Ragnar Locker ransomware’s dark web extortion sites seized by police
The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international...
Year: 2023
Iranian hackers lurked in Middle Eastern govt network for 8 months
The Iranian hacking group tracked as OilRig (APT34) breached at least twelve computers belonging to a Middle Eastern government network...
Casio discloses data breach impacting customers in 149 countries
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of...
India targets Microsoft, Amazon tech support scammers in nationwide crackdown
India's Central Bureau of Investigation (CBI) raided 76 locations in a nationwide crackdown on cybercrime operations behind tech support scams...
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors...
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed...
E-Root admin faces 20 years for selling stolen RDP, SSH accounts
Sandu Diaconu, the operator of the E-Root marketplace, has been extradited to the U.S. to face a maximum imprisonment penalty...
Microsoft extends Purview Audit log retention after July breach
Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and...
Fake KeePass site uses Google Ads and Punycode to push malware
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official...
Play Ransomware Victim: Associated Wholesale Grocers
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
US-CERT Vulnerability Summary for the Week of October 9, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3ds -- teamwork_cloud_no_magic_releaseA Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from...
HackerOne Bug Bounty Disclosure: b-responsive-server-side-request-forgery-ssrf-b-bhmth
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'bhmth'Link to Submitters Profile:https://hackerone.com/b'bhmth' Report Title:b'Responsive Server-side Request Forgery (SSRF)'Report Link:https://hackerone.com/reports/1895874Date Submitted:19...
HackerOne Bug Bounty Disclosure: b-deny-admin-from-editing-linkedin-company-page-using-gen-form-visibility-via-post-voyager-api-voyagerorganizationdashcompanies-id-b-domg
Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'domg'Link to Submitters Profile:https://hackerone.com/b'domg' Report Title:b'Deny Admin from Editing LinkedIn Company Page...
Clever malvertising attack uses Punycode to look like KeePass’s official website
Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a...
LockBit 3.0 Ransomware Victim: fdf[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: frs-fnrs[.]be
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: smart-union[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: thecsi[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: salaw[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Zephyr buffer overflow | CVE-2023-4263
NAME__________Zephyr buffer overflowPlatforms Affected:Zephyr Project Zephyr 3.4.0Risk Level:7.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Zephyr is vulnerable to a stack-based buffer overflow, caused by improper...
XnSoft NConvert for Windows denial of service | CVE-2023-43251
NAME__________XnSoft NConvert for Windows denial of servicePlatforms Affected:XnSoft NConvert for Windows 7.154 XnSoft NConvert for Windows 7.153Risk Level:7.8Exploitability:UnprovenConsequences:Denial of Service...
Who Hit The Page Hit Counter plugin for WordPress cross-site scripting | CVE-2023-46066
NAME__________Who Hit The Page Hit Counter plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Mediabay plugin for WordPress 1.6 WordPress Mediabay...
QNAP QTS, QuTS hero, and QuTScloud directory traversal | CVE-2023-32974
NAME__________QNAP QTS, QuTS hero, and QuTScloud directory traversalPlatforms Affected:QNAP QuTS hero h5.1.0 QNAP QTS 5.1.0 QNAP QuTScloud c5.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information...
WebAuthn4J Spring Security security bypass | CVE-2023-45669
NAME__________WebAuthn4J Spring Security security bypassPlatforms Affected:WebAuthn4J Spring Security 0.9.0.RELEASERisk Level:4.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________WebAuthn4J Spring Security could allow a remote attacker to...
