Year: 2023

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

August 14, 2023

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at...

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

August 14, 2023

A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and...

Medusa Locker Ransomware Victim: Borets (Levare[.]com)

August 14, 2023

Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...

Medusa Locker Ransomware Victim: CB Energy Australlia

August 14, 2023

Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...

Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks

August 14, 2023

Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations...

Identity Threat Detection and Response: Rips in Your Identity Fabric

August 14, 2023

Why SaaS Security Is a Challenge# In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive...

New Financial Malware ‘JanelaRAT’ Targets Latin American Users

August 14, 2023

Users in Latin America (LATAM) are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information...

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First

August 14, 2023

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was...

Siemens JT2Go, Teamcenter Visualization and Solid Edge code execution | CVE-2023-28830

August 14, 2023

NAME__________Siemens JT2Go, Teamcenter Visualization and Solid Edge code executionPlatforms Affected:Siemens JT2Go 14.2.0.4Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Siemens JT2Go, Teamcenter Visualization and Solid...

Siemens JT Open, JT Utilities code execution | CVE-2023-30796

August 14, 2023

NAME__________Siemens JT Open, JT Utilities code executionPlatforms Affected:Siemens JT Utilities Siemens Parasolid 35.0 Siemens Parasolid 34.1 Siemens Parasolid 34.0 Siemens...

Nozomi Networks Guardian/CMC cross-site scripting | CVE-2023-22843

August 14, 2023

NAME__________Nozomi Networks Guardian/CMC cross-site scriptingPlatforms Affected:Nozomi Networks Guardian/CMC 22.6.1Risk Level:6.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Nozomi Networks Guardian/CMC is vulnerable to cross-site scripting, caused...

Nozomi Networks Guardian/CMC denial of service | CVE-2023-24015

August 14, 2023

NAME__________Nozomi Networks Guardian/CMC denial of servicePlatforms Affected:Nozomi Networks Guardian/CMC 22.6.1Risk Level:4.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Nozominetworks Nozomi Networks Guardian/CMC is vulnerable to...

Siemens JT Open, JT Utilities code execution | CVE-2023-30795

August 14, 2023

NAME__________Siemens JT Open, JT Utilities code executionPlatforms Affected:Siemens JT Utilities Siemens Parasolid 35.0 Siemens Parasolid 34.1 Siemens Parasolid 34.0 Siemens...

HCL DRYiCE MyCloud information disclosure | CVE-2023-23346

August 14, 2023

NAME__________HCL DRYiCE MyCloud information disclosurePlatforms Affected:HCL DRYiCE MyCloud 10.2 HCL DRYiCE MyCloud 10.4 HCL DRYiCE MyCloud 10.5 HCL DRYiCE MyCloud...

HashiCorp Consul and Consul Enterprise denial of service | CVE-2023-3518

August 14, 2023

NAME__________HashiCorp Consul and Consul Enterprise denial of servicePlatforms Affected:HashiCorp Consul and Consul Enterprise 1.16.0Risk Level:7.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________HashiCorp Consul and...

Sentry security bypass | CVE-2023-39531

August 14, 2023

NAME__________Sentry security bypassPlatforms Affected:Sentry Sentry 23.7.1Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Sentry could allow a remote authenticated attacker to bypass security restrictions, caused...

Cacti information disclosure | CVE-2023-37543

August 14, 2023

NAME__________Cacti information disclosurePlatforms Affected:Cacti Cacti 1.2.5Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Cacti could allow a remote attacker to obtain sensitive information, caused by...

Nozomi Networks Guardian/CMC information disclosure | CVE-2023-24471

August 14, 2023

NAME__________Nozomi Networks Guardian/CMC information disclosurePlatforms Affected:Nozomi Networks Guardian/CMC 22.6.1Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Nozomi Networks Guardian/CMC could allow a remote authenticated attacker...

HCL DRYiCE iAutomate information disclosure | CVE-2023-23347

August 14, 2023

NAME__________HCL DRYiCE iAutomate information disclosurePlatforms Affected:HCL DRYiCE iAutomate 6.0 HCL DRYiCE iAutomate 6.1 HCL DRYiCE iAutomate 6.2Risk Level:6.4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________HCL...

Nozomi Networks Guardian/CMC security bypass | CVE-2023-24477

August 14, 2023

NAME__________Nozomi Networks Guardian/CMC security bypassPlatforms Affected:Nozomi Networks Guardian/CMC 22.6.1Risk Level:5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Nozomi Networks Guardian/CMC could allow a remote attacker to...

Year: 2023

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

Medusa Locker Ransomware Victim: Borets (Levare[.]com)

Medusa Locker Ransomware Victim: CB Energy Australlia

Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks

Identity Threat Detection and Response: Rips in Your Identity Fabric

New Financial Malware ‘JanelaRAT’ Targets Latin American Users

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First

Siemens JT2Go, Teamcenter Visualization and Solid Edge code execution | CVE-2023-28830

Siemens JT Open, JT Utilities code execution | CVE-2023-30796

Nozomi Networks Guardian/CMC cross-site scripting | CVE-2023-22843

Nozomi Networks Guardian/CMC denial of service | CVE-2023-24015

Siemens JT Open, JT Utilities code execution | CVE-2023-30795

HCL DRYiCE MyCloud information disclosure | CVE-2023-23346

HashiCorp Consul and Consul Enterprise denial of service | CVE-2023-3518

Sentry security bypass | CVE-2023-39531

Cacti information disclosure | CVE-2023-37543

Nozomi Networks Guardian/CMC information disclosure | CVE-2023-24471

HCL DRYiCE iAutomate information disclosure | CVE-2023-23347

Nozomi Networks Guardian/CMC security bypass | CVE-2023-24477

OPPO OnePlus Store app code execution | CVE-2023-26309

iCMS SQL injection | CVE-2023-39805

HCL Nomad for web browsers security bypass | CVE-2023-23342

iCMS SQL injection | CVE-2023-39806

CISA: CISA Releases Two Industrial Control Systems Advisories

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Vulnerability to the KEV Catalog

CISA: Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways

You may have missed