133 matches found
MAL-2022-4371 Malicious code in lodashuiq (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df65285217e85d7b8010426851c69e1f7e002c984419c13fd0a01fa716182157 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
When a sextortion victim fights back
When Katie Yates suddenly started receiving nude photos of her friend, Natalie Claus, over on Snapchat, she instantly recognized that Claus had just become a victim of a sextortion attack. She also knew how Claus should respond. This happened in December 2019 when Claus was a sophomore. Both were...
MAL-2022-3367 Malicious code in git-dependency-maker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c9b4a87b0253efbaf0122b94b2b942adc6b9163f8161863bb0d334859bb9f87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5099 Malicious code in opensea-erc1155 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57ed9708d2415ab3223ea55143304ce5afb9087aba7a655afdc96d9ad56c5102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ThoughtWorks GoCD path traversal vulnerability
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...
Microsoft CRSP shares the ways human behavior affects compromise recovery
The Microsoft Compromise Recover Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across all organizations public and private, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As ...
How to avoid being scammed this Valentine’s Day
With Valentines Day approaching, you can be sure that the scammers will want to take advantage of lovebirds everywhere. From romance scams and sextortion, to fake dating sites and phishing campaigns, heres how to avoid a sting in the tail this Valentines Day. Romance scams Stories of online roman...
CVE-2022-21253
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Huawei HarmonyOS Information Disclosure Vulnerability
Huawei HarmonyOS is an operating system from Huawei, China. A security vulnerability exists in Huawei HarmonyOS, which stems from a lack of input validation vulnerability in a component of HarmonyOS. An attacker could exploit this vulnerability to compromise confidentiality...
in khodakhah/nodcms
Description Clear Text submission of password through unencrypted channel Proof of Concept POST /en/login HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:92.0 Gecko/20100101 Firefox/92.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language:...
Design/Logic Flaw
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include...
REvil Group Claims Slew of Ransomware Attacks
The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an...
CVE-2021-22302
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service...
CVE-2021-22305
There is a buffer overflow vulnerability in Mate 30 10.1.0.126C00E125R5P3. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service...
CVE-2021-22304
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...
Design/Logic Flaw
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service...
CVE-2021-22305
There is a buffer overflow vulnerability in Mate 30 10.1.0.126C00E125R5P3. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service...
CVE-2021-22304
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...
Double free
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising...
Design/Logic Flaw
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182C00E180R6P2. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service...