IcedID Trojan Rebooted with New Evasive Tactics

Threat actors have enhanced a banking trojan that has been widely used during the COVID-19 pandemic with new functionality to help it avoid detection by potential victims and standard security protections. Attackers have implemented several new features — including a password-protected attachment...

Mail.ru: Improper Restriction of Excessive Authentication Attempts at http://terrafoot.ru/login.php (Rate Limit bypass via IP Rotation)

Password at terrafoot.ru was not sufficiently protected against bruteforce...

Mail.ru: Improper Restriction of Excessive Authentication Attempts at https://api.warrobots.com/auth (Pixonic Games)

Password at warrobots.com was not sufficiently protected against bruteforce...

Mail.ru: Improper Restriction of Excessive Authentication Attempts at o2-ac.my.com/token

Password at my.com was not sufficiently protected against bruteforce...

Mail.ru: Improper Restriction of Excessive Authentication Attempts at https://mirror.w1.dwar.ru/login.php

Password at dwar.ru was not sufficiently protected against bruteforce...

Security Bulletin: Rational DOORS is affected by multiple vulnerabilities

Summary Rational DOORS has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2018-1457 DESCRIPTION: An undisclosed vulnerability in IBM Rational DOORS 9 application allows an attacker to gain DOORS administrator privileges. CVSS Base Score: 8.1 CVSS Temporal Score: See...

CVE-2020-10278

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image...

Design/Logic Flaw

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image...

CVE-2020-10278

CVE-2020-10278 concerns an unprotected BIOS on Mobile Industrial Robots (MiR) systems, where the BIOS has no password protection. The root issue allows a local operator to modify BIOS settings (e.g., boot order) and potentially boot from a Live Image. The connected documentation confirms MiR prod...

CVE-2020-11037

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is...

Design/Logic Flaw

In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is...

CVE-2020-11826

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...

CVE-2020-11826

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...

Default credentials

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...

CVE-2020-11826

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...

The vulnerability of the SCADA system MasterSCADA, related to deficiencies in password protection mechanisms, allows attackers to gain access to the project.

The vulnerability of the SCADA system MasterSCADA is related to deficiencies in the password protection mechanism of the project file. Exploiting this vulnerability can allow an intruder to gain access to the project by resetting the password hash value...

Design/Logic Flaw

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-6984

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable...

CVE-2020-6984

CVE-2020-6984 affects Rockwell Automation products including MicroLogix 1400 Series A/B, MicroLogix 1100, and RSLogix 500 software. The vulnerability is that the cryptographic function used to protect the MicroLogix password is discoverable, exposing credential protection weaknesses. Public discl...