Weak Password Vulnerability in MX-M316N of Sharp Trading (China) Co.

Sharp Trading China Co., Ltd. is a foreign enterprise that distributes and wholesales household appliances, LCD TVs, air conditioners, cell phones, printers and other products. A weak password vulnerability exists in Sharp Trading China Co. MX-M316N, which can be exploited by attackers to obtain...

[SECURITY] [DSA 4934-1] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4934-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2021 https://www.debian.org/security/faq -...

Malicious spam campaigns delivering banking Trojans

In mid-March 2021, we observed two new spam campaigns. The messages in both cases were written in English and contained ZIP attachments or links to ZIP files. Further research revealed that both campaigns ultimately aimed to distribute banking Trojans. The payload in most cases was IcedID...

Pandemic-Bored Attackers Pummeled Gaming Industry

Attacks on the gaming industry skyrocketed during the year of the pandemic, with attacks on web applications shooting up 340 percent in 2020. According to Akamai Technologies’ latest State of the Internet and Security report, Gaming in a Pandemic PDF, cyberattack traffic targeting the video game...

DRUPAL-CONTRIB-2021-019

This project is related to Opigno LMS distribution. It implements the group manager in the Opigno LMS. The module does not set X-Frame-Options and blocks ability of other modules e.g Security Kit to add them, leaving it vulnerable to Clickjacking...

The vulnerability of the microprogrammed software of WAGO Series PFC200 programmable logic controllers, related to unlimited resource distribution, allows a intruder to cause malfunctions during maintenance.

The vulnerability of the microprogrammed software in WAGO Series PFC200 programmable logic controllers is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a remote operator to cause a malfunction in the service operation...

Avaddon Ransomware Gang Evaporates Amid Global Crackdowns

Ransomware group Avaddon has decided to shutter its criminal enterprise after landing in the crosshairs of law-enforcement agencies in the U.S. and Australia. Avaddon, a prolific ransomware-as-a-service RaaS provider, released its decryption keys to BleepingComputer — 2,934 in total — with each k...

CVE-2021-32623

Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a seemingly permanent denial of service attack, essentially taking down Opencast usin...

Pot distribution does not need to add up to 100%

Handle cmichel Vulnerability details Vulnerability Details The Factory.setPotDistribution allows specifying values that add up to less than 100% because of the inequality = 1000 instead of an equality == 1000. Impact If using less than 100%, funds could become stuck in the market for certain mode...

Reddit: Domain Takeover of Reddit.ru via DNS Hijacking

Summary I discovered that Reddit.ru was vulnerable to DNS hijacking via DNS provider, Reg.ru. This would allow a malicious attacker to control the content on this domain, as well as, create email addresses associated with it... I'm going to be totally honest and say that any of us ethical hackers...

Linux Polkit权限提升漏洞（CVE-2021-3560）

Privilege escalation with polkit: How to get root on Linux with a seven- year-old bug Kevin Backhouse https://github.blog/author/kevinbackhouse/ polkit is a system service installed by default on many Linux distributions. It's used by systemd, so any Linux distribution that uses systemd also uses...

Unspecified vulnerability in cumulative-distribution-function

cumulative-distribution-function is a software application. Computes a statistical cumulative distribution function from an array of x-valued data. A security vulnerability exists in cumulative-distribution-function versions prior to 2.0.0, which stems from the fact that an application using this...

SUSE SLES11 Security Update : openssl1 (SUSE-SU-2020:14560-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14560-1 advisory. - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL...

OracleVM 3.4 : openssl (OVMSA-2021-0011)

The remote OracleVM system is missing necessary patches to address security updates: - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different...

SUSE: Security Advisory (SUSE-SU-2018:0865-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google PPC Ads Used to Deliver Infostealers

Researchers have tracked down the origins of several increasingly prevalent info-stealers – including Redline, Taurus, Tesla and Amadey – that threat actors are delivering via pay-per-click PPC ads in Google’s search results. On Wednesday, breach prevention firm Morphisec posted an advisory in...

DRUPAL-CONTRIB-2021-011

Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account. This vulnerabilit...

DRUPAL-CONTRIB-2021-010

This Open Social distribution provides a turn-key system for building customized social networks. The module doesn't sufficiently process data in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access mentions"...

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice DoJ Tuesday said it intervened to take control of two command-and-control C2 and malware...

Revisiting the NSIS-based crypter

This blog post was authored by hasherezade NSIS Nullsoft Scriptable Install System is a framework dedicated to creating software installers. It allows to bundle various elements of an application together i.e. the main executable, used DLLs, configs, along with a script that controls where are th...