Where SSO Falls Short in Protecting SaaS
Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one...
Year: 2023
Pakistan-Origin SideCopy Linked to New Cyberattack on India’s Ministry of Defence
An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to...
IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery
Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited...
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo
Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly....
Where SSO Falls Short in Protecting SaaS
Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one...
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware...
President Biden Signs Executive Order Restricting Use of Commercial Spyware
U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government...
LockBit 3.0 Ransomware Victim: islandinsurance[.]ca
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: piramal[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: grupcovesa[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: lqtbg[.]com[.]cn
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: swiftatlanta[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Tailscale command execution | CVE-2023-28436
NAME__________Tailscale command executionPlatforms Affected:Tailscale Tailscale 1.34.0 Tailscale Tailscale 1.38.1Risk Level:5.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Tailscale could allow a remote authenticated attacker to execute...
crewjam/saml go library denial of service | CVE-2023-28119
NAME__________crewjam/saml go library denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________crewjam/saml go library is vulnerable to a denial of service,...
Cisco ASA, FTD, IOS and IOS XE Software denial of service | CVE-2023-20081
NAME__________Cisco ASA, FTD, IOS and IOS XE Software denial of servicePlatforms Affected:Cisco Adaptive Security Appliance Software Cisco IOS Software Cisco...
Invernyx smartCARS information disclosure | CVE-2023-28441
NAME__________Invernyx smartCARS information disclosurePlatforms Affected:Invernyx smartCARS 0.5.8Risk Level:7.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Invernyx smartCARS could allow a local attacker to obtain sensitive information,...
Open RDW kenteken voertuiginformatie Plugin for WordPress cross-site scripting | CVE-2022-47431
NAME__________Open RDW kenteken voertuiginformatie Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Open RDW kenteken voertuiginformatie plugin for WordPress 2.0.14Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting...
MagePeople Team Event Manager and Tickets Selling Plugin for WordPress cross-site scripting | CVE-2023-28422
NAME__________MagePeople Team Event Manager and Tickets Selling Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress MagePeople Team Event Manager and Tickets Selling...
Smart Slider 3 Plugin for WordPress cross-site scripting | CVE-2022-45843
NAME__________Smart Slider 3 Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Smart Slider 3 Plugin for WordPress 3.5.7Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Smart Slider...
Embed Any Document Plugin for WordPress cross-site scripting | CVE-2023-23707
NAME__________Embed Any Document Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Embed Any Document Plugin for WordPress 2.7.1Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Embed Any...
CM Answers Plugin for WordPress cross-site scripting | CVE-2023-25992
NAME__________CM Answers Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress CM Answers Plugin Plugin for WordPress 3.1.9Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________CM Answers Plugin...
Klaviyo Plugin for WordPress cross-site scripting | CVE-2023-25456
NAME__________Klaviyo Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Klaviyo Plugin for WordPress 3.0.7Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Klaviyo Plugin for WordPress is vulnerable...
CTT Expresso para WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-47589
NAME__________CTT Expresso para WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress CTT Expresso para WooCommerce Plugin for WordPress 3.2.11Risk Level:4.8Exploitability:HighConsequences:Cross-Site Scripting...
Code Snippets Extension Plugin for WordPress cross-site scripting | CVE-2023-23650
NAME__________Code Snippets Extension Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Code Snippets Extension Plugin for WordPress 4.0.2Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Code Snippets...
