Unveiling The SuperBear RAT campaigns Targeting the Journalists

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A recently discovered remote access trojan RAT named "SuperBear" has come to attention as it is actively utilized by hackers to target journalists that focus on covering geopolitical developments in Asia...

Activities in the Cybercrime Underground Require a New Approach to Cybersecurity

As Threat Actors Continuously Adapt their TTPs in Today's Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground . The research stems from an analysis of Cybersixgill's collected intelligence items...

Insight on Vulnerabilities in MOVEit Transfer

Ongoing developments on this topic will be added to this thread. We invite you to bookmark this page and check back...

Crimeware and financial cyberthreats in 2023

A look back on the year 2022 and what to expect in 2023 Every year, as part of the Kaspersky Security Bulletin, we predict which major trends will be followed in the coming year by attackers, who target financial organizations. The predictions, based on our extensive experience, help individuals...

exelbydevelopments.co.uk Cross Site Scripting vulnerability OBB-2948084

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious...

Threat Source Newsletter (Dec. 2, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. The Thanksgiving holiday in the U.S. didn't slow us down at all, even though we were all still trying to sleep off the food coma from the long weekend. But we came back this week with lots of fun content. Cisco received... This is...

Best performing cybersecurity companies and their recent developments

By Owais Sultan Cybersecurity companies are the backbone to fight cybercrime - Let's dig deeper into which cybersecurity company is doing what. This is a post from HackRead.com Read the original post: Best performing cybersecurity companies and their recent developments...

Threats Ride on the Covid-19 Vaccination Wave

We continue monitoring cybercriminals and threats that abuse the pandemic. In this update, we detail trends in malicious activities and deployments that exploit vaccination developments and processes worldwide...

CVE-2020-27269

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences...

CVE-2020-27266

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy...

CVE-2020-27268

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy...

Design/Logic Flaw

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy...

Code injection

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences...

CVE-2020-27269

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences...

CVE-2020-27269

CVE-2020-27269 affects Dana Diabecare RS, AnyDana-i, and AnyDana-A insulin pumps and their mobile apps. The root cause is the absence of replay protection in the Bluetooth Low Energy communication protocol, enabling unauthenticated, physically proximate attackers to replay legitimate sequences. P...

CVE-2020-27268

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy...

CVE-2020-27268

The CVE-2020-27268 entry concerns a client-side control vulnerability in SOOIL Dana Diabecare RS insulin pump and its AnyDana-i/AnyDana-A mobile apps. The issue allows physically proximate attackers to bypass authentication checks for default PINs via Bluetooth Low Energy , enabling potential una...

CVE-2020-27266

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy...

CVE-2020-27266

CVE-2020-27266 affects Dana Diabecare RS, AnyDana-i and AnyDana-A insulin pumps and companion mobile apps. Description and connected advisories confirm a client-side control vulnerability that enables physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy, po...