Scattered Spider ransomware gang falls under government agency scrutiny

As you may have read in our November Ransomware Review, Scattered Spider is a relatively new, albeit dangerous, ransomware gang who made headlines in September for attacking MGM Resorts and Caesar Entertainment. For small security teams, one of the most important findings about the group is their...

Ransomware review: October 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

luciliacaesar.be Cross Site Scripting vulnerability OBB-3306352

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

Cryptovenom - The Cryptography Swiss Army Knife

CryptoVenom: The Cryptography Swiss Army knife What is CryptoVenom? CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern...

Decodify - Detect And Decode Encoded Strings Recursively

Decodify can detect and decode encoded strings, recursively. Its currently in beta phase. Lets take this string : teamultimate.in and encode it with Hex, URL, Base64 and FromChar encoding, respectively. Now lets pass this encoded string to Decodify: Boom! Thats what Decodify does. Supported...

caesar-project.eu XSS vulnerability

Vulnerable URL: http://www.caesar-project.eu/index.php?ne="';-- =results=endpoint Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 8192855 VIP website status:| No Check...

Caesar Slots Casino - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Caesar Slots Casino published at the 'play' market has multiple vulnerabilities...

caesar Latein Wörterbuch - SQLite database found vulnerabilities

HackApp vulnerability scanner discovered that application caesar Latein Wörterbuch published at the 'play' market has multiple vulnerabilities...

LuxCal 2.7.0 XSS / LFI / Information Disclosure

Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link: http://www.luxsoft.eu/dloader.php?file=luxcal270.zip Version: 2.7.0 Tested on:...

LuxCal 2.7.0 XSS / LFI / Information Disclosure

Exploit for php platform in category web applications Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: email protected My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link:...

CVE-2011-1509

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus SDP 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus SDP 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2011-1509

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus SDP 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2011-1509

Affected product : ManageEngine ServiceDesk Plus (SDP) versions up to 8.x, including SDP 8012 and earlier. Vulnerability details : CVE-2011-1509 is an authentication weakness where the encryptPassword function in Login.js uses a Caesar cipher with no salt or secret, storing passwords locally in c...

CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiples Vulnerabilities in ManageEngine ServiceDesk Plus 1. Advisory Information Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus Advisory ID: CORE-2011-0506 Advisory URL:...

Слабое шифрование в CCC Harvest (weak encryption)

Используется алгоритм подстановки цезаря...

Слабое шифрование пароля в Meeting Maker

При передаче пароля по сети используется легко дешифруемый алгорит замены символов Цезаря...