on Cyber Resilience for the HPH Sector Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights...
CISA: Fortinet Releases Security Updates for Multiple Products
Fortinet Releases Security Updates for Multiple Products Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. A...
Akira Ransomware Victim: Hyman Hayes Associat es
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Bug or Feature? Hidden Web Application Vulnerabilities Uncovered
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot...
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks
A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short...
Active Exploitation of Critical Vulnerability in JetBrains TeamCity On-Premises
JetBrains has released updates addressing a critical vulnerability (CVE-2023-42793) in their TeamCity On-Premises. The vulnerability is reportedly being actively exploited...
Credit Card Skimming On The Rise For The Holiday Shopping Season
As we head into shopping season, customers aren’t the only ones getting excited. More online shopping means more opportunities for...
Malvertiser Copies Pc News Site To Deliver Infostealer
The majority of malvertising campaigns delivering malicious utilities that we have tracked so far typically deceive victims with pages that...
Malvertising Via Dynamic Search Ads Delivers Malware Bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally...
Hong Kong Residents Targeted In Malvertising Campaigns For Whatsapp Telegram
Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users....
Adobe Experience Manager cross-site scripting | CVE-2023-48485
NAME__________Adobe Experience Manager cross-site scriptingPlatforms Affected:Adobe Experience Manager Cloud Service (CS)Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Adobe Experience Manager is vulnerable to cross-site...
Adobe Experience Manager cross-site scripting | CVE-2023-48504
NAME__________Adobe Experience Manager cross-site scriptingPlatforms Affected:Adobe Experience Manager Cloud Service (CS)Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Adobe Experience Manager is vulnerable to cross-site...
Adobe Experience Manager cross-site scripting | CVE-2023-48484
NAME__________Adobe Experience Manager cross-site scriptingPlatforms Affected:Adobe Experience Manager Cloud Service (CS)Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Adobe Experience Manager is vulnerable to cross-site...
Ransomware Review November 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Associated Press Espn Cbs Among Top Sites Serving Fake Virus Alerts
ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one...
Ransomware Review December 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Malvertisers Zoom In On Cryptocurrencies And Initial Access
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”,...
Atomic Stealer Distributed To Mac Users Via Fake Browser Updates
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious...
Adobe Experience Manager cross-site scripting | CVE-2023-48490
NAME__________Adobe Experience Manager cross-site scriptingPlatforms Affected:Adobe Experience Manager Cloud Service (CS)Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Adobe Experience Manager is vulnerable to cross-site...
Siemens SINUMERIK, SIMATIC, and SIPLUS products denial of service | CVE-2023-46156
NAME__________Siemens SINUMERIK, SIMATIC, and SIPLUS products denial of servicePlatforms Affected:Siemens SIMATIC S7-1500 Siemens SINUMERIK MC Siemens SINUMERIK ONE Siemens SIPLUS...
