261 matches found
GHSA-F3RF-CR7F-CWC4 Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the...
Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the...
PT-2024-14323 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.45 through 7.4.3.101 Liferay DXP 2023.Q3 before patch 6 Liferay DXP versions 7.4 update 45 through 92 Description: The issue is an open redirect vulnerability in the Countries Management’s edit region page. This...
Qolsys IQ Panel 4, IQ4 HUB
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 CVSS score: 7.2, a remote code execution bug that could be exploited by authenticated attackers to ta...
Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads
By Deeba Ahmed Operation Storm Makers II, as dubbed by Interpol, witnessed the mobilization of law enforcement agencies from 27 countries. This is a post from HackRead.com Read the original post: Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads...
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...
DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations
From Russia to Iran, the feds have charged Binance with conducting well over $1 billion in transactions with sanctioned countries and criminal actors...
Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded
This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These...
Franklin Fueling System TS-550
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Fueling System Equipment : TS-550 Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful...
YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group
A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani...
Human Error: Casio ClassPad Data Breach Impacting 148 Countries
By Waqas If you are a Casio ClassPad customer, it is strongly recommended that you change your ClassPad password immediately to protect yourself. This is a post from HackRead.com Read the original post: Human Error: Casio ClassPad Data Breach Impacting 148 Countries...
CVE-2023-43730
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "countriesname1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CODESYS Development System
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS Development System Vulnerability: Uncontrolled Search Path Element. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause users to unknowingly launch a malicious...
Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards
We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this...
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...
Netflix’s Password Sharing Crackdown Goes Global: 103 Countries Affected
By Habiba Rashid Netflix is sending emails addressing password sharing between households, and users are not happy about it as CancelNetflix trends on social media. This is a post from HackRead.com Read the original post: Netflixs Password Sharing Crackdown Goes Global: 103 Countries Affected...
WINTAPIX Kernel Driver Targeting Middle Eastern Nations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-ti...
PT-2023-9399 · Yealink · Yealink Meeting Server
Name of the Vulnerable Software and Affected Versions: Yealink Meeting Server versions prior to V26.0.0.67 Description: The issue is related to insufficient protection of service data, allowing a remote attacker to gain access to user credentials. This can be achieved by sending an HTTP request...