US-CERT Vulnerability Summary for the Week of April 3, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Year: 2023
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" (RTM) Locker that functions as...
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures...
Daily Threat Intelligence – April 13 – 2023
Now you can protect yourself against BlackLotus UEFI bootkit attacks. The Incident Response team at Microsoft has pinpointed various stages...
HackerOne Bug Bounty Disclosure: possible-to-spoof-origin-in-“connected-sites”byrenniepak
Programme HackerOne MetaMask MetaMask Submitted by renniepak renniepak Report Possible to spoof Origin in "Connected Sites" Full Report A...
HackerOne Bug Bounty Disclosure: a-malicious-actor-could-rotate-tokens-of-a-victim,-given-that-he-knows-the-victim’s-token-idbyesx
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by esx esx Report A malicious actor could rotate...
HackerOne Bug Bounty Disclosure: cloudflare-is-not-properly-deleting-user’s-accountbyali_hassan_khan
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by ali_hassan_khan ali_hassan_khan Report Cloudflare is not properly deleting...
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a...
Why Shadow APIs are More Dangerous than You Think
Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial...
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the...
New Python-Based “Legion” Hacking Tool Emerges on Telegram
An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for...
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its...
LockBit 3.0 Ransomware Victim: teleferico[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: bcncruiseport[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: darktrace[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: fosfa[.]cz
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: apro[.]cl
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Unisoc Chipsets denial of service | CVE-2022-47465
NAME__________Unisoc Chipsets denial of servicePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc T760 Unisoc T618 Unisoc...
Adobe Dimension code execution | CVE-2023-26381
NAME__________Adobe Dimension code executionPlatforms Affected:Adobe Dimension 3.4.8Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Adobe Dimension could allow a remote attacker to execute arbitrary code...
Fortinet FortiSandbox SQL injection | CVE-2022-27485
NAME__________Fortinet FortiSandbox SQL injectionPlatforms Affected:Fortinet FortiSandbox 4.0.0 Fortinet FortiSandbox 3.2.0 Fortinet FortiSandbox 3.2.3 Fortinet FortiSandbox 4.0.2 Fortinet FortiSandbox 4.2.0 Fortinet...
NVIDIA GPU Display Driver for Linux denial of service | CVE-2023-0190
NAME__________NVIDIA GPU Display Driver for Linux denial of servicePlatforms Affected:NVIDIA GPU Display Driver for LinuxRisk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________NVIDIA GPU...
Fortinet FortiAnalyzer and FortiManager man-in-the-middle | CVE-2023-22642
NAME__________Fortinet FortiAnalyzer and FortiManager man-in-the-middlePlatforms Affected:Fortinet FortiManager 7.0.0 Fortinet FortiAnalyzer 7.0.0 Fortinet FortiAnalyzer 7.2.0 Fortinet FortiAnalyzer 7.2.1 Fortinet FortiManager 7.2.0...
Microsoft Windows security bypass | CVE-2023-28249
NAME__________Microsoft Windows security bypassPlatforms Affected:Risk Level:6.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Microsoft Windows could allow a physically proximate attacker to bypass security restrictions, caused...
Unisoc Chipsets denial of service | CVE-2022-47337
NAME__________Unisoc Chipsets denial of servicePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc T760 Unisoc T618 Unisoc...
