WordPress Bitcoin Payments – Blockonomics Security Vulnerabilities

Security Bulletin: IBM Safer Payments vulnerable to denial of service attack (CVE-2023-27556)

Summary The API and MCI interfaces of IBM Safer Payments are vulnerable to the Slowloris denial of service attack. This vulnerability is addressed Vulnerability Details ** CVEID: CVE-2023-27556 DESCRIPTION: **IBM Counter Fraud Management for Safer Payments does not properly allocate resources...

Security Bulletin: Multiple publicly disclosed OpenSSL vulnerabilities affect IBM Safer Payments

Summary OpenSSL is used by IBM Safer Payments as part of all secure network communications. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-4304 DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side...

Security Bulletin: JSZip publicly disclosed vulnerability affects IBM Safer Payments (CVE-2022-48285)

Summary JSZip is used by IBM Safer Payments as part of the user interface. This vulnerability has been addressed. Vulnerability Details ** CVEID: CVE-2022-48285 DESCRIPTION: **JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames...

Security Bulletin: IBM Safer Payments vulnerable to Denial Of Service Attacks (CVE-2020-4729)

Summary IBM Safer Payments can be crashed by sending specially crafted API calls. This vulnerability has been addressed. Vulnerability Details ** CVEID: CVE-2020-4729 DESCRIPTION: **IBM Counter Fraud Management for Safer Payments could allow an authenticated attacker under special circumstances...

Security Bulletin: IBM Safer Payments is vulnerable to OpenSSL Information Disclosure Problem (CVE-2021-3712)

Summary IBM Safer Payments versions uses OpenSSL. This vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2021-3712 DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending...

Security Bulletin: IBM Safer Payments is vulnerable to multiple OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary IBM Safer Payments uses OpenSSL. These OpenSSL vulnerabilities are addressed in IBM Safer Payments. Vulnerability Details ** CVEID: CVE-2021-23839 DESCRIPTION: **OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the...

Security Bulletin: IBM Safer Payment affected by OpenSSL Racoon Attack (CVE-2020-1968)

Summary IBM Safer Payments uses OpenSSL. This vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2020-1968 DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in...

Security Bulletin: OpenSSL security vulnerability CVE-2021-3449 and CVE-2021-3450 in IBM Safer Payments versions of 6.1 and 6.2 below 6.1.0.08 and 6.2.1.03

Summary CVE-2021-3449: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server...

Security Bulletin: Denial Of Service vulnerability in OpenSSL affects IBM Safer Payments (CVE-2020-1967)

Summary IBM Safer Payments is affected by OpenSSL Segmentation fault vulnerability. This issue has been addressed. Vulnerability Details ** CVEID: CVE-2020-1967 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By passing specially crafted data to...

Fake Flipper Zero sellers are after your money

Thanks to Malwarebytes' Stefan Dasic who provided the research and screenshots for this article. Flipper Zero, a "multi-tool device for hackers", is frequently out of stock due to its popularity in hardware circles. Flipper Zero combines research and penetration hardware tools into a single unit......

Threat Roundup for April 14 to April 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 14 and April 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If...

FTC tackles tech support scams by chasing payment processor firms

A multinational payment processing company and two of its executives are facing a potential $650k fine as a result of allegedly processing credit card payments for tech support scammers. While this fine isn't exactly massive in comparison to some of the privacy breaches and other incidents seen...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain...

CVE-2023-30614

Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL...

CVE-2023-30614

Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL...

CVE-2023-30614

Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL...

Cross site scripting

Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL...

CVE-2023-30614 Improper Neutralization of Script-Related HTML Tags in a Web Page in pay

Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL...

Instagram scam promises money in exchange for your image

We're seeing a number of complaints on Reddit and elsewhere regarding a scam which flares up every so often. It's called the "Muse scam", and targets users of Instagram. Let's hear from one of the Reddit posters impacted: An artist approached me on Instagram asking if they could use one of my...

CVE-2023-21915

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2023-21915

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Buffer overflow

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Swatting-as-a-Service is a growing and complicated problem to solve

One Telegram channel has been found to be behind a great deal of swatting incidents in the US. Using the anonymity provided by Telegram, caller ID spoofing, and voices generated by Artificial Intelligence (AI), a person or group of persons calling themselves Torswats is suspected to be behind...

AIX 7.2 TL 5 : commonshttp (IJ44994)

https://vulners.com/cve/CVE-2012-5783 https://vulners.com/cve/CVE-2012-5783 Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server.....

Oracle Critical Patch Update Advisory - April 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches...

AIX 7.3 TL 1 : commonshttp (IJ44987)

https://vulners.com/cve/CVE-2012-5783 https://vulners.com/cve/CVE-2012-5783 Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server.....

AIX 7.1 TL 5 : commonshttp (IJ45221)

https://vulners.com/cve/CVE-2012-5783 https://vulners.com/cve/CVE-2012-5783 Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server.....

AIX 7.3 TL 0 : commonshttp (IJ45224)

https://vulners.com/cve/CVE-2012-5783 https://vulners.com/cve/CVE-2012-5783 Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server.....

WordPress Stripe Payments For WooCommerce Plugin < 1.4.11 CSRF Vulnerability

The WordPress...

Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users PoC Setup: 1. Install woocommerce (dependency, no setup required) 2. Install the vulnerable plugin (woo-altcoin-payment-gateway version...

Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated...

Security Bulletin: AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient (CVE-2012-5783)

Summary A vulnerability in Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks (CVE-2012-5783). AIX ships Apache Commons HttpClient as part of Electronic Customer Care. Vulnerability Details ** CVEID: CVE-2012-5783 DESCRIPTION: **Apache Commons HttpClient, as used...

AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient

IBM SECURITY ADVISORY First Issued: Thu Apr 13 13:44:57 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/commonshttp_advisory.asc Security Bulletin: AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient...

Ransomware review: April 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 3, 2023 to Apr 9, 2023)

Last week, there were 97 vulnerabilities disclosed in 63 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....

Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign

The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote. While the nation-state adversary is known for persistently singling out the cryptocurrency sector, recent...

Sextortion "assistance" scammers con victims further

The FBI is warning of a particular aspect of sextortion scams: Supposed organisations that offer "help" to remove stolen images, often at a significant financial cost (and no guarantee of success). Sextortion, the act of blackmailing individuals for cash in return for not leaking sensitive imagery....

CVE-2023-28121

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the....

CVE-2023-28121

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the....

CVE-2023-28121

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the....

Code injection

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the....

Following the Lazarus group by tracking DeathNote campaign

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, we'll focus on an active cluster that we dubbed DeathNote because the malware responsible for...

CVE-2023-28121

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the....

Security fix for the ALT Linux 10 package yandex-browser-stable version 23.3.1.916-alt1

April 11, 2023 Yandex Browser Team 23.3.1.916-alt1 - Browser updated to 23.3.1 + Critical CVE-2023-0941: Use after free in Prompts. + High CVE-2023-0927: Use after free in Web Payments API. + High CVE-2023-0928: Use after free in SwiftShader. + High CVE-2023-0929: Use after free in...

CVE-2023-25713

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin &lt;= 5.7.25...

CVE-2023-25702

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin &lt;= 5.7.25...

CVE-2023-25702

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin &lt;= 5.7.25...

CVE-2023-25713

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin &lt;= 5.7.25...