The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz

Vessels are increasingly being abandoned during the war on Iran, revealing a hidden failure in the global systems that keep goods—and people—moving...

crews-net.jp Cross Site Scripting vulnerability OBB-3724736

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunication...

Friday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away

A Peruvian oversight law has the opposite effect: Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing its activities to be tracked in real time 24 hours a day. The equipment, which tracks a vessels geographic position and fishing...

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

The Computer Emergency Response Team of Ukraine CERT-UA has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard,...

Rockstar Games: Insecure Direct Object Reference allows Crew Invite deletion

An Insecure Direct Object Reference vulnerability was discovered in a service endpoint related to Crews management. This vulnerability allowed unauthorized users to delete outstanding Crew invitations from any Crew to any Social Club user. The vulnerability was resolved by implementing additional...

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting...

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Application Delivery Controller ADC and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 CVSS scores: 9.8, which were addressed by the virtualizati...

Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments,...

Rockstar Games: Modifying Sprunk vs eCola crew data

In this report, the researcher demonstrated an Insecure Direct Object Reference vulnerability that was exploitable in certain Rockstar Official Crews on the Social Club website. Rockstar Official Crews, unlike user-made Crews, use a flat hierarchy where all members are set to the same effective...

Cross-Site Scripting (XSS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Mageia: Security Advisory (MGASA-2015-0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for firefox CESA-2015:1581 centos5

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882241";...

Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...

Pastebin Could Hold Clues To Hack At Your Company

Worried that your organization might be the victim of a targeted attack or data breach? The proof may be right out in the open: posted for the world to see on Pastebin.com, LodgeIT, Pastie.org and other sites according to security expert Lenny Zeltser. Writing on his blog, Zeltser said that...

Jurpopage 0.2.0 - SQL Injection

Jurpopage 0.2.0 - SQL Injection ========================================================= Jurpopage SQL Injection ========================================================= Exploit Title : Jurpopage SQL Injection Date : 24 Noveber 2010 Author : Suddendeath [email protected] Platform/Tested...

Disk Pulse Server v2.2.34 Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits ======================================================== Disk Pulse Server v2.2.34 Remote Buffer Overflow Exploit ======================================================== !/usr/bin/python Exploit Title: Disk Pulse Server v2.2.34 Remote Buff...

Apache Tomcat 6.0.18 - utf8 Directory Traversal

Apache Tomcat 6.0.18 - utf8 Directory Traversal /Apache Tomcat include include include include include include include include include include define EXPLOIT "GET /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd HTTP/1.0\n\n" define RCVBUFSIZE 9999 define tester "root:x" void cls char esc = 27;...