56 matches found
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...
Confidence in File Upload Security is Alarmingly Low. Why?
Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications. The benefits are undeniable; however, this shift presents new security challenges. OPSWAT's 2023 Web Application Security...
CloudExplorer Lite License Issue Vulnerability
CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. An authorization issue...
Charming Kitten’s Latest Malware Arsenal and Targeting Strategies
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an adaptable threat actor, has shifted to new malware tactics and targets by employing LNK infection chains and utilizing cloud hosting providers. This evolution in their approach poses ...
CVE-2023-37262
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
Default credentials
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-37262 CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-37262
CC: Tweaked (Minecraft mod) contains an SSRF vulnerability where, before fixes, metadata service endpoints on cloud providers (AWS, GCP, Azure) were not blocked by default when the plugin runs on affected servers. This allowed any player to access sensitive information from cloud metadata service...
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users
The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified...
cloudhostinggermany.com Cross Site Scripting vulnerability OBB-3365226
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cloudhostinggermany.com Cross Site Scripting vulnerability OBB-3277193
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Mass Ransomware Attack
A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack: TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However,...
New Linux Cryptomining Malware
Its pretty nasty: The malware was dubbed "Shikitega" for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to "mutate" its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each...
Managed Cloud Hosting vs. Unmanaged Cloud Hosting: What’s the Difference?
By Owais Sultan Before deciding to transfer to the cloud, it is crucial to understand the main difference between managed vs… This is a post from HackRead.com Read the original post: Managed Cloud Hosting vs. Unmanaged Cloud Hosting: Whats the Difference?...
Design/Logic Flaw
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...
CVE-2022-21215 Airspan Networks Mimosa Server-Side Request Forgery (SSRF)
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...
CVE-2022-21215
CVE-2022-21215 is an SSRF vulnerability in Airspan/Mimosa MMP stack. Affected: MMP before v1.0.3; PTP C-series before v2.8.6.1; PTMP C-series/A5x before v2.5.4.1. Root cause: improper server-side request handling allows an attacker to force the server to access internal routes and cloud-hosting p...
The Account Takeover Threat: A By-the-Numbers Breakdown
Identity theft has come a long way in the age of technology. The more data is available online, the greater the threat. In this blog we will dive into the different characteristics and statistics of real world Account Takeover attacks as recorded and mitigated by Imperva’s Advanced Bot Protection...
Cloud hosting firm Blackbaud pays ransom after thwarting ransomware attack
By Deeba Ahmed Blackbaud claims it paid a ransom to protect customer data. This is a post from HackRead.com Read the original post: Cloud hosting firm Blackbaud pays ransom after thwarting ransomware attack...
Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs
Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang also called Double Gun, which has been behind several attacks since 2017 aimed at...