Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 Security Vulnerabilities

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

The Drop in Ransomware Attacks in 2024 and What it Means

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048.....

victoria-academy.co.uk Cross Site Scripting vulnerability OBB-3904983

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Victoria VR Becomes First Virtual Reality Developer to Integrate OpenAI

By Owais Sultan Virtual reality developer Victoria VR has announced that it is integrating OpenAI into its builder. The move makes… This is a post from HackRead.com Read the original post: Victoria VR Becomes First Virtual Reality Developer to Integrate...

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....

U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed.....

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing...

victoria-garbenteich.de Improper Access Control vulnerability OBB-3820523

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed. Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed.

Lines of code Vulnerability details Potest egreditur posses torrens fugamque ignavis Ubi spectemur patent prominet tenebat ait est Lorem markdownum vitam, unus cum quaeque bellique portante et siccis intremuere nondum pascere vidit. In mihi cara terra, sui regni meritasque nescia, litora vocatum...

victoria-gersten.de Improper Access Control vulnerability OBB-3779011

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-5012

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a...

CVE-2023-5012

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a...

CVE-2023-5012 Topaz OFD Protection Module Warsaw core.exe unquoted search path

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a...

victoria-ro.com Cross Site Scripting vulnerability OBB-3676604

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

The Increased Use of Mobile Devices Expands the Threat Landscape

...

Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps

Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a...

Artemis - A Modular Web Reconnaissance Tool And Vulnerability Scanner

A modular web reconnaissance tool and vulnerability scanner based on Karton (https://github.com/CERT-Polska/karton). The Artemis project has been initiated by the KN Cyber science club of Warsaw University of Technology and is currently being maintained by CERT Polska. Artemis is experimental...

QBot banker delivered through business correspondence

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and.....

queen-auguste-victoria-park.de Cross Site Scripting vulnerability OBB-3229130

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Malvertising through search engines

In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious...

CVE-2022-48305

There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...

CVE-2022-48305

There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...

Authentication flaw

There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...

CVE-2022-48305

There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...

Security Advisory - Identity Authentication Bypass Vulnerability in The Huawei Children Smart Watch (Simba-AL00)

The Huawei Children Smart Watch (Simba-AL00) has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail.(Vulnerability ID:HWPSIRT-2022-18770) This vulnerability has been assigned a (CVE).....

victoria-ro.com Cross Site Scripting vulnerability OBB-3051783

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Optus data breach "attacker" says sorry, it was a mistake

Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym "optusdata" claims to have stolen the data of 10 million Optus customers. The information included....

Ubuntu: Security Advisory (USN-345-1)

The remote host is missing an update for...

Report: Recent 10x Increase in Cyberattacks on Ukraine

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. ....

victoria-objektbetreuung.de Improper Access Control vulnerability OBB-2406522

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

victoria-gersten.de Improper Access Control vulnerability OBB-2406521

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

victoria-milan.org Cross Site Scripting vulnerability OBB-2337843

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Celebrity jewelry house Graff falls victim to ransomware

Data on countless celebrities, including politicians, is apparently now in the hands of ransomware attackers after a group using the Conti variant compromised systems of one of the world’s most exclusive jewelry houses, Graff. Despite what mathematicians like to think, there is an exception to...

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

Description Stored XSS via upload file .svg allows for arbitrary execution of JavaScript # Proof of Concept ``` // PoC.req POST /demo-dev/tree/demo/add-media-file/X9222 HTTP/2 Host: dev.webtrees.net Cookie: __Secure-WT-ID=63trarcpiic93psog3t8okts4h User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS.....

G2A's Journey to Global Growth, Part 1: Keeping Gamers and Geeks Playing During a Pandemic

G2A.COM is the world's largest marketplace for video games, with thousands of sellers, 24 million customers, and a million transactions a month. It's the first stop for gamers and geeks who are looking for low-priced game keys, activation codes, electronics, merchandise, and more. G2A has grown...

LinkedIn’s 1.2B Data-Scrape Victims Targeted by Attackers

Just days after a yet another data-scraping operation aimed at LinkedIn was discovered, evidence has popped up in a popular hacker forum that the vast amount of lifted data is being collated and refined to identify specific targets. This might signal the start of a series of LinkedIn-fueled...

RedWarden - Flexible CobaltStrike Malleable Redirector

RedWarden - Flexible CobaltStrike Malleable Redirector (previously known as proxy2's malleable_redirector plugin) Let's raise the bar in C2 redirectors IR resiliency, shall we? Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them...

Cyberattack Forces Meat Producer to Shut Down Operations in U.S., Australia

The world’s largest meat distributor shut down some operations in both the United States and Australia over the Memorial Day weekend after a cyberattack on its IT systems that could have a significant effect on the food supply chain if not resolved quickly. Attackers targeted several servers...

Hacker Sets Alleged Auction for Witcher 3 Source Code

The ransomware gang behind an attack on videogame developer CD Projekt Red may have made good on its promise to auction off the company’s data – including source code for Cyberpunk 2077 and an unreleased version of the Witcher 3. Or it may not have. The Twitter account @vxunderground, which bills.....

Cyberpunk 2077 Publisher Hit with Hack, Ransomware

UPDATE CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the wildly popular Witcher series, has suffered a ransomware attack that could soon result in troves of company data being dumped online – including game source code. The Warsaw-based company tweeted out a notice on....

CVE-2021-22302

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...

CVE-2021-22304

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...

CVE-2021-22304

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...

CVE-2021-22293

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...

CVE-2021-22293

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...

CVE-2021-22302

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...

Design/Logic Flaw

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...

Design/Logic Flaw

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...

Design/Logic Flaw

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...