669 matches found
How to Prevent Ransomware as a Service (RaaS) Attacks
Explore key insights on how ransomware as a service RaaS operators work and how to prevent ransomware attacks...
Rhysida Ransomware
Rhysida Ransomware By Alexandre Mundo, Max Kersten, and Leandro Velasco · October 9, 2023 New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an anonymised version of an attack by...
ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies
Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers an...
tiiips.com Cross Site Scripting vulnerability OBB-3673342
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
DorXNG - Next Generation DorX. Built By Dorks, For Dorks
DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG...
GHSA-23PX-MW2P-46QM Cosmos-SDK Cosmovisor component may be vulnerable to denial of service
Component: Cosmovisor Criticality: Medium Affected Versions: Cosmovisor v1.0.0 distributed with Cosmos-SDK 0.46 Affected Users: Validators and Node operators utilizing unsupported versions of Cosmovisor Impact: DOS, potential RCE on node depending on configuration An issue has been identified on...
Cosmos-SDK Cosmovisor component may be vulnerable to denial of service
Component: Cosmovisor Criticality: Medium Affected Versions: Cosmovisor v1.0.0 distributed with Cosmos-SDK 0.46 Affected Users: Validators and Node operators utilizing unsupported versions of Cosmovisor Impact: DOS, potential RCE on node depending on configuration An issue has been identified on...
PYSEC-2023-167
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
PYSEC-2023-167
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
CVE-2023-40015 Vyper: reversed order of side effects for some operations
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
GPAC Security Vulnerabilities
GPAC is an open source multimedia framework. A security vulnerability exists in versions prior to gpac 2.3-DEV, which stems from the comparison of floating point and error operators...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +232 more potentially affected by CVE-2023-40273 via apache-airflow (>=1.10.1 <=2.7.1)
apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2023-40273 Source advisory: OSV:PYSEC-2023-158...
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Threat actors are increasingly using a phishing-as-a-service PhaaS toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft...
CVE-2023-23568
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...
CVE-2023-23568
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...
CVE-2023-23568
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...
CVE-2023-25074
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...
CVE-2023-25074
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...
CVE-2023-22428
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to vEL8.60.2347 MR6, vEL8.50 prior to vEL8.50.2831MR8, vEL8.40 a...
CVE-2023-25074 Competency access levels not enforced in the server
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...