CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to...
7AI Score
Oracle Critical Patch Update Advisory - October 2023
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches...
10CVSS
7.1AI Score
EPSS
Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats?
Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies. Cyble, a...
7.5AI Score
Peeling off QR Code Phishing Onion
Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...
7AI Score
Peeling off QR Code Phishing Onion
Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...
7AI Score
The Qualys Security Conference Mumbai: That’s a Wrap!
In recent years, the world of cybersecurity has experienced a dramatic transformation. The threat landscape has erupted, creating a host of complex challenges, with malicious actors continuously upping their game. In this high-stakes environment, the need for robust cloud security platforms...
7.3AI Score
How looking at decades of spam led Jaeson Schultz from Y2K to the metaverse and cryptocurrency
At this point in his career, Jaeson Schultz has seen nearly every type of online scam there is to see. From fake bomb threats at schools, to "sextortion" campaigns, cryptocurrency mining, metaverse and more of the 2010s, to the earliest type of spam emails in the 1990s that promised to protect...
6.6AI Score
Description CSRF in Payment Types Proof of Concept 1 .Attacker send form fake to user <html> <body> <form action="https://demo.publicknowledgeproject.org/ojs3/testdrive/index.php/testdrive-journal/payments/savePaymentTypes"> <input type="hidden" name="csrfToken"...
8.8CVSS
6.8AI Score
0.001EPSS
North Korea's Lazarus Group Launders $900 Million in Cryptocurrency
As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be...
6.9AI Score
US Police Recover $3M Stolen by Pakistani Crypto Scammers
By Waqas The crypto scammers convinced a victim in the United States to transfer their Bitcoin to a Kraken cryptocurrency account that the victim did not control. This is a post from HackRead.com Read the original post: US Police Recover $3M Stolen by Pakistani Crypto...
6.9AI Score
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...
6.1CVSS
6.3AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...
7.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...
6.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...
7.1CVSS
6.4AI Score
0.0005EPSS
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser...
8.3AI Score
FBI warns of multiple ransomware attacks on same victim
The Federal Bureau of Investigation (FBI) has released a notification that highlights two trends emerging across the ransomware environment. The trends the FBI says it's noticed since July 2023 are: Multiple ransomware attacks on the same victim in close date proximity. New data destruction...
7.1AI Score
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants:...
6.9AI Score
GLSA-202309-17 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202309-17 (Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities) Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
9.8CVSS
9AI Score
0.085EPSS
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
TeamCity CVE-2023-42793 Exploit This Python script exploits...
9.8CVSS
9.5AI Score
0.97EPSS
Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
7.2CVSS
6.9AI Score
0.001EPSS
Essential Guide to Cybersecurity Compliance
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert's head spin. If you're embarking on your compliance journey, read on to discover the differences between standards, which is best for your business,....
6.4AI Score
Credit card thieves target Booking.com customers
Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at...
6.7AI Score
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...
5.3CVSS
5.5AI Score
0.0005EPSS
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...
5.3CVSS
5.5AI Score
0.0005EPSS
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...
5.3CVSS
7.4AI Score
0.0005EPSS
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...
5.5AI Score
0.0005EPSS
LastPass: ‘Horse Gone Barn Bolted’ is Strong Password
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will.....
6.9AI Score
T-Mobile spills billing information to other customers
Some T-Mobile customers logged into their accounts on Wednesday to find another customer's billing and account information showing on their online dashboards. T-Mobile denied there was an attack, but confirmed there had been a data leak. It said a "temporary system glitch" had misplaced some...
7AI Score
Overview of IoT threats in 2023
IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks.....
9.1CVSS
8.1AI Score
0.571EPSS
cheqd’s Recent Rollout Focuses on Monetizing Digital Identity
By Owais Sultan The decentralized identity startup, cheqd, unveils Credential Payments, blending financial incentives with self-sovereign identity measures. cheqd, a startup… This is a post from HackRead.com Read the original post: cheqd’s Recent Rollout Focuses on Monetizing Digital...
7AI Score
WooCommerce Payments Plugin for WordPress 5.5.x < 5.5.2 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 5.0.x < 5.0.4 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 5.4.x < 5.4.1 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 4.9.x < 4.9.1 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 4.8.x < 4.8.2 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 5.2.x < 5.2.2 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 6.3.x < 6.3.2 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 5.1.x < 5.1.3 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 5.3.x < 5.3.1 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
WooCommerce Payments Plugin for WordPress 6.2.x < 6.2.2 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
8.4AI Score
EPSS
Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years
A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the....
6.2AI Score
Watch out, this LastPass email with "Important information about your account" is a phish
The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the "unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having....
7AI Score
iPhone 15 launch: Wonderlust scammers rear their heads
Yesterday, Apple launched its latest iPhone and Watch models at its massive Wonderlust event. As with many high profile launches like this, it attracted not just a mountain of press, but a whole load of scammers too. One site uses the Apple brand to host a cryptocurrency scam. The hook is a...
6.7AI Score
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning....
7.3CVSS
7.3AI Score
0.004EPSS
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning....
7.3CVSS
7.3AI Score
0.004EPSS
Free Download Manager backdoored – a possible supply chain attack on Linux machines
UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Over the last few years, Linux machines have become a more and more prominent target for all sorts of threat actors. According to our telemetry, 260,000 unique Linux samples appeared in the first...
7.2AI Score
Major cyberattack leaves MGM Resorts reeling
A major incident impacting MGM Resorts has caused computer shutdowns all over the US. The systems most impacted are tied to casinos and hotel computer systems. According to the AP, locations caught by this shutdown range from New York and Ohio to Michigan and Mississippi. At this point I'd link to....
6.8AI Score
From Caribbean shores to your devices: analyzing Cuba ransomware
Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...
10CVSS
10.5AI Score
EPSS
WooCommerce Payments < 4.9.0 - Subscription Suspension/Activation via CSRF
Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack PoC Deactivate subscription with ID 53:...
7.1AI Score