Black Friday: Scammers Exploit Luxury Brands to Lure Victims
involving the spoofing of luxury brands, including Louis Vuitton, Rolex, and Ray-Ban.The hackers craft enticing emails promising heavy discounts on...
Year: 2023
US-CERT Vulnerability Summary for the Week of November 6, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformThe 1E-Exchange-URLResponseTime instruction that is part of the Network product...
LTESniffer – An Open-source LTE Downlink/Uplink Eavesdropper
LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel (PDCCH) to obtain the Downlink...
HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'maskedpersian'Link to Submitters Profile:https://hackerone.com/b'maskedpersian' Report Title:b'Full account takeover of...
HackerOne Bug Bounty Disclosure: b-xss-in-cisco-endpoint-b-r-tdaddy
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'r00tdaddy'Link to Submitters Profile:https://hackerone.com/b'r00tdaddy' Report Title:b'XSS in Cisco Endpoint'Report...
HackerOne Bug Bounty Disclosure: b-unathenticated-file-read-cve-b-r-tdaddy
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'r00tdaddy'Link to Submitters Profile:https://hackerone.com/b'r00tdaddy' Report Title:b'Unathenticated file read (CVE-2020-3452)...
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV)...
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six...
U.S. Cybersecurity Agencies Warn of Scattered Spider’s Gen Z Cybercrime Ecosystem
U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known...
Discover 2023’s Cloud Security Strategies in Our Upcoming Webinar – Secure Your Spot
In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip...
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams...
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate...
Black Basta Ransomware Victim: edc[.]dk
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Schneider Electric PowerLogic ION8650 and ION8800 security bypass | CVE-2023-5984
NAME__________Schneider Electric PowerLogic ION8650 and ION8800 security bypassPlatforms Affected:Schneider Electric PowerLogic ION8800 Schneider Electric PowerLogic ION8650Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Schneider Electric...
Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family code execution | CVE-2023-44317
NAME__________Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family code executionPlatforms Affected:Siemens SCALANCE XF-200BA Siemens SCALANCE XR-300WG...
Adobe After Effects code execution | CVE-2023-47068
NAME__________Adobe After Effects code executionPlatforms Affected:Adobe After Effects 24.0.2 Adobe After Effects 23.6Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Adobe After Effects could allow...
Adobe Audition information disclosure | CVE-2023-47054
NAME__________Adobe Audition information disclosurePlatforms Affected:Adobe Audition 24.0 Adobe Audition 23.6.1Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Adobe Audition could allow a remote attacker to...
Adobe Audition code execution | CVE-2023-47046
NAME__________Adobe Audition code executionPlatforms Affected:Adobe Audition 24.0 Adobe Audition 23.6.1Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Adobe Audition could allow a remote attacker to...
Forminator plugin for WordPress file upload | CVE-2023-6133
NAME__________Forminator plugin for WordPress file uploadPlatforms Affected:WordPress Forminator plugin for WordPress 1.27.0 WordPress Forminator plugin for WordPress 1.26.0Risk Level:6.6Exploitability:UnprovenConsequences:Gain Access...
Adobe Audition code execution | CVE-2023-47049
NAME__________Adobe Audition code executionPlatforms Affected:Adobe Audition 24.0 Adobe Audition 23.6.1Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Adobe Audition could allow a remote attacker to...
Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family denial of service | CVE-2023-44321
NAME__________Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family denial of servicePlatforms Affected:Siemens SCALANCE XF-200BA Siemens SCALANCE...
Combust MLeap directory traversal | CVE-2023-5245
NAME__________Combust MLeap directory traversalPlatforms Affected:Combust MLeap 0.18.0 Combust MLeap 0.23.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Combust MLeap could allow a remote attacker to...
Microsoft .NET, .NET Framework and Visual Studio privilege escalation | CVE-2023-36049
NAME__________Microsoft .NET, .NET Framework and Visual Studio privilege escalationPlatforms Affected:Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.8 Microsoft .NET Framework...
Extra Product Options for WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-47658
NAME__________Extra Product Options for WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Extra Product Options for WooCommerce Plugin for WordPress 3.0.3Risk...
