286 matches found
Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware
The Computer Emergency Response Team of Ukraine CERT-UA has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which...
The vulnerability of the SEMCMS_Download.php script of the website management system for foreign trade enterprises SemCms allows a hacker to execute arbitrary SQL queries and gain unauthorized access to protected information.
The vulnerability of the SEMCMSDownload.php script of the website management system for SemCms foreign trade enterprises is related to the lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries and gain unauthorized...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
Google Sues App Developers Over Fake Crypto Investment App Scam
Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...
Siemens SINEC NMS Arbitrary File Upload Vulnerability
SINEC NMS is a new generation network management system NMS for digital enterprises. An arbitrary file upload vulnerability exists in Siemens SINEC NMS, which can be exploited by an attacker to upload a malicious firmware image or other file that could lead to remote code execution...
Siemens SINEC NMS Command Injection Vulnerability
SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2024-09309)
SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...
ICS and OT threat predictions for 2024
We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscap...
jberet Security Vulnerabilities
jberet is a jberet open source application to provide portable batch processing support in Jakarta EE environments. A security vulnerability exists in jberet that stems from an exception in dbProperties that may display user credentials, such as the username and password for a database connection...
Wallarm Named a Leader in GigaOm Radar for API Security
I am thrilled to share that Wallarm, has been named a leader in the GigaOm Radar for API Security! We would like to share insights from the recent GigaOm 2023 API Security Radar report, particularly shining a spotlight on our Advanced API Security solution. The growing importance of APIs and API...
growingenterprises.eu Improper Access Control vulnerability OBB-3824595
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cloud Atlas Exploits Six-Year-Old Flaw to Target Russian Companies
Summary: The threat actor Cloud Atlas has been identified in spear-phishing attacks targeting Russian enterprises. The modus operandi involves a phishing message in the initial stage, containing a lure document that exploits CVE-2017-11882, a memory corruption vulnerability in Microsoft Offices...
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies
The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after...
The vulnerability of the SEMCMS_Upfile.php script of the website management system used by SemCms’ foreign trade enterprises allows a hacker to execute arbitrary code.
The vulnerability of the SEMCMSUpfile.php script in the website management system used by SemCms foreign trade enterprises involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.
Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...
In-Depth Analysis of NoEscape Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The NoEscape ransomware, suspected to be a rebrand of Avaddon, targets enterprises globally through multi-extortion attacks. Operating as Ransomware-as-a-Service, it encrypts files, changes wallpapers, a...
Domain Squatting and Brand Hijacking: A Silent Threat to Digital Enterprises
By Waqas Domain squatting can lead you to malicious websites, and it might be too late to realize what actually happened. This is a post from HackRead.com Read the original post: Domain Squatting and Brand Hijacking: A Silent Threat to Digital Enterprises...
Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats
By Deeba Ahmed Atlassian Confluence is a popular collaborative wiki system enterprises use to organize/share work. This is a post from HackRead.com Read the original post: Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats...
Korea Blockchain Week 2023: Presenting Web3’s Leading Voices
By Owais Sultan Korea Blockchain Week 2023 brings together the most sought-after builders, enterprises, thought leaders and innovators to spark crucial… This is a post from HackRead.com Read the original post: Korea Blockchain Week 2023: Presenting Web3s Leading Voices...