PYSEC-2020-266

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to...

Remote code execution

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to...

CVE-2020-15147

CVE-2020-15147 affects Red Discord Bot prior to versions 3.3.12 and 3.4, where the Streams module is vulnerable to remote code execution via crafted going-live messages. The underlying issue allows an attacker (Discord user) to inject code into the Streams going-live message, enabling destructive...

CVE-2020-15147 Remote Code Execution in Red Discord Bot

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to...

CVE-2020-15140

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive action...

CVE-2020-15140

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive action...

PYSEC-2020-265

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive action...

Code injection

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive action...

PYSEC-2020-265

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive action...

CVE-2020-15140

CVE-2020-15140 affects Red Discord Bot prior to 3.3.11. A remote code execution in the Trivia module (leaderboard command) can be triggered by specially crafted usernames, enabling destructive actions or access to sensitive data. The issue is fixed in version 3.3.11. Remediation: upgrade to 3.3.1...

Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach

The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...

Telegram Message Client

This module can be used to send a document and/or message to multiple chats on telegram. Please refer to the module documentation for info on how to retrieve the bot token and corresponding chat ID values. Module Options msf use auxiliary/client/telegram/sendmessage msf auxiliarysendmessage show...

Mail.ru: Sensitive information exposure via git commit

Token for a test ICQ bot account was leaked via git commit data for opensource Jira plugin...

Attack Analytics Multi-Sensor Integrations Provide Unmatched Visibility

Since debuting Attack Analytics back in 2018, this groundbreaking security analytics functionality has come a long way. Time and again our customers have told us how powerful they find the tool and how much time it saves them. Attack Analytics better positions Imperva’s customers to focus on what...

Mitigating Credential Stuffing Attacks in the Financial Sector

If You Think Multi-Factor Authentication Prevents Credential Stuffing, Think Again! Financial services firms around the world are experiencing credential stuffing attacks at an alarming rate. Cybercriminals are using readily available automation tools, botnets, and compromised account credentials...

DoubleGun Group Builds Massive Botnet Using Cloud Services

An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. NetLab 360 researchers, in a recent posting, said that it noticed DNS...

DiscordRAT - Discord Remote Administration Tool Fully Written In Python

Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Disclaimer: This tool is for educational use only, the author will not be held responsible for any misuse of this tool. This is my first project on github as...

Sphinx Malware Returns to Riddle U.S. Targets, with Modifications

The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with ...

Imperva Poised to Deliver its Leading Advanced Bot Protection and Network Security in India

With a presence in India since 2017, Imperva is continuing to provide a level of security excellence in the region. With Asia in general as both the target and source of most network DDoS attacks, and India topping the list for the first time in our latest DDoS threat landscape report, this is mo...

Advanced Bot Protection integrated into Imperva’s Cloud Application Security

Today, Imperva announced the general availability of Advanced Bot Protection that now fully integrates the industry-leading bot protection technology into its Cloud Application Security platform. By integrating Advanced Bot Protection this enables true defense-in-depth security by delivering bot...