ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits fe...

CVE-2022-30325

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker...

CVE-2022-1235 Weak secrethash can be brute-forced in livehelperchat/livehelperchat

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96...

Weak Hash Algorithm Without Salt

dolibarr/dolibarr is vulnerable to using a weak hash algorithm without salt. The library does not encrypt its passwords with a salt, meaning that the password hash stored on the system can be easily brute forced...

Apache Derby 'BUILTIN' Authentication Insecure Password Hashing

According to its self-reported version number, the installation of Apache Derby running on the remote server performs a transformation on passwords that removes half the bits from most of the characters before hashing. This leads to a large number of hash collisions, letting passwords be easily...

ibillpm.pl

The SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11083";...