Google’s Bazel Exposed to Command Injection Threat
Security researchers have recently unearthed a supply-chain vulnerability within Bazel, one of Google’s flagship open-source products. The flaw centered around a...
Month: February 2024
Pump-and-Dump Schemes Make Crypto Fraudsters $240m
Market manipulators may have made over $240m last year by artificially inflating the value of Ethereum tokens, according to Chainalysis.The...
US Agencies Failure to Oversee Ransomware Protections Threaten White House Goals
The White House’s goal of bolstering the cyber resilience of critical infrastructure is being threatened by US federal agencies’ lack...
CISA: CISA Releases Eight Industrial Control Systems Advisories
CISA Releases Eight Industrial Control Systems Advisories CISA released eight Industrial Control Systems (ICS) advisories on January 30, 2024. These...
CISA: Guidance: Assembling a Group of Products for SBOM
Guidance: Assembling a Group of Products for SBOM Today, CISA published Guidance on Assembling a Group of Products created by the Software...
CISA: Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Note: CISA...
CISA: Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series
Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series Juniper Networks released a security...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on January 25, 2024. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on February 1, 2024. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers Today, CISA and the...
CISA: Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components Moby and the Open Container Initiative...
CISA: Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components Moby and the Open Container Initiative...
HackerOne Bug Bounty Disclosure: b-xss-in-subdomain-of-duckduckgo-b-mr-r-boot
Company Name: b'DuckDuckGo' Company HackerOne URL: https://hackerone.com/duckduckgo Submitted By:b'mr_r3boot'Link to Submitters Profile:https://hackerone.com/b'mr_r3boot' Report Title:b'XSS in Subdomain of DuckDuckGo'Report Link:https://hackerone.com/reports/395734Date Submitted:01...
HackerOne Bug Bounty Disclosure: b-port-smpt-open-can-send-any-mail-remotely-from-the-internal-mail-users-to-company-mail-id-s-b-harshniture
Company Name: b'SideFX' Company HackerOne URL: https://hackerone.com/sidefx Submitted By:b'harshniture12'Link to Submitters Profile:https://hackerone.com/b'harshniture12' Report Title:b"Port 587 SMPT Open: Can send any...
HackerOne Bug Bounty Disclosure: b-default-credentials-at-https-b-forcedrofes
Company Name: b'Trellix' Company HackerOne URL: https://hackerone.com/trellix Submitted By:b'forcedrofes'Link to Submitters Profile:https://hackerone.com/b'forcedrofes' Report Title:b'default credentials at https://52.42.105.71/'Report Link:https://hackerone.com/reports/2160178Date Submitted:01 February...
HackerOne Bug Bounty Disclosure: b-memory-corruption-via-large-pixels-b-mr-r-boot
Company Name: b'Infogram' Company HackerOne URL: https://hackerone.com/infogram Submitted By:b'mr_r3boot'Link to Submitters Profile:https://hackerone.com/b'mr_r3boot' Report Title:b'Memory Corruption via Large Pixels'Report Link:https://hackerone.com/reports/282518Date Submitted:01...
Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign...
CISA Warns of Active Exploitation of Flaw in Apple iOS and macOS
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and...
FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that...
Malvertisers Zoom In On Cryptocurrencies And Initial Access
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”,...
New Metastealer Malvertising Campaigns
MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have...
Pikabot Distributed Via Malicious Ads
During this past year, we have seen an increase in the use of malicious ads (malvertising) and specifically those via...
