638 matches found
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. "TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries," Cisco Talos researcher...
PT-2023-31886 · Unknown · Eb System Management Console +1
Name of the Vulnerable Software and Affected Versions: eB System Management Console versions prior to 23.00.02.03 Assetwise ALIM For Transportation versions prior to 23.00.01.25 Description: The issue allows an unauthenticated user to view configuration options via a crafted request, leading to...
PT-2023-18914 · Undefined · Undefined
ParsedReport CompletenessMedium 07-12-2023 Fighting Ursa Aka APT28: Illuminating a Covert Campaign https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397 Report completeness: Medium Actors/Campaigns: Fancy bear Forest blizzard Threats: Wildfire Victims: Organizatio...
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks...
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
CVE-2021-3262
CVE-2021-3262 affects TripSpark VEO Transportation (version 2.2.x) and NovusEDU (2.2.x XP_BB-20201123-184084). Root cause: unsafe data inputs in POST body parameters not sanitized server-side, enabling SQL injection in the Student Busing Information search queries. Impact stated as SQL commands c...
PT-2023-12172 · Tripspark · Tripspark Veo Transportation
Name of the Vulnerable Software and Affected Versions: TripSpark VEO Transportation versions 2.2.x NovusEDU versions 2.2.x Description: The issue allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL...
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
PT-2023-23866 · Intel · Intel(R) Its
Name of the Vulnerable Software and Affected Versions: IntelR ITS software versions prior to 3.1 Description: The issue is related to incorrect default permissions in the IntelR ITS software, which may allow an authenticated user to potentially enable escalation of privilege via local access...
Zhejiang small walk information technology limited company small walk share wechat small program there are logic defects vulnerability
Small Walk Share WeChat app is a transportation platform. Zhejiang small walk information technology limited company small walk sharing wechat small program has a logic flaw vulnerability, attackers can use the vulnerability to log in any account...
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe
A previously undetected advanced persistent threat APT actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine...
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe
A previously undetected advanced persistent threat APT actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine...
New TSA Cybersecurity Emergency Action Rule Impacts Cybersecurity and Compliance
On March 7, 2023, in the wake of President Joe Biden’s National Cybersecurity Strategy announcement, the U.S. Transportation Security Administration TSA issued a cybersecurity emergency action amendment for certain regulated airport and aircraft operators. The new Action Rule can have significant...
INEA ME RTU
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...
CVE-2023-25018
The CVE-2023-25018 issue affects the RIFARTEK IOT Wall transportation function, where insufficient input filtering enables a reflected XSS vulnerability. An authenticated remote attacker with general user privileges can inject JavaScript via manipulated input to cause a reflected XSS. The availab...
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Microsoft on Friday shared guidance to help customers discover indicators of compromise IoCs associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 CVSS score: 9.8, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT LAN...
Bad Magic APT employs new CommonMagic Framework and PowerMagic Backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Bad magic APT was discovered using a new backdoor called PowerMagic and a malicious framework called CommonMagic to target organizations in the administrative, agriculture, and transportation sectors...
LockBit ransomware demands $2 million for Pierce Transit data
The Pierce County Public Transportation Benefit Area Corporation Pierce Transit has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary...