CVE-2023-33134

creationtimestamp| type| source ---|---|--- 2023-07-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1062...

CVE-2023-35367

creationtimestamp| type| source ---|---|--- 2023-07-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1062...

CVE-2023-32057

creationtimestamp| type| source ---|---|--- 2023-07-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1062 2023-07-12 09:42:06+00:00| seen| https://t.me/kasperskyb2b/746...

CVE-2023-21526

creationtimestamp| type| source ---|---|--- 2023-07-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1062...

CVE-2023-35365

creationtimestamp| type| source ---|---|--- 2023-07-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1062...

CVE-2023-33157

creationtimestamp| type| source ---|---|--- 2023-07-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1062 2023-08-23 15:04:07+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8897...

Storm-0978 attacks reveal financial and espionage motives

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosu...

CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

DDoS Attacks Soar by 168% on Government Services, StormWall Warns

By Waqas The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in DDoS attacks. This is a post from HackRead.com Read the original post: DDoS Attacks Soar by 168% on Government Services, StormWall Warns...

US Spies Are Buying Americans' Private Data. Congress Has a Chance to Stop It

The National Defense Authorization Act may include new language forbidding government entities from buying Americans' search histories, location data, and more...

Swedish Data Protection Authority Warns Companies Against Google Analytics Use

The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for...

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were firs...

CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments

Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI to provide recommendations and best practices for organizations to strengthen the security of their CI/CD pipelines against the threat of malicious cyber actors MCAs. Recognizing the variou...

Exposed Interfaces in US Federal Networks: A Breach Waiting to Happen

By Waqas The research mainly aimed at examining VPNs, firewalls, access points, routers, and other remote server management appliances used by top government agencies in the United States. This is a post from HackRead.com Read the original post: Exposed Interfaces in US Federal Networks: A Breach...

Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The intrusions, which make use of residential proxy services to obfuscate the source IP address of the attacks, target governments, ...

staging.cese.nsw.gov.au Cross Site Scripting vulnerability OBB-3471164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

servicos.saudades.sc.gov.br Cross Site Scripting vulnerability OBB-3463409

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AI as Sensemaking for Public Comments

Its become fashionable to think of artificial intelligence as an inherently dehumanizing technology, a ruthless force of automation that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special,...

CVE-2023-33299

creationtimestamp| type| source ---|---|--- 2023-06-22 12:39:06+00:00| published-proof-of-concept| https://t.me/purplemedved/50 2023-06-23 17:20:05+00:00| seen| https://t.me/truesecator/4536 2023-06-26 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1053 2023-06-26...

Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...