Alien ALR-F800 授权问题漏洞

The Alien ALR-F800 is an RFID sensor from Alien. An authorization issue vulnerability exists in Alien ALR-F800 version 19.10.24.00 and prior versions, which stems from the cmd parameter in the /var/www/cmd.php file containing an improper authorization vulnerability...

Alien ALR-F800 操作系统命令注入漏洞

The Alien ALR-F800 is an RFID sensor from Alien. An operating system command injection vulnerability exists in the Alien ALR-F800 version 19.10.24.00 and prior versions, which stems from the uploadedFile parameter in the /admin/system.html file containing an operating system command injection...

PT-2024-38432 · Alien Technology · Alien Technology Alr-F800

Name of the Vulnerable Software and Affected Versions: Alien Technology ALR-F800 versions up to 19.10.24.00 Description: A critical issue has been found, affecting the function popen of the file /var/www/cgi-bin/upgrade.cgi in the component File Name Handler. The manipulation of the argument...

Alien ALR-F800 操作系统命令注入漏洞

The Alien ALR-F800 is an RFID sensor from Alien. An operating system command injection vulnerability exists in the Alien ALR-F800 version 19.10.24.00 and prior versions, which stems from an operating system command injection vulnerability contained in the uploadedFile parameter in the File Name...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected...

Here’s the Proof There’s No Government Alien Conspiracy Around Roswell

Roswell, New Mexico, remains synonymous with the “discovery” of alien life on Earth—and a US government coverup. But history shows the reality may be far less out of this world—and still fascinating...

alien-scripts.de Improper Access Control vulnerability OBB-3777932

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android ap...

U.S. Hacks QakBot, Quietly Removes Botnet Infections

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnets online infrastructure, and...

UFO Whistleblower, Meet a Conspiracy-Loving Congress

Fresh claims from a former US intelligence officer about an “intact” alien craft may get traction on Capitol Hill, where some lawmakers want to believe...

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa previously Cytrox. Predator was first documented by Google's Threat Analysis Group TAG in May 2022 as part of attacks leveraging five differe...

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexapreviously Cytrox. Predator was first documented by Google's Threat Analysis Group TAG in May 2022 as part of attacks leveraging five differen...

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a...

Fedora: Security Advisory for perl-Alien-ProtoBuf (FEDORA-2022-15729fa33d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

alienrecipes.com Cross Site Scripting vulnerability OBB-2858260

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious code in boss-alien-media-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec6d9c2b92bc162366140bf44556ce9675bd37d4c56bfbd1e62e23b1dae0d69d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1654 Malicious code in boss-alien-media-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec6d9c2b92bc162366140bf44556ce9675bd37d4c56bfbd1e62e23b1dae0d69d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...

Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits

Google's Threat Analysis Group TAG on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day aka 0-day flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as...