微信打赏（Wechat Reward) Security Vulnerabilities

セキュリティ更新プログラムの通知・配信の改善 – 新しい配信方法について

本ブログは、Improvements in Security Update Notifications Delivery – And a New Delivery Method...

How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch

With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million...

Romance scammer given 25 years of alone time

Romance scams are often low risk, high reward strategies for ciminals, who use them to steal large sums of money from vulnerable people in the cruellest ways possible. Once the victim wires the cash, there's a good chance that it's never coming back. The perpetrator has almost certainly covered...

Malwarebytes' modernized bug bounty program—here's all you need to know

Malwarebytes welcomes and encourages independent researchers reporting vulnerabilities in our products, and has run a bug bounty program for several years. Our security team has spent the last few months modernizing the program and we thought you'd like to hear about it. What is a bug bounty...

Former Uber Security Chief Found Guilty of Data Breach Coverup

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not...

Uncommon infection and malware propagation methods

Introduction We are often asked how targets are infected with malware. Our answer is nearly always the same: (spear) phishing. There will be exceptions, naturally, as we will encounter RCE vulnerabilities every now and then, or if the attacker is already on the network, they will use tools like...

Want More Secure Software? Start Recognizing Security-Skilled Developers

Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the....

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian...

OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China,...

Exploit for Path Traversal in Vmware Cloud Foundation

![vckiller](https://socialify.git.ci/Schira4396/VcenterKiller/im......

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword...

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword...

CVE-2018-20318

An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java...

CVE-2018-20318

An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java...

Romance scammer deepfakes Mark Ruffalo to con elderly artist

Deepfakes have settled into a groove, as most scam techniques do. It seems most deepfakers have decided to make as much cash as possible from unsuspecting victims instead of doing anything particularly earth-shattering with their technology. One curious twist we may not have seen coming is the...

Sichuan Tianyi Kanghe Communication Co., Ltd. TY-6201A has a logic flaw vulnerability

TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. Ltd. TY-6201A has a logic flaw vulnerability, which can be exploited by attackers to request specific paths via POST to achieve permissionless password...

Sichuan Tianyi Kanghe Communication Co., Ltd. TY-6201A has information leakage vulnerability

TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. Ltd. TY-6201A has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive...

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence By John Fokker · September 29, 2022 We’ve recently seen reports that the REvil ransomware gang is back online after the January 2022 arrests of several its members by Russian authorities claiming to dismantle the group and.....

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence By John Fokker · September 29, 2022 We’ve recently seen reports that the REvil ransomware gang is back online after the January 2022 arrests of several its members by Russian authorities claiming to dismantle the group and.....

BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware...

xERC4626.sol#beforeWithdraw will fail under certain conditions

Lines of code Vulnerability details Impact Valid withdrawals will fail in certain edge cases Proof of Concept function totalAssets() public view override returns (uint256) { // cache global vars uint256 storedTotalAssets_ = storedTotalAssets; uint192 lastRewardAmount_ =...

syncRewards() after xERC4626's beforeWithdraw() can result in wrong reward amount

Lines of code Vulnerability details Impact The withdrawal amount will be counted as part of the surplus asset balance mistakenly if block.timestamp >= rewardsCycleEnd. Proof of Concept function beforeWithdraw(uint256 assets, uint256 shares) internal override { ...

Exploit for Cross-site Scripting in Helpsystems Cobalt Strike

Cobalt Strike 存储型XSS RCE CVE-2022-39197 运行参数： -u:...

xERC4626 is vulnerable to exchange rate MEV:

Lines of code LOC: https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/sfrxETH.sol#L26 Vulnerability details Description When protocols hand out rewards to staked tokens, they must be careful to do so without leaving a large MEV opportunity, otherwise a bot....

Hackers Using Malicious OAuth Apps to Take Over Email Servers

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't...

User will lose rewards

Lines of code Vulnerability details Impact User will lose there rewards even when vesting period has completed. Also the reward will get stuck in the contract with no one able to retrieve them Proof of Concept Admin creates a new claim using createClaim function function createClaim( ...

Wrong accounting logic when syncRewards() is called within beforeWithdraw makes withdrawals impossible

Lines of code Vulnerability details Impact sfrxETH.beforeWithdraw first calls the beforeWithdraw of xERC4626, which decrements storedTotalAssets by the given amount. If the timestamp is greater than the rewardsCycleEnd, syncRewards is called. However, the problem is that the assets have not been...

beforeWithdraw() call syncRewards() results in incorrect nextRewards

Lines of code Vulnerability details Impact beforeWithdraw() call syncRewards() cause the number of "nextRewards" to be incorrect . if a large amount is withdraw() at the end of the cycle, then the next cycle reward will incorrectly increase by the corresponding amount Proof of Concept when call...

Ltd. cloud cold chain management system has SQL injection vulnerability

Ltd. is a high-tech company that focuses on people's health, safety and well-being, and is a high-tech enterprise that integrates industrial and personal product development, design, manufacturing and sales to maintain people's health and assist organizations in maintaining the health and safety...

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

Our analysis of a recent version of a previously reported info-stealing Android malware, delivered through an ongoing SMS campaign, demonstrates the continuous evolution of mobile threats. Masquerading as a banking rewards app, this new version has additional remote access trojan (RAT)...

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

Our analysis of a recent version of a previously reported info-stealing Android malware, delivered through an ongoing SMS campaign, demonstrates the continuous evolution of mobile threats. Masquerading as a banking rewards app, this new version has additional remote access trojan (RAT)...

Limiting the Software Supply Chain Attack Surface

Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone (of course) and run into a.....

Limiting the Software Supply Chain Attack Surface

Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone (of course) and run into a.....

Nanjing Thing Orange Information Technology Co., Ltd. home recipe book APP has information leakage vulnerability

Home-Cooked Recipe Book APP is a food recipe software. Nanjing Thing Orange Information Technology Co., Ltd. has an information leakage vulnerability in Home Recipe Book APP, which can be exploited by attackers to obtain sensitive...

PegOracle reported fraction price is constructed to favor the depeg

Lines of code Vulnerability details Depeg event is defined as linked asset price being below the strike price in the terms of the underlying asset. However, the PegOracle aimed to report the fraction of the pegged asset to the underlying always reports the number below 1, no matter how prices are.....

rewarding is not started after StakingRewards contract deployment and there is no specific time set for contract start time of rewarding, users stacked their funds has no way knowing when is rewarding is going to be started

Lines of code https://github.com/code-423n4/2022-09-y2k-finance/blob/2175c044af98509261e4147edeb48e1036773771/src/rewards/StakingRewards.sol#L72-L87 Vulnerability details Impact after StakingRewards the constructor() logic set value for rewardRate and rewardsDuration but rewarding is not started...

User fund lost because they can't withdraw() their funds before epoch startTime and they have to stuck in positions that become unprofitable even when epoch is not started

Lines of code Vulnerability details Impact users deposit their funds in Vault when epoch is not started but as other users deposit funds too or price of pegged token changes users get different risk to reward and they may wants to withdraw their funds before epoch start time to get out of bad...

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

Summary Actions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data. This joint Cybersecurity Advisory (CSA) is the result of an analytic effort...

How a Principal Engineer Made His Journey to Cloud Security With Rapid7

The first programming language I learned in my childhood was Pascal. I was 12 years old at the time, and I quickly developed a passion for technology. From a young age, I always knew I wanted to learn engineering and computer science. I wanted to solve big design and architecture problems while...

Loss of precision will lock portions of tokens

Lines of code Vulnerability details Impact When the initial balance of a redemption reward token is smaller than the base, small amounts of the token will be rounded down to zero, meaning small-amount users will get nothing for redeeming tokens. Broken accounting means high severity Proof of...

U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers

More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds...

YouTuber on the run after allegedly swiping $55m from followers

We mostly hear about bogus advertising and offers via compromised accounts on Instagram or Facebook. Strict advertising rules on social media involve making it clear that someone is promoting an ad or offering up a risky venture. However, sometimes things go wrong on other platforms like YouTube......

Exploit for SQL Injection in Casbin Casdoor

前言 Casdoor是一个基于OAuth 2.0/OIDC的中心化的单点登录（SSO）身份验证平台 编号...

Exploit for Authentication Bypass by Capture-replay in Sinilink Xy-Wft1 Firmware

CVE-2022-43704 - Channel Accessible by...

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering.....

Microcar App has information leakage vulnerability

Microcar APP is a traffic violation query software running on android platform. There is an information leakage vulnerability in Microcar APP, which can be exploited by attackers to obtain sensitive...

ResMed: [shop.resmed.com]CSRF leads to Unsubscribe victim from Communication and Reward Membership

Hello, Team While testing on your main domain I discovered CSRF Attack which lead to unsubscribe victims from Communication/Reward Membership. This more like in-depth security issue with reasonable attack scenario. Description: It is possible to unsubscribe a logged-in user from any subscribed...

Command Execution Vulnerability in SmoothT Proprietary Cloud

SmoothT Proprietary Cloud is a cloud ERP system that integrates the whole scenario of doing business, managing business, and watching business. A command execution vulnerability exists in SmoothT Proprietary Cloud, which can be exploited by attackers to execute arbitrary...

Ransomware Attacks are on the Rise

After a recent dip, ransomware attacks are back on the rise. According to data_ released by _NCC Group, the resurgence is being led by old ransomware-as-a-service (RaaS) groups. With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as...

Beijing Century Super Star Information Technology Development Co., Ltd. has a stored XSS vulnerability in Learning Pass

Learning Pass is a course learning, knowledge dissemination and management sharing platform built on a microservice architecture. Beijing Century Super Star Information Technology Development Co., Ltd. has a stored XSS vulnerability, which can be used by attackers to obtain sensitive information...