CISA: CISA Releases Seven Industrial Control Systems Advisories
CISA Releases Seven Industrial Control Systems Advisories CISA released seven Industrial Control Systems (ICS) advisories on July 9, 2024. These...
Month: July 2024
HackerOne Bug Bounty Disclosure: fs-lstat-bypasses-permission-model-haxatron
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:haxatron1Link to Submitters Profile:https://hackerone.com/haxatron1 Report Title:fslstat bypasses permission modelReport Link:https://hackerone.com/reports/2145862Date Submitted:09 July...
HackerOne Bug Bounty Disclosure: bypass-incomplete-fix-of-cve-tianst
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:tianstLink to Submitters Profile:https://hackerone.com/tianst Report Title:Bypass incomplete fix of CVE-2024-27980Report Link:https://hackerone.com/reports/2461831Date Submitted:09...
HackerOne Bug Bounty Disclosure: navgraph-confusion-allows-any-p-app-to-send-and-read-requests-from-the-server-at-app-hey-com-fr-via
Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Navgraph confusion allows any 3p app to...
HackerOne Bug Bounty Disclosure: fs-fchown-fchmod-bypasses-permission-model–xpl-r-r
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:4xpl0r3rLink to Submitters Profile:https://hackerone.com/4xpl0r3r Report Title:fsfchown/fchmod bypasses permission modelReport Link:https://hackerone.com/reports/2472071Date Submitted:09 July...
HackerOne Bug Bounty Disclosure: path-traversal-in-deeplink-query-parameter-can-expose-any-user-s-private-info-to-a-public-directory-one-click-fr-via
Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:fr4viaLink to Submitters Profile:https://hackerone.com/fr4via Report Title:Path traversal in deeplink query parameter can...
RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by...
Critical Vulnerabilities in Gogs Open-Source Git Service
Security researchers have disclosed multiple vulnerabilities (CVE-2024-39930,CVE-2024-39931, CVE-2024-39932) affecting Gogs open-source Git service. The vulnerabilities have a Common Vulnerability Scoring...
GoPhish Login Page Detected – 3[.]20[.]101[.]161:8443
The Information provided at the time of posting was detected as "GoPhish Login Page". Depending on when you are viewing...
GoPhish Login Page Detected – 44[.]207[.]195[.]55:443
The Information provided at the time of posting was detected as "GoPhish Login Page". Depending on when you are viewing...
Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal...
HUMINT: Diving Deep into the Dark Web
Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web...
GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool...
Cobalt Stike Beacon Detected – 185[.]77[.]226[.]142:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 39[.]100[.]101[.]55:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]92[.]70[.]19:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
INC Ransom Ransomware Victim: REPLIGEN
INC Ransom Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
INC Ransom Ransomware Victim: Guhring USA
INC Ransom Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Cybersecurity Agencies Warn of China-linked APT40’s Rapid Exploit Adaptation
Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint...
Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories
Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to...
GoPhish Login Page Detected – 164[.]90[.]170[.]18:443
The Information provided at the time of posting was detected as "GoPhish Login Page". Depending on when you are viewing...
F5 Products Denial of Service Vulnerability
A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted...
10 Billion Passwords Leaked on Hacking Forum
Nearly 10 billion unique passwords have been leaked on a cybercrime forum, putting online users across the world at risk...
Crypto Thefts Double to $1.4 Billion, TRM Labs Finds
Hacks and exploits on cryptocurrency exchanges are soaring, with twice as much money being stolen in the first half of...
