ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, Security Vulnerabilities

China Has a Controversial Plan for Brain-Computer Interfaces

China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:2859-1)

The remote host is missing an update for...

swiss-alp-health.ch Improper Access Control vulnerability OBB-3860480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

MikroTik RouterOS Improper Access Control (CVE-2021-27221)

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work This plugin only works with Tenable.ot. Please visit...

charlotte-theater.com Cross Site Scripting vulnerability OBB-3856759

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was...

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just...

Cross-site Scripting (XSS)

urql/next is vulnerable to Cross-site scripting (XSS). The vulnerability is due to improper sanitization of HTML-like characters in the response stream. An attacker can inject malicious scripts by ensuring that the response returns html tags and that the web-application is using streamed responses....

@urql/next Cross-site Scripting vulnerability

impact The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the...

@urql/next Cross-site Scripting vulnerability

impact The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the...

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability...

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability...

Design/Logic Flaw

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability...

CVE-2024-24556 XSS in @urql/next

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability...

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often...

rsc-service.de Improper Access Control vulnerability OBB-3780151

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season

As the holiday season approaches, a palpable sense of joy and anticipation fills the air. Twinkling lights adorn homes, the aroma of freshly baked cookies wafts through the kitchen, and the sound of laughter and carolers' melodies resonate on frosty evenings. It's a time when families come...

What is Traffic Shaping ?

Unraveling the Enigma of Traffic Modulation Within the realm of digital information, data traffic parallels a high-speed freeway, ferrying packets of details to-and-fro. So what transpires when there's an excessive influx, leading to an overburdened data expressway? This is where the enigma of...

Hackers Stole Access Tokens from Okta’s Support Unit

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of...

charlotte-theater.com Cross Site Scripting vulnerability OBB-3733676

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Client-Side Protection & Compliance: Fight Threats, Help Meet PCI DSS v4

...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-005)

The version of firefox installed on the remote host is prior to 102.11.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-005 advisory. There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() ...

emily-rk.com Cross Site Scripting vulnerability OBB-3695626

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Identity Theft from 1965 Uncovered through Face Recognition

Interesting story: Napoleon Gonzalez, of Etna, assumed the identity of his brother in 1965, a quarter century after his sibling's death as an infant, and used the stolen identity to obtain Social Security benefits under both identities, multiple passports and state identification cards, law...

charlotte-theater.com Cross Site Scripting vulnerability OBB-3552821

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

charlotte-theater.com Cross Site Scripting vulnerability OBB-3525478

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

SUSE: Security Advisory (SUSE-SU-2023:2808-1)

The remote host is missing an update for...

The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short

As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks (BLAs). Unlike known attacks, which can be identified by signatures or patterns, such....

alp-service.fr Cross Site Scripting vulnerability OBB-3489761

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising

Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations,"...

Business Logic Attacks: Why Should You Care?

Imagine this: You've just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. You're feeling safe and secure, congratulating yourself on a job well done. But, despite all your efforts, your.....

AI as Sensemaking for Public Comments

It's become fashionable to think of artificial intelligence as an inherently dehumanizing technology, a ruthless force of automation that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special,.....

Unbreakable Enterprise kernel security update

[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...

Script Security: Achieving PCI DSS v4 Compliance Before the Deadline

The new Akamai Page Integrity Manager capabilities are purpose-built to address the latest PCI DSS v4.0 script requirements with one comprehensive...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

charlotte-theater.com Cross Site Scripting vulnerability OBB-3410479

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Oracle Linux 8 : firefox (ELSA-2023-3220)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3220 advisory. A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability...

rsc-hrd.net Cross Site Scripting vulnerability OBB-3397774

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Amazon Linux 2 : thunderbird (ALAS-2023-2051)

The version of thunderbird installed on the remote host is prior to 102.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2051 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have...

Ubuntu 22.04 LTS / 23.04 : SpiderMonkey vulnerabilities (USN-6120-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6120-1 advisory. Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment...

Oracle Linux 8 : thunderbird (ELSA-2023-3221)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3221 advisory. A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. (CVE-2023-32207) ...

AlmaLinux 8 : firefox (ALSA-2023:3220)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3220 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

AlmaLinux 8 : thunderbird (ALSA-2023:3221)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3221 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

Oracle Linux 9 : firefox (ELSA-2023-3143)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3143 advisory. A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. (CVE-2023-32207) ...

AlmaLinux 9 : thunderbird (ALSA-2023:3150)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3150 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

Rocky Linux 8 : firefox (RLSA-2023:3220)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3220 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

Rocky Linux 8 : thunderbird (RLSA-2023:3221)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3221 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

AlmaLinux 9 : firefox (ALSA-2023:3143)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3143 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2023:2211-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2211-1 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content....