296 matches found
AvosLocker Ransomware group has targeted 50+ Organizations Worldwide
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service RaaS affiliate-based group that has targeted 50+...
Iranian targeting of IT sector on the rise
Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain...
Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Researchers from DomainTools discovered the suspicious PDFs – which...
Conti ransomware gang apologized to Arab Royals over data leak
By Waqas The data leak took place last month when the infamous Conti ransomware gang hacked Graff, a UK-based jewelry store Graff popular among the elite. This is a post from HackRead.com Read the original post: Conti ransomware gang apologized to Arab Royals over data leak...
viparabcasinos.com Improper Access Control vulnerability OBB-2207899
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ExpressVPN made a choice, and so did I: Lock and Code S02E19
On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber hacking campaign coming from the United Arab Emirates that has reportedly impacted hundreds of journalists, activists, and human rights defenders in Yemen, Iran, Turke...
Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies
UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...
arabruleoflaw.org Cross Site Scripting vulnerability OBB-1405196
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
fhg.arabladyboys.com Cross Site Scripting vulnerability OBB-1291009
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
database.arabtradeunion.org Cross Site Scripting vulnerability OBB-1212104
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
arab-lady.com Cross Site Scripting vulnerability OBB-1201341
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
arabdevelopmentportal.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1020698 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting arabdevelopmentportal.com...
Details on Uzbekistan Government Malware: SandCat
Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group's lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky...
arab-videos.com XSS vulnerability
Open Bug Bounty ID: OBB-650023 Description| Value ---|--- Affected Website:| arab-videos.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
arab-moviez.org XSS vulnerability
Open Bug Bounty ID: OBB-643666 Description| Value ---|--- Affected Website:| arab-moviez.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
ch2mcareers.com XSS vulnerability
Open Bug Bounty ID: OBB-605180 Description| Value ---|--- Affected Website:| ch2mcareers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
arab-lady.com XSS vulnerability
Open Bug Bounty ID: OBB-596149 Description| Value ---|--- Affected Website:| arab-lady.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
arab-clothing.com XSS vulnerability
Open Bug Bounty ID: OBB-537227 Description| Value ---|--- Affected Website:| arab-clothing.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Arab Portal SQL Injection Vulnerability
Arab Portal is a set of web portals. A SQL injection vulnerability exists in Arab Portal version 3, which stems from a failure of the members.php script to adequately filter the 'showemail' parameter in the signup operation. A remote attacker could use this vulnerability to execute arbitrary SQL...
CVE-2015-6519
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php...