微信打赏（Wechat Reward) Security Vulnerabilities

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR....

FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.

The FBI's takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a....

Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement

LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as....

U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed.....

A first analysis of the i-Soon data leak

Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon (aka Anxun) is...

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's...

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to...

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details. An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the.....

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being...

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person....

Exploit for OS Command Injection in Hikvision Intercom Broadcast System

CVE-2023-6895 漏洞扫描器 这是一个简单的 Python 脚本，用于扫描网站以检查是否存在...

Nervos CKB Unaligned Pointer Dereference

via [email protected] There are multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers. This results in unaligned pointers, which are not allowed by the Rust language, and are considered undefined behavior, meaning that the compiler is free to do...

Nervos CKB Unaligned Pointer Dereference

via [email protected] There are multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers. This results in unaligned pointers, which are not allowed by the Rust language, and are considered undefined behavior, meaning that the compiler is free to do...

Exploit for File Descriptor Leak in Linuxfoundation Runc

CVE-2024-21626-demo Container Runtime Meetup #5 のLT用のデモ。...

Exploit for File Descriptor Leak in Linuxfoundation Runc

CVE-2024-21626-POC 使用说明 仅供教育/研究使用，任何与教育/研究无关的行为所产生的风险自行负责...

update_market() nextEpoch calculation incorrect

Lines of code Vulnerability details Vulnerability details A very important logic of update_market() is to update accCantoPerShare. When updating, if it crosses the epoch boundary, it needs to use the corresponding epoch's cantoPerBlock[epoch]. For example: cantoPerBlock[100000] = 100...

update_market() market weight incorrect

Lines of code Vulnerability details Vulnerability details in update_market() We need to get the weight percentage of the corresponding market epoch through gaugeController Then allocate cantoPerBlock[epoch] according to the percentage The main logic code is as follows: function...

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the...

BLOCK_EPOCH and WEEK should not be mixed

Lines of code Vulnerability details Impact Rewards and voting weights are aligned on a weekly basis. In contract LendingLedger, reward is recorded for each epoch(block.number). However, when calling gauge_relative_weight_write, we should actually pass a timestamp, or the weight cannot be retrieved....

nextEpoch is incorrect

Lines of code Vulnerability details Impact Rewards and voting weights are aligned on a weekly basis. However, nextEpoch is calculated incorrectly, which may break the invariant "The total rewards that are sent for one block should never be higher than the rewards that were configured for this...

Wordfence Researcher Featured on Critical Thinking Podcast: Sharing Advanced WordPress Bug Bounty Tips and Tricks

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Today was another huge step forward in our continuing mission.....

Our Bug Bounty Program Extravaganza is Back and it’s Longer This Time – Earn up to $10,000 for Vulnerabilities in WordPress Software!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Our last extravaganza, the Holiday Bug Extravaganza, was so successful we decided to do it again to kick off the New Year right. Introducing our New Year...

SQL Injection Vulnerability in Ruiyou Tianyi Application Virtualization System

Xi'an Ruiyou Information Technology Co., Ltd. is a professional virtualization and cloud computing solution provider. A SQL injection vulnerability exists in Ruiyou Skywing Application Virtualization System, which can be exploited by attackers to obtain database information and execute...

Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

It’s no secret that ransomware is top of mind for many chief information security officers (CISOs) as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks....

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432（minio信息泄露）泄露账号密码...

Weak Password Vulnerability in Cloud Mirror Network Asset Vulnerability Scanning System of DeepTrust Technology Co.

CloudMirror Network Asset Vulnerability Scanning System is a new generation of vulnerability risk management products independently developed by DeepSense, combining years of practical experience in vulnerability mining and security services, to help users check the vulnerability risks of assets...

Bonds created in year cross epoch's can lead to lost payouts

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/governance/contracts/OLAS.sol#L75-L84 Vulnerability details Impact Bond depositors and agent/component owner's may never receive the payout Olas Incorrect inflation control Proof of Concept.....

Wrong invocation of Whirpools's updateFeesAndRewards will cause it to always revert

Lines of code Vulnerability details Impact Deposits will be unwithdrawable from the lockbox Proof of Concept If the entire liquidity of a position has been removed, the withdraw function calls the updateFeesAndRewards function on the Orca pool before attempting to close the position....

Insufficient Fund Guard for Treasury Reward Rebalancing Due to Unrestricted Withdrawals

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/main/tokenomics/contracts/Treasury.sol#L402-L410 Vulnerability details Impact The potential issue identified in the Treasury.rebalanceTreasury()involves the risk of failing to transfer treasury rewards from ETHFromServices to...

Service Owner loses all of his/her topUp earnings when inflationControl returns false

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Tokenomics.sol#L1144-L1149 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L412-L418...

Silent failure in user reward transfer in Treasury.withdrawToAccount() can lead to loss of rewards

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Tokenomics.sol#L1146 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L402-L410...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432 Minio...

Exploit for Server-Side Request Forgery in Apache Ofbiz

CVE-2023-51467 图形化 Apache Ofbiz CVE-2023-51467 远程代码执行漏洞利用工具...

Exploit for Code Injection in Apache Ofbiz

OFBiz-Attack A Tool For CVE-2023-49070/CVE-2023-51467 Attack...

Upgraded Q -> 2 from #49 [1704028025372]

Judge has assessed an item in Issue #49 as 2 risk. The relevant finding follows: L-05 Some tokens revert on 0 amount transfer ParticlePositionManager::liquidatePosition: File: protocol/ParticlePositionManager.sol 376: // reward liquidator 377: TransferHelper.safeTransfer(closeCache.tokenFrom,...

CVE-2023-51371

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating....

CVE-2023-51371

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating....

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating....

CVE-2023-51371 WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating....

Exploit for Expression Language Injection in Vmware Spring Cloud Function

CVE-2022-22963 一、工具描述 可用于检测CVE-2022-22963...

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in...

Liquidation condition should not factor the liquidation reward into the premiums

Lines of code Vulnerability details Summary The premiums used to determine the liquidation condition have the liquidation reward already discounted, potentially causing a lien to be considered underwater while technically it is not. Impact Positions in Particle LAMM can be liquidated if the owed...

In some pools, borrowers can maliciously prevent liquidatePosition()

Lines of code Vulnerability details Vulnerability details in liquidatePosition() At the end of the liquidation, the liquidation fee will be transferred to the liquidator. function liquidatePosition( DataStruct.ClosePositionParams calldata params, address borrower ) external...

Position owners can steal others position's Wlp collaterals

Lines of code https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/PosManager.sol#L249-L268 Vulnerability details Impact Position's owner can steal other users Wlp collateral, as long as it doesn't completely withdraw all the balance of tokenId LP. Proof of Concept When users....

Incomplete Creator Rewards in Auction Settlement

Lines of code Vulnerability details Summary During the settlement of auctions in the AuctionHouse, the proceeds meant for creators are not accurately distributed, leading to potential loss of funds for the creators. Vulnerability Details In the process of settling auctions...

position can be opened without premium

Lines of code Vulnerability details Description Premium in ParticlePositionManager is used to cover trading fees accrued for the liquidity borrowed. When liquidating, a portion of the premium is also used for the liquidation reward. The issue is that a borrower can open a position without any...

liquidator will always take what is left of borrowers premium

Lines of code https://github.com/code-423n4/2023-12-particle/blob/main/contracts/protocol/ParticlePositionManager.sol#L415-L420 Vulnerability details Impact A liquidator can manipulate the pool they are swapping in to take any potential left over premium from the borrower. Proof of Concept When...

Zero amount token transfers may cause a denial of service during liquidations

Lines of code Vulnerability details Summary Some ERC20 implementations revert on zero value transfers. Since liquidation rewards are based on a fraction of the available position's premiums, this may cause an accidental denial of service that prevents the successful execution of liquidations....

BlackCat Ransomware Raises Ante After FBI Disruption

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released a decryption tool that hundreds of victim.....

CVE-2023-25715

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through...