Precision loss

Lines of code Vulnerability details Impact In line 729 of HolyPaladinToken.sol a huge precision loss occurs if dropDecreaseDuration is not a multiple of MONTH. In its current implementation dropDecreaseDuration / MONTH will get rounded down, which means that dropDecreaseDuration of 1 month and 29...

Imgur: 8ybhy85kld9zp9xf84x6.imgur.com Subdomain Takeover

Hello Gents, + While testing Imgur I found an unclaimed subdomain which is; “8ybhy85kld9zp9xf84x6.imgur.com”, and I was able to claim it! + But actually I didn't upload or host a simple file like mrbaka.html, because I need to upgrade the account to be able to use this custom domain! + Anyway, yo...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially created SpEL expression...

Prolific threat actor TA551 using new malware IcedID

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here TA551 is a financially motivated threat group that has been active at least since 2018. The gang primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution activities. IcedID, a...

A Fast and Seamless Gaming Experience for Gameloft

Gameloft is a leading gaming provider with more than 20 years of history. The company, created in 2000, has a passion for games and a desire to distribute them to even more players around the world. By bringing the wonders of games to mobile devices and, now, to all digital platforms, Gameloft ha...

[SECURITY] Fedora 36 Update: stargz-snapshotter-0.11.3-2.fc36

Fast container image distribution plugin with lazy pulling...

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of...

Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by...

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

Design/Logic Flaw

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

Valorant cheats on YouTube are actually information-stealing malware

Valorant, the popular free-to-play team based shooter, is attracting the attention of scammers. It’s reported that a malware distribution campaign is leveraging YouTube to push infection files. The campaign distributes a file known for password theft, and hunts for those passwords in browsers,...

The vulnerability of the Distribution Service for automatic deployment of installation files of backup and replication software for cloud, virtual, and physical systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Distribution Service for automatic deployment of installation files of backup and replication solutions from Veeam is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by loading specially...

The vulnerability of the Distribution Service for automatic deployment of installation files of backup and replication software for cloud, virtual, and physical systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Distribution Service for automatic deployment of installation files of backup and replication solutions from Veeam is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by loading specially...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Backup & Replication. A malicious party could exploit the vulnerabilities to execute of arbitrary code. To do so, the malicious party must access an internal API of the Veeam Distribution Service. For this no authentication is required. Veeam has released update...

[SECURITY] [DSA 5100-1] nbd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5100-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2022 https://www.debian.org/security/faq -...

Raccoon Stealer Crawls Into Telegram

A credential stealer that first rose to popularity a couple of years ago is now abusing Telegram for command-and-control C2. A range of cybercriminals continue to widen its attack surface through creative distribution means like this, researchers have reported. Raccoon Stealer, which first appear...

[SECURITY] [DSA 5097-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5097-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 09, 2022 https://www.debian.org/security/faq -...

bEth Rewards May Be Depleted By Flashloans or Whales

Lines of code Vulnerability details Impact Rewards are dispersed to users as a percentage of the user's balance vs total balance of bEth. Rewards are accumulated each time a user calls executedecreasebalance, executeincreasebalance or executeclaimrewards as these functions will in term call...

openSUSE 15 Security Update : flatpak (openSUSE-SU-2022:0712-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0712-1 advisory. - Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly...

CVE-2022-23233

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service DoS of the Local Distribution Router LDR service...