24 matches found
ZOHO ManageEngine SharePoint Manager Plus权限提升漏洞
ZOHO ManageEngine SharePoint Manager Plus is a complete management and auditing solution from ZOHO, Inc. An elevation of privilege vulnerability exists in versions of ZOHO ManageEngine SharePoint Manager Plus prior to 4329, which could be exploited by an attacker to cause sensitive data to be...
Guess Fashion Deals With Data Loss, Post-Ransomware
A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...
Security Advisory 2021-01-17-1 - OpenWrt forum break-in on 16-Jan-2021
DESCRIPTION Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum https://forum.openwrt.org was breached. It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled. The intruder was able to download a...
Malicious Package in pensi-scheduler
Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
GHSA-3WJM-33MW-H388 Malicious Package in s3asy
Version 0.4.8 of s3asy contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.4.8 of this module is found installed you will want ...
GHSA-M25Q-FWG4-9V2P Malicious Package in awesome_react_utility
Version 1.0.2 of awesomereactutility contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found installed...
U.N. Hack Stemmed From Microsoft SharePoint Flaw
Hackers breached the United Nations network in July by exploiting a Microsoft SharePoint vulnerability, according to reports. The breach, which appears to be an espionage operation, reportedly gave the hackers access to an estimated 400 GB of sensitive data. The breach was swept under the rug by...
Malicious Package
Overview Version 1.0.3 of bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you wi...
Malicious Package
Overview Version 1.0.3 of libubx contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...
Change your password: Docker suffers breach; 190k users affected
By Uzair Amir Microsoft says its official Microsoft images hosted in Docker Hub have not been compromised. The company behind Docker, a computer program developed to manage operating-system-level virtualization has announced that it has suffered a data breach and as a result, one of Docker Hub...
Magecart Group Pinned in Recent British Airways Breach
The recent British Airways breach of up to 380,000 payment cards, has been attributed to the infamous Magecart threat actor. Last week, British Airways revealed that the bank card data was compromised after a security breach occurred on the company’s website and mobile app in August. While...
16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files
Well, there's something quite embarrassing for Apple fans. Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible. The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure...
Malicious Package
Overview Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found...
Equifax Data Breach: Steps You should Take to Protect Yourself
Equifax has suffered one of the largest data breaches in history that has left highly sensitive data of as many as 143 million people—that's nearly half of the US population—in the hands of hackers. Based on the company's investigation, some unknown hackers managed to exploit a security flaw on t...
OneLogin: Breach Exposed Ability to Decrypt Data
OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Headquartered in San Francisco, OneLogin provides single sign-on and...
Atlassian Resets HipChat Passwords Following Breach
Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service. The company began warning users Monday via email that as a result an attacker may have secured access to user informatio...
Radisys MRF - Command Injection
Radisys MRF - Command Injection Title: MRF Web Panel OS Command Injection Vendor: Radisys Vendor Homepage: http://www.radisys.com Product: MRF Web Panel SWMS Version: 9.0.1 CVE: CVE-2016-10043 CWE: CWE-78 Risk Level: High Discovery: Filippos Mastrogiannis, Loukas Alkis & Dimitrios Maragkos COSMOT...
Popular URL Shortener 'Bitly' User Accounts Reportedly Compromised
The famous URL shortening service is facing a data breach. The very popular URL shortening service Bitly, has issued an urgent security warning saying that its users’ account credentials may have been compromised, according to a blog post published yesterday. "We have reason to believe that Bitly...
German Video Game 'Crytek' Websites go offline after Security Breach
It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, "Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a...
Linux Foundation & Linux.com multiple server compromised
Linux Foundation & Linux.com multiple server compromised The Linux Foundation has pulled its websites from the web to clean up from a "security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down f...