New Microsoft bug bounty program focuses on AI-powered Bing
Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. With the AI-powered...
Year: 2023
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
RecycledInjector – Native Syscalls Shellcode Injector
(Currently) Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate +...
HackerOne Bug Bounty Disclosure: b-stored-xss-at-nordvpn-com-b-tvmbug
Company Name: b'Nord Security' Company HackerOne URL: https://hackerone.com/nordsecurity Submitted By:b'tvmbug'Link to Submitters Profile:https://hackerone.com/b'tvmbug' Report Title:b'Stored XSS at nordvpn.com'Report Link:https://hackerone.com/reports/1841042Date Submitted:12...
Ransomware review: October 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on...
Medusa Locker Ransomware Victim: SIMTA
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: Evasión
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: Neodata
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: ZOUARY & Associés
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Dark Angel Victim: CannonDesign
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Dark Angel Victim: Roper & Vertafore
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Dark Angel Victim: Robins & Morton
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Dark Angel Victim: Go-Ahead Group
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
SAP BusinessObjects Web Intelligence cross-site scripting | CVE-2023-42474
NAME__________SAP BusinessObjects Web Intelligence cross-site scriptingPlatforms Affected:SAP BusinessObjects Web Intelligence 420Risk Level:6.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________SAP BusinessObjects Web Intelligence is vulnerable to...
Fortinet FortiManager and FortiAnalyzer security bypass | CVE-2023-42787
NAME__________Fortinet FortiManager and FortiAnalyzer security bypassPlatforms Affected:Fortinet FortiAnalyzer 6.2.0 Fortinet FortiManager 7.0.0 Fortinet FortiAnalyzer 7.0.0 Fortinet FortiManager 6.4.0 Fortinet FortiAnalyzer...
SAP Business One information disclosure | CVE-2023-41365
NAME__________SAP Business One information disclosurePlatforms Affected:SAP Business One 10Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SAP Business One could allow a remote authenticated attacker...
Siemens SIMATIC CP Devices denial of service | CVE-2023-37195
NAME__________Siemens SIMATIC CP Devices denial of servicePlatforms Affected:Siemens SIMATIC CP 1604 Siemens SIMATIC CP 1623 Siemens SIMATIC CP 1626 Siemens...
Adobe Commerce and Magento Open Source server-side request forgery | CVE-2023-26366
NAME__________Adobe Commerce and Magento Open Source server-side request forgeryPlatforms Affected:Adobe Commerce 2.4.6 Adobe Commerce 2.4.5-p2 Adobe Commerce 2.4.4-p3 Adobe Commerce...
Microsoft Windows TCP/IP denial of service | CVE-2023-36602
NAME__________Microsoft Windows TCP/IP denial of servicePlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32 Microsoft...
Siemens SINEC NMS cross-site scripting | CVE-2023-44315
NAME__________Siemens SINEC NMS cross-site scriptingPlatforms Affected:Siemens SINEC NMS 1.0Risk Level:4.7Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Siemens SINEC NMS is vulnerable to cross-site scripting, caused...
Apache Tomcat denial of service | CVE-2023-42794
NAME__________Apache Tomcat denial of servicePlatforms Affected:Apache Tomcat 8.5.85 Apache Tomcat 9.0.71Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Apache Tomcat is vulnerable to a...
Fortinet FortiOS cross-site scripting | CVE-2023-36555
NAME__________Fortinet FortiOS cross-site scriptingPlatforms Affected:Fortinet FortiOS 7.0.0 Fortinet FortiOS 7.2.0 Fortinet FortiOS 7.2.4Risk Level:3.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Fortinet FortiOS is vulnerable to...
Adobe Commerce and Magento Open Source denial of service | CVE-2023-38251
NAME__________Adobe Commerce and Magento Open Source denial of servicePlatforms Affected:Adobe Commerce 2.4.3 Adobe Commerce 2.3.7-p2 Adobe Commerce 2.4.4 Adobe Commerce...
Apache Tomcat information disclosure | CVE-2023-42795
NAME__________Apache Tomcat information disclosurePlatforms Affected:Apache Tomcat 8.5.0 Apache Tomcat 9.0.0.M1 Apache Tomcat 10.1.0-M1 Apache Tomcat 11.0.0-M1Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache Tomcat...
