nala.gov.et Cross Site Scripting vulnerability OBB-3817788

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific APAC region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and th...

CVE-2023-35630

creationtimestamp| type| source ---|---|--- 2023-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1182...

CVE-2023-35641

creationtimestamp| type| source ---|---|--- 2023-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1182...

PT-2023-12930 · Curl · Curl

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue concerns a cyber espionage campaign, specifically the KV-botnet investigation. It involves various threats, including Kv-botnet, Beacon, Zuo rat, Hiatusrat, and Imminentmonitor rat...

New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs...

A week in security (December 4 – December 10)

Last week on Malwarebytes Labs: Meta’s Purple Llama wants to test safety risks in AI models US government is snooping on people via phone push notifications, says senator Android phones can be taken over remotely – update when you can How IT teams can conduct a vulnerability assessment for...

APT28’s Tactical Exploitation of Critical Vulnerabilities

Summary: The APT28 adversary, originating from Russia, has garnered notoriety through sophisticated phishing activities. By exploiting patched vulnerabilities as an initial access point, APT28 conducts extensive campaigns targeting diverse sectors, including government, aerospace, education,...

US government is snooping on people via phone push notifications, says senator

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apples servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by...

Spying through Push Notifications

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them--either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this: In a...

Governments May Spy on You by Requesting Push Notifications from Apple and Google

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said. "These alerts pass through a digital post...

Adobe ColdFusion Vulnerability Leads to Federal Agency Breach

Summary: Unidentified threat actors exploit Adobe ColdFusion vulnerability CVE-2023-26360 on government servers, leading to potential unauthorized code execution. Incidents involve reconnaissance, data extraction attempts, and emphasize the importance of software updates. Threat Level - Red |...

PT-2023-18914 · Undefined · Undefined

ParsedReport CompletenessMedium 07-12-2023 Fighting Ursa Aka APT28: Illuminating a Covert Campaign https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397 Report completeness: Medium Actors/Campaigns: Fancy bear Forest blizzard Threats: Wildfire Victims: Organizatio...

Police Can Spy on Your iOS and Android Push Notifications

Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator...

Adobe Coldfusion vulnerability used in attacks on government servers

The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

The U.S. Cybersecurity and Infrastructure Security Agency CISA warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion CVE-2023-26360 presents as an improper access...

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Employ proper network segmentation. 3. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access...

CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs

Today, CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, Environmental Protection Agency EPA, and the Israel National Cyber Directorate INCD released a joint Cybersecurity Advisory CSA IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the acti...

The CDC's Gun Violence Research Is in Danger

In a year pocked with fights over US government funding, Republicans are quietly trying to strip the Centers for Disease Control and Prevention of its ability to research gun violence...

The Hundred-Year Battle for India’s Radio Airwaves

The Indian government has a monopoly on radio news, allowing it to dictate what hundreds of millions of people hear. With an election approaching, that gives prime minister Narendra Modi a huge advantage...