CVE-2020-26249

The CVE-2020-26249 entry concerns Red Discord Bot Dashboard. The affected component is the Dashboard webserver/frontend used by Red Discord Bot, with a root cause that allows remote code execution when a Discord user provides specially crafted Server names and Usernames/Nicknames. If exploited, t...

Don't reward your loyal customers by treating them like criminals!

I am CIAM not IAM Imagine shopping in your favourite wine merchant or checking in to the brand of hotel that you afford the most loyalty, and at the point of self-identification either to prove age or verification security is called over and you are frisked. Not a great experience. Would you...

Red Discord Bot Cross-Site Scripting Vulnerability

Red Discord Bot is a modular robot written in Python by an individual developer. The bot software can be configured to perform different functions depending on the module. A security vulnerability exists in Red Discord Bot Dashboard that allows a mismatched user to inject code into the webserver...

Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored...

Ticketmaster Scores Hefty Fine Over 2018 Data Breach

Ticketmaster’s UK division has been slapped with a $1.65 million fine by the Information Commissioner’s Office ICO in the UK, over its 2018 data breach that impacted 9.4 million customers. The fine £1.25million has been levied after the ICO found that the company “failed to put appropriate securi...

Advanced Bot Protection Handling More Traffic Than Ever

It’s been six months since we launched the Advanced Bot Protection solution as fully integrated into Imperva’s Application Security platform. Previously, the Advanced Bot Protection solution lived on a separate platform, known as the ‘Distil’ platform, from our acquisition of Distil Networks...

WooCommerce Blocks < 3.7.1 - Guest Account Creation

Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the "Allow customers to create an account during checkout" setting is disabled. This vulnerability is being exploited by a bot to place spam orders and create user...

CVE-2020-6014

Check Point Endpoint Security Client for Windows (before vE83.20) is affected: loading a non-existent DLL during a Domain Name query can allow an administrator to execute code within a Check Point signed binary, with potential client termination. The vulnerability is described across CVE-2020-601...

How the Crypto Challenge as Action Helped a Major Airline Reduce False Positives While Protecting the Customer Experience

Challenges of Bot Detection: Keeping Defenses High Without Triggering False Positives Identifying bots is important and complicated work. Keeping up with ever-changing bot technologies and attack strategies requires deep knowledge and continuous threat research. The outbreak of the COVID-19...

Red Discord Bot Elevation of Privilege Vulnerability

Red Discord Bot is a modular robot written in Python by an individual developer. The bot software can be configured to accomplish different functions depending on the module. A security vulnerability exists in Red Discord Bot versions prior to 3.4.1 that stems from an unauthorized privilege...

CVE-2020-15278

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

CVE-2020-15278

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

PYSEC-2020-267

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

PYSEC-2020-267

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

Command injection

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

CVE-2020-15278 Unauthorized privilege escalation in Mod module

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

CVE-2020-15278

CVE-2020-15278 affects Red Discord Bot prior to 3.4.1. The vulnerability is an unauthorized privilege escalation in the Mod module, allowing users with high privileges in a guild to bypass hierarchy checks under conditions outside their control, potentially enabling destructive actions. The issue...

Akamai's Polymorphic AI Framework Preemptively Manages Bots

Too many security efforts react to threats as they come. While security teams often succeed through Herculean efforts, being constantly under siege takes its toll on your resources. The relentless barrage of bot attacks will eventually crack the human- and system-based methods to block or mitigat...

What's New in Web Security

With Akamai's web security portfolio, the top focus this October is on the web application firewall WAF, with exciting new capabilities: API Discovery and Adaptive Security Profiles. Along with the rest of the industry, Akamai has observed a long-term shift in the applications that we're...

CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...