loestamoshaciendo.narino.gov.co Cross Site Scripting vulnerability OBB-2582118

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Ukraine government and pro-Ukrainian sites hit by DDoS attacks

The Computer Emergency Response Team in Ukraine CERT-UA has announced that Ukraine government web portals and pro-Ukraine sites are subjected to ongoing DDoS distributed denial of service attacks. They dont currently know who is behind these attacks. The attack involves injecting a malicious...

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in...

Nation-state Hackers Target Journalists with Goldbackdoor Malware

Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believ...

A week in security (April 18 – 24)

Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploads North Korean Lazarus APT group targets blockchain tech companies Watch out for Ukraine donation scammers in Twitter replies Beware tragic “my daughter died…” Facebook posts offering free PS5s US warns of APT groups...

Pegasus spyware found on UK government office phone

“When we found the No. 10 case, my jaw dropped." John Scott-Railton recalled after finding out on July 7, 2020 that Pegasus, the highly sophisticated flagship spyware of Israels NSO Group, was used to infect a phone linked to the network at 10 Downing Street, the UK Prime Ministers home and offic...

LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users

By Deeba Ahmed Lazarus APT group is backed by the North Korean government and is currently targeting organizations and unsuspecting users… This is a post from HackRead.com Read the original post: LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users...

North Korean Lazarus APT group targets blockchain tech companies

A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...

CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment

CISA has released draft versions of two guidance documents—along with a request for comment RFC—that are a part of the recently launched Secure Cloud Business Applications SCuBA project: Secure Cloud Business Applications SCuBA Technical Reference Architecture TRA Extensible Visibility Reference...

tatiuc.terengganu.gov.my Cross Site Scripting vulnerability OBB-2523353

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Old Zimbra vulnerability used to target Ukrainian Government Organizations

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Ukrainian Computer Emergency Response Team CERT-UA has issued an alert about a campaign targeting Ukrainian government entities that involve an exploit for an XSS vulnerability in Zimbra Collaboration Suite. The attacker...

CVE-2022-27451

creationtimestamp| type| source ---|---|--- 2022-04-17 00:02:19+00:00| seen| https://t.me/cibsecurity/40755 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

pmint.terengganu.gov.my Cross Site Scripting vulnerability OBB-2520424

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Weekly Threat Digest: 4 – 10 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 438 3 3 53 16 54 The second week of April 2022 witnessed the discovery of 438 vulnerabilities out of which 3 gaine...

CVE-2022-24491

creationtimestamp| type| source ---|---|--- 2022-04-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=784 2022-04-13 08:18:48+00:00| seen| https://t.me/itsecnews/474 2022-04-13 16:05:03+00:00| exploited| https://t.me/truesecator/2844 2022-04-14 13:46:52+00:00| exploited|...

Attacks on European Union and Ukrainian government entities carried out by the Armageddon group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of an ongoing spear-phishing attempt aimed at delivering an email with a malware attachment to Ukrainian government institutions and European...

E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware

Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agen...

CVE-2022-22958

creationtimestamp| type| source ---|---|--- 2022-04-07 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=775 2022-05-01 21:40:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2076...

CVE-2022-22955

creationtimestamp| type| source ---|---|--- 2022-04-07 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=775 2022-05-01 21:40:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2076...

state.bihar.gov.in Open Redirect vulnerability OBB-2460502

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...