Tamper proofing review: the iZettle card payment terminal
Tamper resistance is an increasingly important factor in smart devices. Together with secure hardware design and defensive coding, it can deliver a very secure device. One of the most common areas the average consumer will encounter tamper resistant devices is in payment terminals, or Pin Entry...
6.7AI Score
What’s in the spam mailbox this week?
We've seen a fair few spam emails in circulation this week, ranging from phishing to money muling to sexploitation. Shall we take a look? The FBI wants to give you back your money First out of the gate, we have a missive claiming to be from the FBI. Turns out you lost a huge sum of money that you.....
6.9AI Score
openSUSE Security Update : the Linux Kernel (openSUSE-2018-762) (Spectre)
The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate...
7.8CVSS
8.3AI Score
0.976EPSS
Security update for the Linux Kernel (important)
The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate...
0.7AI Score
0.976EPSS
Open Bug Bounty ID: OBB-639452 Description| Value ---|--- Affected Website:| lablind.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Typeform, Popular Online Survey Software, Suffers Data Breach
Typeform, the popular Spanish-based online data collection company specializes in form building and online surveys for businesses worldwide, has today disclosed that the company has suffered a data breach that exposed partial data of its some users. The company identified the breach on June...
1.3AI Score
Hello! Vulnerability Details The /username/charts.json endpoint can return a JSONP callback due to the fact that jsonp_dump is used in the file charts.json.spt. It appears that the content of the JSONP request depends on the authentication of the user. If the user enabled the privacy setting which....
AI Score
Liberapay: CSRF token manipulation in every possible form submits. NO server side Validation
Web Application is generating CSRF_token values inside cookies which is not a best practice for web applications the revelation of cookies can reveal CSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only....
0.1AI Score
In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources....
6.7AI Score
Charitable <= 1.5.13 - Unauthorised Access
From the vendor blog pos details: Fix a bug that can in certain scenarios allow unauthorized users to access the user and donation details of previous donations. Payment details such as credit card details were not...
3.4AI Score
0.002EPSS
5CVSS
Detecting Cloned Cards at the ATM, Register
Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card's magnetic stripe. But new research suggests retailers and ATM operators could reliably detect counterfeit...
6.6AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.128 to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an ...
-0.3AI Score
0.001EPSS
BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4)Vulnerability
Description of FUZE Card FUZE is an IoT device the size, shape, and thickness of a normal credit card. You program credit cards into it via Bluetooth (BLE) using a smart phone app. When you go to pay, you use the buttons and e-Paper display to select which card to emulate. The magnetic stripe...
-0.4AI Score
0.001EPSS
Node.js third-party modules: Unrestricted file upload (RCE)
I would like to report an unrestricted file upload in express-cart. It allows a user with administrative privileges to upload a file to any path. Module module name: express-cart version: 1.1.5 npm page: https://www.npmjs.com/package/express-cart Module Description expressCart is a fully...
8.8CVSS
-0.3AI Score
0.001EPSS
Node.js third-party modules: Privilege escalation allows any user to add an administrator
I would like to report privilege escalation in the npm module express-cart. It allows a normal user to add another user with administrator privileges. Module module name: express-cart version: 1.1.5 npm page: https://www.npmjs.com/package/express-cart Module Description expressCart is a fully...
8.8CVSS
0.9AI Score
0.001EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from ...
-0.2AI Score
0.001EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized ...
0.6AI Score
0.975EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2018-377)
The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace...
5.5CVSS
-0.4AI Score
0.001EPSS
Security update for the Linux Kernel (important)
The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged...
-0.3AI Score
0.001EPSS
Coinhive Exposé Prompts Cancer Research Fundraiser
A story published here this week revealed the real-life identity behind the original creator of Coinhive -- a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest...
6.7AI Score
Goodfellas, the Brazilian carding scene is after you
There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile...
7.4AI Score
kernel security and bug fix update
[3.10.0-693.21.1.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-693.21.1] [x86] platform/uv: Mark tsc_check_sync as an init function...
7.8CVSS
AI Score
0.001EPSS
Deepfakes FakeApp tool (briefly) includes cryptominer
A few weeks ago, we took a look at a forum dedicated to Deepfake clips where the site was pushing Coinhive mining scripts in the website's HTML code. As it turns out, there's been another mining blow-out in the form of one of the apps used to make the fakes. That's right—a tool designed to push...
6.9AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized ...
8.3AI Score
0.975EPSS
paydollar.com XSS vulnerability
Open Bug Bounty ID: OBB-565448 Description| Value ---|--- Affected Website:| paydollar.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
6.3AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized ...
8.4AI Score
0.975EPSS
Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World
Introduction Of all the forms of attack against financial institutions around the world, the one that brings traditional crime and cybercrime together the most is the malicious ecosystem that exists around ATM malware. Criminals from different backgrounds work together with a single goal in mind:.....
7.5AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure ...
8.2AI Score
0.975EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2018-153) (Spectre)
The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of...
9.8CVSS
8.8AI Score
0.975EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized ...
8.5AI Score
0.975EPSS
Security update for the Linux Kernel (important)
The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of...
8.7AI Score
0.975EPSS
New Point-of-Sale Malware Steals Credit Card Data via DNS Queries
Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. A new strain of malware has now been discovered that relies on a unique technique to steal...
7.1AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized ...
8.6AI Score
0.975EPSS
Would You Have Spotted This Skimmer?
When you realize how easy it is for thieves to compromise an ATM or credit card terminal with skimming devices, it's difficult not to inspect or even pull on these machines when you're forced to use them personally -- half expecting something will come detached. For those unfamiliar with the...
6.6AI Score
redcrossshimla.com XSS vulnerability
Open Bug Bounty ID: OBB-547425 Description| Value ---|--- Affected Website:| redcrossshimla.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
6.3AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). CVE-2017-5753:...
8.7AI Score
0.976EPSS
-0.1AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.103 to receive various security and bugfixes. This update enables SMB encryption in the CIFS support in the Linux Kernel (fate#324404) The following security bugs were fixed: CVE-2017-1000410: The Linux kernel was affected by an...
2.4AI Score
0.004EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.103 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-1000410: The Linux kernel was affected by an information lea that lies in the processing of incoming L2CAP commands -...
1.7AI Score
0.004EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2017-1391) (Dirty COW)
The openSUSE Leap 42.3 kernel was updated to 4.4.103 to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash...
7.8CVSS
8.5AI Score
0.004EPSS
Security update for the Linux Kernel (important)
The openSUSE Leap 42.3 kernel was updated to 4.4.103 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash ...
2.1AI Score
0.004EPSS
Security update for the Linux Kernel (important)
The openSUSE Leap 42.2 kernel was updated to 4.4.102 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash ...
2.2AI Score
0.004EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2017-1390) (Dirty COW)
The openSUSE Leap 42.2 kernel was updated to 4.4.102 to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash...
7.8CVSS
8.5AI Score
0.004EPSS
Anti-Skimmer Detector for Skimmer Scammers
Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small,...
6.8AI Score
Legal Robot: Exposes a series of other private credentials
Hi, I found a Javascript file where have many private credentials. JS File https://app.legalrobot.com/meteor_runtime_config.js Code ``` meteor_runtime_config =...
6.8AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through ...
8.8AI Score
0.009EPSS
simplycombo.com XSS vulnerability
Open Bug Bounty ID: OBB-385843 Description| Value ---|--- Affected Website:| simplycombo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
6.3AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and...
8.9AI Score
0.007EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and...
8.7AI Score
0.004EPSS
In the wake of Sunday's tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted....
6.5AI Score