CISA: Microsoft Releases June 2024 Security Updates
Microsoft Releases June 2024 Security Updates Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat...
Month: June 2024
CISA: Fortinet Releases Security Updates for FortiOS
Fortinet Releases Security Updates for FortiOS Fortinet has released security updates to address a vulnerability in FortiOS. A cyber threat...
CISA: CISA Releases Six Industrial Control Systems Advisories
CISA Releases Six Industrial Control Systems Advisories CISA released six Industrial Control Systems (ICS) advisories on June 11, 2024. These...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on June 18, 2024. These...
CISA: CISA Releases Twenty Industrial Control Systems Advisories
CISA Releases Twenty Industrial Control Systems Advisories CISA released twenty Industrial Control Systems (ICS) advisories on June 13, 2024. These...
CISA: CISA and Partners Release Guidance for Modern Approaches to Network Access Security
CISA and Partners Release Guidance for Modern Approaches to Network Access Security Today, CISA, in partnership with the Federal Bureau...
Volana – Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you...
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal...
HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami
Company Name: Enjin Company HackerOne URL: https://hackerone.com/enjin Submitted By:19whoami19Link to Submitters Profile:https://hackerone.com/19whoami19 Report Title:Cloudflare /cdn-cgi/ path allows resizing images from...
HackerOne Bug Bounty Disclosure: ability-to-bulk-submit-reports-via-query-named-based-batching–x
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0x999Link to Submitters Profile:https://hackerone.com/0x999 Report Title:Ability to bulk submit reports via query...
HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz
Company Name: Tools for Humanity Company HackerOne URL: https://hackerone.com/toolsforhumanity Submitted By:lauritzLink to Submitters Profile:https://hackerone.com/lauritz Report Title: Insufficient Filtering of "state"...
HackerOne Bug Bounty Disclosure: -package-name-can-be-set-as-desired-when-submitting-a-pentest-opportunity-form-iam-srpk
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:iam_srpkLink to Submitters Profile:https://hackerone.com/iam_srpk Report Title:"package_name" can be set as desired when...
HackerOne Bug Bounty Disclosure: -idor-improper-access-control-on-embedded-submission-form-japz
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:japzLink to Submitters Profile:https://hackerone.com/japz Report Title: Improper Access Control on Embedded Submission...
HackerOne Bug Bounty Disclosure: null-dereference-when-encoding-dn-of-x-certificate-z
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:z2_Link to Submitters Profile:https://hackerone.com/z2_ Report Title:NULL dereference when encoding DN of x509...
HackerOne Bug Bounty Disclosure: program-member-could-duplicate-report-to-a-non-related-program-original-report-v-id
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:v0id1Link to Submitters Profile:https://hackerone.com/v0id1 Report Title:Program Member Could Duplicate Report To A...
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has...
Critical Vulnerabilities in VMware vCenter Server
VMware has released security updates addressing critical vulnerabilities (CVE-2024-37079 and CVE-2024-37080) affecting their vCenter Server products. The vulnerabilities have a...
New Case Study: Unmanaged GTM Tags Become a Security Nightmare
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking...
Warning: Markopolo’s Scam Targeting Crypto Users via Fake Meeting Software
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital...
New Threat Actor ‘Void Arachne’ Targets Chinese Users with Malicious VPN Installers
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI)...
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors...
CACTUS Ransomware Victim: https://www[.]sofidel[.]com/
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
