Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts
A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain...
Month: August 2024
HackerOne Bug Bounty Disclosure: unauthenticated-arbitrary-file-upload-on-the-hxxps-sp-d-rs
Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Unauthenticated arbitrary file upload...
HackerOne Bug Bounty Disclosure: blind-stored-xss-on-the-internal-host-sp-d-rs
Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Blind Stored XSS on...
HackerOne Bug Bounty Disclosure: cross-site-scripting-prakhar-x
Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:prakhar0x01Link to Submitters Profile:https://hackerone.com/prakhar0x01 Report Title:Cross Site ScriptingReport Link:https://hackerone.com/reports/2587844Date...
HackerOne Bug Bounty Disclosure: course-registration-form-allowing-an-attacker-to-dump-all-the-candidate-name-who-had-enrolled-for-the-course-steveflex
Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:steveflexLink to Submitters Profile:https://hackerone.com/steveflex Report Title:Course Registration Form Allowing...
HackerOne Bug Bounty Disclosure: dod-workstation-exposed-to-internet-via-tinypilot-kvm-with-no-authentication-socpuppet
Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:socpuppetLink to Submitters Profile:https://hackerone.com/socpuppet Report Title:DoD workstation exposed to...
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware
Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot...
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics
Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage malware...
Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web
A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and...
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?
SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these...
Play Ransomware Victim: Mill Creek Lumber
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Cobalt Strike Beacon Detected – 1[.]12[.]232[.]192:8888
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 106[.]14[.]213[.]29:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 82[.]157[.]124[.]32:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 198[.]44[.]174[.]177:4443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 165[.]227[.]93[.]160:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 60[.]204[.]134[.]21:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems
Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered...
Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk
A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used...
BianLian Ransomware Victim: Texas Centers for Infectious Disease Associates
BianLian Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
F5 BIG-IP Sensitive Information Disclosure Vulnerability
A vulnerability was identified in F5 BIG-IP, a remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system. Note:No patch...
Ubuntu Linux Kernel Multiple Vulnerabilities
Multiple vulnerabilities were identified in Ubuntu Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial...
Navigating the Maze of Cybersecurity Compliance
Cybersecurity compliance and regulations are vital components of protecting sensitive information in today's digital landscape. With cyber threats becoming increasingly...
Microsoft Fixes Nine Zero-Days on Patch Tuesday
Microsoft fixed nine zero-day vulnerabilities on its August Patch Tuesday yesterday, including six that have been exploited in the wild.These...