CISA: CISA Releases Advisory on Cyber Resilience for the HPH Sector
CISA Releases Advisory on Cyber Resilience for the HPH Sector Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights...
Month: December 2023
CISA: CISA and FBI Release Advisory on ALPHV Blackcat Affiliates
CISA and FBI Release Advisory on ALPHV Blackcat Affiliates Today, CISA and the Federal Bureau of Investigation (FBI) released a...
CISA: CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords Today, CISA published guidance on How Manufacturers Can Protect...
CISA: FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware
FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure...
CISA: CISA Releases Seven Industrial Control Systems Advisories
CISA Releases Seven Industrial Control Systems Advisories CISA released seven Industrial Control Systems (ICS) advisories on December 19, 2023. These...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on December 21, 2023. These...
CISA: CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool CISA has published the finalized Microsoft 365 Secure Configuration Baselines,...
CISA: Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and...
CISA: Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla Releases Security Updates for Firefox and Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird....
BlackCat/ALPHV Ransomware Victim: Wesgar Inc[.]
BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
HackerOne Bug Bounty Disclosure: b-authentication-bypass-on-jetpack-sso-manager-allows-to-access-the-administration-panel-of-wordpress-without-user-interaction-b-sodium
Company Name: b'Automattic' Company HackerOne URL: https://hackerone.com/automattic Submitted By:b'sodium_'Link to Submitters Profile:https://hackerone.com/b'sodium_' Report Title:b'Authentication bypass on JetPack SSO manager -...
HackerOne Bug Bounty Disclosure: b-rce-on-wordpress-website-b-lukasreschke
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'lukasreschke'Link to Submitters Profile:https://hackerone.com/b'lukasreschke' Report Title:b'RCE on Wordpress website'Report Link:https://hackerone.com/reports/2248328Date Submitted:28 December...
Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already...
Most Sophisticated iPhone Hack Ever Exploited Apple’s Hidden Hardware Feature
The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal...
Alfasado PowerCMS cross-site scripting | CVE-2023-49117
NAME__________Alfasado PowerCMS cross-site scriptingPlatforms Affected:Alfasado PowerCMS 6.31 Alfasado PowerCMS 5.24 Alfasado PowerCMS 4.54Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Alfasado PowerCMS is vulnerable to...
RWS WorldServer code execution | CVE-2022-34267
NAME__________RWS WorldServer code executionPlatforms Affected:RWS WorldServer 11.7Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________RWS WorldServer could allow a remote attacker to execute arbitrary code...
NOKIA NFM-T cross-site scripting | CVE-2022-43675
NAME__________NOKIA NFM-T cross-site scriptingPlatforms Affected:NOKIA NFM-T R19.9Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________NOKIA NFM-T is vulnerable to cross-site scripting, caused by improper validation...
NOKIA NFM-T cross-site scripting | CVE-2022-41762
NAME__________NOKIA NFM-T cross-site scriptingPlatforms Affected:NOKIA NFM-T R19.9Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________NOKIA NFM-T is vulnerable to cross-site scripting, caused by improper validation...
RWS WorldServer command execution | CVE-2022-34268
NAME__________RWS WorldServer command executionPlatforms Affected:RWS WorldServer 11.7Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________RWS WorldServer could allow a remote attacker to execute arbitrary commands...
NOKIA NFM-T SQL injection | CVE-2022-39822
NAME__________NOKIA NFM-T SQL injectionPlatforms Affected:NOKIA NFM-T R19.9Risk Level:5.4Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________NOKIA NFM-T is vulnerable to SQL injection. A remote authenticated attacker...
Alfasado PowerCMS cross-site scripting | CVE-2023-50297
NAME__________Alfasado PowerCMS cross-site scriptingPlatforms Affected:Alfasado PowerCMS 6.31 Alfasado PowerCMS 5.24 Alfasado PowerCMS 4.54Risk Level:4.7Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Alfasado PowerCMS could allow a...
RWS WorldServer command execution | CVE-2022-34269
NAME__________RWS WorldServer command executionPlatforms Affected:RWS WorldServer 11.7Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________RWS WorldServer could allow a remote authenticated attacker to execute arbitrary...
NOKIA NFM-T directory traversal | CVE-2022-41761
NAME__________NOKIA NFM-T directory traversalPlatforms Affected:NOKIA NFM-T R19.9Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________NOKIA NFM-T could allow a remote authenticated attacker to traverse directories...
