Lucene search
K

141 matches found

Krebs on Security
Krebs on Security
added 2024/06/15 11:40 p.m.39 views

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

7.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/21 4:31 a.m.6 views

dollaracademy.org.uk Improper Access Control vulnerability OBB-3855524

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2024/01/18 2:0 p.m.9 views

‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.13 views

Max withdrawable calculation is incorrect in asD contract

Lines of code Vulnerability details Summary The implementation of the max withdrawable amount is incorrect as it divides the calculation by the wrong denominator, leading to an incorrect result and a potential denial of service due to an overflow. Impact In the Application Specific Dollar protoco...

7.4AI score
Exploits0
OSV
OSV
added 2023/08/07 5:15 p.m.5 views

CVE-2023-32783

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."...

7.5CVSS5.5AI score0.03205EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/07 5:15 p.m.5 views

CVE-2023-32783

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."...

7.5CVSS7.1AI score0.03205EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.6 views

PT-2023-24017 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus version 7.1.1 Description: The event analysis component in Zoho ManageEngine ADAudit Plus allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. The vendor...

7.5CVSS7AI score0.03205EPSS
Exploits1References6
hivepro
hivepro
added 2023/04/10 6:53 a.m.11 views

Money Message Ransomware Strikes with Million-Dollar Demands

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Money Message is a new ransomware group that targets victims all over the world, demanding million-dollar ransoms to avoid data leaks and deliver a decryptor. To receive real-time threat advisories, plea...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/20 12:9 p.m.15 views

Fines as a Security System

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the companys in-app feature that lets you know if any nearby Tiles are following you. But to activate the new Anti-Theft...

1.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.3 views

SUSE CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

4.3CVSS8.9AI score0.86006EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.3 views

SUSE CVE-2018-12543

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit...

7.5CVSS7.6AI score0.36013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.2 views

SUSE CVE-2018-19215

Netwide Assembler NASM 2.14rc16 has a heap-based buffer over-read in expandmmacparams in asm/preproc.c for the special cases of the % and $ and ! characters...

4.4CVSS7.9AI score0.01243EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2023/01/13 10:0 a.m.2 views

Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!

As the new year begins, it's more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets. But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to. Kickstart the...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/03/30 4:43 a.m.27 views

onlinecasinodollar.com Cross Site Scripting vulnerability OBB-2454069

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.9 views

rong comment in getFee

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.getFee comment states that the total + the input must be less than the cap: If dollarCap == 0, then it is not capped. Otherwise, then the total + the total input must be less than the cap. The code only checks if the input is...

7.2AI score
Exploits0
HackRead
HackRead
added 2021/11/10 6:17 p.m.15 views

Bandwidth.com reports multimillion dollar loss post DDoS attacks

By Waqas In September 2021, Bandwidth.com suffered a series of days-long DDoS attacks forcing its service to go offline in the United States. This is a post from HackRead.com Read the original post: Bandwidth.com reports multimillion dollar loss post DDoS attacks...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/10/20 3:52 p.m.7 views

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

4.3CVSS6.1AI score0.00881EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/08 12:9 p.m.5 views

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

4.3CVSS6.1AI score0.00881EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/08/18 5:4 a.m.5 views

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

4.3CVSS6.1AI score0.00881EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/07/27 1:50 p.m.5 views

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

4.3CVSS6AI score0.00881EPSS
Exploits0References5
Rows per page
Query Builder