home.sagia.gov.sa Open Redirect vulnerability OBB-3160936

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Kasablanka Group Launches Phishing Campaigns Targeting Russian Government Entities

Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writes and...

Security Analysis of Threema

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus , said it observed the...

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the...

What’s New in InsightIDR: Q4 2022 in Review

As we continue to empower security teams with the freedom to focus on what matters most, Q4 focused on investments and releases that contributed to that vision. With InsightIDR, Rapid7’s cloud-native SIEM and XDR solution, teams have the scale, comprehensive contextual coverage, and expertly vett...

Pro-Russian Hacktivist Group NoName057(16) Launches Cyber Attacks on Ukraine and NATO Organizations

Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary NoName05716 is a pro-Russian hacktivist group that has been conducting a campaign of DDoS attacks on Ukraine and NATO organizations since the early days of the war in Ukraine. The group has targeted...

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting governments and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or...

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting governments and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or...

CVE-2023-20026

creationtimestamp| type| source ---|---|--- 2023-01-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=946 2023-01-12 12:42:11+00:00| published-proof-of-concept| https://t.me/ctinow/86487 2025-03-12 16:41:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7330...

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin aka QNAP worm, attributed to a threat actor dubbed DEV-0856, is a...

Dark Pink APT Group Targets Governments and Military in APAC Region

Government and military organizations in the Asia-Pacific region are being targeted by a previously unknown advanced persistent threat APT actor, per latest research conducted by Albert Priego of Group-IB The Singapore-headquartered company, in a report shared with The Hacker News, said it's...

CVE-2023-21549

creationtimestamp| type| source ---|---|--- 2023-01-11 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=943 2023-01-11 12:38:43+00:00| exploited| https://t.me/truesecator/3921 2023-04-20 17:05:26+00:00| seen| Telegram/yeBToDoNHeKvyVTJPeFicFtvM2bdSereR2eEZr-sQm3qUA...

Open redirect on government website sends users to adult content

Fake websites and open redirects have conspired to make things awkward for a UKGOV website. The site in question, riverconditionsdotenvironment-agencydotgovdotuk, was being abused in search engine results to redirect to various sites which arent associated with UKGOV--most of which were adult...

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat...

UK gov website being used to redirect to porn sites

TL;DR UK Government Environment Agency web site had an open redirect that was actively being used to redirect to various porn sites, including OnlyFans clone sites. Disclosure should have been easy but wasn’t, as the agency haven’t followed wider UK government policy on vulnerability disclosure...

Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically...

SideCopy APT Launches Phishing Campaign Against Indian Government

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The new malicious activity of the SideCopy threat actors is the attack campaign STEPPYKAVACH, which was notably active in 2021 and was originally related to Pakistan. The most recent malicious attack...

CVE-2022-47939

creationtimestamp| type| source ---|---|--- 2022-12-23 18:14:48+00:00| seen| https://t.me/cibsecurity/55256 2022-12-26 14:17:41+00:00| seen| https://t.me/itsecnews/1981 2022-12-27 16:17:11+00:00| seen| https://t.me/codebysec/6981 2022-12-28 04:00:00+00:00| seen|...

Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials

A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPYKAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior...