Security Bulletin: IBM Cloud Pak for Integration Operators affected by multiple vulnerabilities

Summary Operators for BM Cloud Pak for Integration CP4I version 2020.2 are affected by vulnerabilities in Go prior to Go version 1.14.7. Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By...

PT-2020-16308 · Live Helper Chat · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat versions prior to 3.44v Description: The issue allows for stored XSS in chat messages with an operator via BBCode. This means that an attacker can inject malicious code into chat messages, which can then be executed by the...

vdi-com.de Cross Site Scripting vulnerability OBB-1348391

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Multiple Plugins/Themes - Cross-Site Request Forgery (CSRF)

NinTechNet discovered multiple WordPress plugins and themes vulnerable to Cross-Site Request Forgery CSRF. The items only check the CSRF nonce if it has been provided, making them vulnerable to CSRF attacks if the nonce is removed. This is due to the confusing use of logic operators when verifyin...

Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers

Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Softwar...

bidq.co.kr Cross Site Scripting vulnerability OBB-1256348

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

jrpr.org Cross Site Scripting vulnerability OBB-1230473

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

TrickBot Sample Accidentally Warns Victims They're Infected

TrickBot, the infamous info-stealing trojan, has been trying out a test module that accidentally pops up fraud alerts to victims. A sandboxed sample of the trojan, obtained by MalwareHunterTeam and analyzed by Advanced Intelligence’s Vitali Kremez, turns out to contain a new module, called “modul...

Locating malicious drone operators through deep neural networks

By Zara Khan Researchers at Ben Gurion University have developed a technique... This is a post from HackRead.com Read the original post: Locating malicious drone operators through deep neural networks...

Maze Ransomware operators hack LG Electronics stealing critical data

By Sudais Asif The infamous Maze Ransomware operators have also leaked sample data. This is a post from HackRead.com Read the original post: Maze Ransomware operators hack LG Electronics stealing critical data...

New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users

High impact vulnerabilities in modern communication protocol used by mobile network operators MNOs can be exploited to intercept user data and carry out impersonation, fraud, and denial of service DoS attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in...

docmicro.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1156096 Security Researcher C0wnuts Helped patch 7 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting docmicro.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO...

secure2.clarin.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1123756 Security Researcher dracutdashf Helped patch 5 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting secure2.clarin.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines of...

Next-Gen Ransomware Packs a 'Human' Punch, Microsoft Warns

Researchers are warning that “human operated” ransomware campaigns are growing more sophisticated, adopting new infection tactics and lateral movement techniques that traditional defense teams aren’t equipped to handle. Researchers said that “auto-spreading” ransomware – like WannaCry and NotPety...

DNS Encryption at DNS OARC 32

The DNS DNS Operations, Analysis, and Research Center DNS OARC is an organization that, in their own words, works to "improve the security, stability, and understanding of the Internet's DNS infrastructure." They hold regular workshops where deployment experts, software developers, researchers, a...

Job fails to create VSS snapshot for SMB share

Challenge A File Backup/file to tape job skips VSS snapshot creation on SMB share and ends with the following message in the log: Failed to create a VSS snapshot, failing over to direct backup from the file share A File Backup job for an SMB3 File Share configured to use Backup from a Microsoft V...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1065)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sLoad launches version 2.0, Starslord

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service BITS for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage...

The New Year Calls for a Change in the OT Industry’s State of Security

In 2014, a Western European steel mill suffered serious damage from a phishing attack that penetrated its IT and Operational Technology OT networks the software and hardware dedicated to monitoring and controlling physical devices where attackers gained control of plant equipment. In 2018, 74% of...

Customer Guidance for the Dopplepaymer Ransomware

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP BlueKeep, as ways in which this malware spreads. Our security research teams have investigated and...