Top 5 Infrastructure as Code Security Challenges
Learn how to counteract the top five challenges of IaC and discover how these obstacles pose a threat to security...
HackerOne Bug Bounty Disclosure: add-me-email-address-authentication-bypassbyraajeevrathnam
Programme HackerOne LinkedIn LinkedIn Submitted by raajeevrathnam raajeevrathnam Report Add me email address Authentication bypass Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: [h1-2102]-shopapps-query-from-the-graphql-at-/users/api-returns-all-existing-created-apps,-including-private-onesbyinhibitor181
Programme HackerOne Shopify Shopify Submitted by inhibitor181 inhibitor181 Report shopApps query from the graphql at /users/api returns all existing created...
HackerOne Bug Bounty Disclosure: post-based-reflected-xss-in-dailydeals-mtn-co-zabyshuvam321
Programme HackerOne MTN Group MTN Group Submitted by shuvam321 shuvam321 Report POST BASED REFLECTED XSS IN dailydeals.mtn.co.za Full Report A...
Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons
Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder...
Holy Ghost ransomware operation is linked to North Korea
Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC)...
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats
Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is...
Cobalt Stike Beacon Detected – 150[.]158[.]166[.]243:9999
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 20[.]93[.]170[.]184:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 185[.]81[.]68[.]44:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 139[.]155[.]42[.]254:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 139[.]99[.]66[.]156:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 44[.]206[.]108[.]223:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]92[.]97[.]171:9443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Siemens SIMATIC eaSie Core Package security bypass | CVE-2021-44222
NAME Siemens SIMATIC eaSie Core Package security bypass Platforms Affected:Siemens SIMATIC eaSie Core Package 21Risk Level:10Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Siemens SIMATIC...
Juniper Networks Junos Space Security Director Policy Enforcer weak security |
NAME Juniper Networks Junos Space Security Director Policy Enforcer weak security Platforms Affected:Juniper Networks Junos Space Security Director Policy EnforcerRisk...
Google Chrome WebGPU code execution | CVE-2022-2399
NAME Google Chrome WebGPU code execution Platforms Affected:Google Chrome 99 Google Chrome 102.0Risk Level:8.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Google Chrome could allow...
LUX – TYPO3 Marketing Automation extension for TYPO3 SQL injection | CVE-2022-35628
NAME LUX - TYPO3 Marketing Automation extension for TYPO3 SQL injection Platforms Affected:TYPO3 LUX Marketing Automation Extension for TYPO3Risk Level:8.2Exploitability:UnprovenConsequences:Data...
Siemens SCALANCE X Switch Devices denial of service | CVE-2022-26648
NAME Siemens SCALANCE X Switch Devices denial of service Platforms Affected:Siemens SCALANCE X200-4P IRT (6GK5200-4AH00- 2BA3) Siemens SCALANCE X200-4P IRT...
Siemens SIMATIC CP Devices code execution | CVE-2022-34820
NAME Siemens SIMATIC CP Devices code execution Platforms Affected:Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31- 0XE0) Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)...
Node.js shared-dam-app module code execution |
NAME Node.js shared-dam-app module code execution Platforms Affected:Node.js shared-dam-appRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js shared-dam-app module could allow a remote attacker...
Siemens Opcenter Quality security bypass | CVE-2022-33736
NAME Siemens Opcenter Quality security bypass Platforms Affected:Siemens Opcenter Quality 13.1 Siemens Opcenter Quality 13.2Risk Level:9.6Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Siemens Opcenter...
Argo Project Argo CD security bypass | CVE-2022-31105
NAME Argo Project Argo CD security bypass Platforms Affected:Argo Project Argo CD 2.3.0 Argo Project Argo CD 2.3.5 Argo Project...
Dahua DHI-ASI7213X-T1 security bypass | CVE-2022-2334
NAME Dahua DHI-ASI7213X-T1 security bypass Platforms Affected:Dahua Technology ASI7213X-T1 1.000.10Be006.0.R.201213Risk Level:8.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Dahua DHI-ASI7213X-T1 could allow a remote attacker...
