SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Computer Emergency Response Team of Ukraine CERT-UA has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, whic...

New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT

Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of...

The vulnerability of SAP ERP Defense Forces and Public Security software lies in the improper processing of output data for registration logs, allowing a perpetrator to re-record arbitrary files.

The vulnerability of SAP ERP Defense Forces and Public Security software is related to incorrect processing of output data for registration logs. Exploiting this vulnerability can allow a malicious actor to re-record arbitrary files...

U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage

The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and "threatening the privacy and security of individuals and organizations worldwide." This includes th...

CVE-2023-36924

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

Design/Logic Flaw

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-36924

CVE-2023-36924 affects SAP ERP Defense Forces and Public Security, versions 600–807. The root cause is improper handling of log output allowing an authenticated admin to write arbitrary data to the syslog file, potentially altering all syslog data and compromising application integrity. Affected ...

CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

The vulnerability of SAP Enterprise Extension Defense Forces & Public Security software, related to authentication errors, allows a perpetrator to increase their privileges.

The vulnerability of SAP Enterprise Extension Defense Forces & Public Security software is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

CVE-2022-31592

The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on...

Hamas Ensnares Israeli Soldiers with Pretty 'Ladies'

Hamas has been caught taking a classic “catfish” approach, to tempt Israeli soldiers into installing spyware on their phones. Members posed as teen girls who are looking for quality chat time. This is the third time that the Palestinian group has used the tactic – but this time it upped its...

SAP ERP Defence Forces and Public Security Remote Authentication Bypass Vulnerability

SAP ERP is a set of integrated enterprise resource planning system based on customer/server structure and open system from SAP, Germany. The system supports custom reports, standardized processes and automated execution of business processes. An authentication bypass vulnerability exists in SAP E...

SAP ERP Defence Forces and Public Security Remote Authentication Bypass Vulnerability

SAP ERP is a set of integrated enterprise resource planning system based on customer/server structure and open system from SAP, Germany. The system supports custom reports, standardized processes and automated execution of business processes. An authentication bypass vulnerability exists in SAP E...

ARMY : USB Drive responsible for over 70 percent of Cyber Security Breaches

A ban on the use of pen drives has not been able to safeguard cyber security as it has now been labeled as a major threat in defence forces, the Army officials said. The use of pen drives as an easy-to-carry storage device has increased in the recent past and internal reports have confirmed that...