Lucene search
+L

286 matches found

The Hacker News
The Hacker News
added 2024/07/23 9:3 a.m.46 views

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware

The Computer Emergency Response Team of Ukraine CERT-UA has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which...

9.8CVSS6.8AI score0.99485EPSS
Exploits20
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.9 views

The vulnerability of the SEMCMS_Download.php script of the website management system for foreign trade enterprises SemCms allows a hacker to execute arbitrary SQL queries and gain unauthorized access to protected information.

The vulnerability of the SEMCMSDownload.php script of the website management system for SemCms foreign trade enterprises is related to the lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries and gain unauthorized...

6.5CVSS6AI score0.00391EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/28 12:30 a.m.29 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS7.1AI score0.00408EPSS
Exploits0References6Affected Software2
Friends Of PHP
Friends Of PHP
added 2024/04/24 12:2 p.m.56 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS4.5AI score0.00408EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2024/04/08 5:25 a.m.38 views

Google Sues App Developers Over Fake Crypto Investment App Scam

Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...

7.1AI score
Exploits0
CNVD
CNVD
added 2024/02/21 12:0 a.m.20 views

Siemens SINEC NMS Arbitrary File Upload Vulnerability

SINEC NMS is a new generation network management system NMS for digital enterprises. An arbitrary file upload vulnerability exists in Siemens SINEC NMS, which can be exploited by an attacker to upload a malicious firmware image or other file that could lead to remote code execution...

8.8CVSS7.8AI score0.00387EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/21 12:0 a.m.12 views

Siemens SINEC NMS Command Injection Vulnerability

SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

8.8CVSS8.7AI score0.01094EPSS
Exploits0
CNVD
CNVD
added 2024/02/21 12:0 a.m.16 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2024-09309)

SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...

9.8CVSS8.2AI score0.00654EPSS
Exploits0References1
Securelist
Securelist
added 2024/01/31 10:0 a.m.25 views

ICS and OT threat predictions for 2024

We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscap...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.48 views

jberet Security Vulnerabilities

jberet is a jberet open source application to provide portable batch processing support in Jakarta EE environments. A security vulnerability exists in jberet that stems from an exception in dbProperties that may display user credentials, such as the username and password for a database connection...

6.5CVSS6.9AI score0.00788EPSS
Exploits1References6
Wallarm Lab
Wallarm Lab
added 2024/01/11 6:41 a.m.17 views

Wallarm Named a Leader in GigaOm Radar for API Security

I am thrilled to share that Wallarm, has been named a leader in the GigaOm Radar for API Security! We would like to share insights from the recent GigaOm 2023 API Security Radar report, particularly shining a spotlight on our Advanced API Security solution. The growing importance of APIs and API...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/28 7:56 p.m.8 views

growingenterprises.eu Improper Access Control vulnerability OBB-3824595

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
hivepro
hivepro
added 2023/12/28 2:23 p.m.54 views

Cloud Atlas Exploits Six-Year-Old Flaw to Target Russian Companies

Summary: The threat actor Cloud Atlas has been identified in spear-phishing attacks targeting Russian enterprises. The modus operandi involves a phishing message in the initial stage, containing a lure document that exploits CVE-2017-11882, a memory corruption vulnerability in Microsoft Offices...

9.3CVSS7.7AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2023/12/25 7:47 a.m.87 views

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after...

9.3CVSS7.7AI score0.99945EPSS
Exploits33
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.8 views

The vulnerability of the SEMCMS_Upfile.php script of the website management system used by SemCms’ foreign trade enterprises allows a hacker to execute arbitrary code.

The vulnerability of the SEMCMSUpfile.php script in the website management system used by SemCms foreign trade enterprises involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.00776EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2023/11/20 12:0 a.m.42 views

File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.

Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...

7.4AI score
Exploits0
hivepro
hivepro
added 2023/11/17 8:40 a.m.51 views

In-Depth Analysis of NoEscape Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The NoEscape ransomware, suspected to be a rebrand of Avaddon, targets enterprises globally through multi-extortion attacks. Operating as Ransomware-as-a-Service, it encrypts files, changes wallpapers, a...

7.2AI score
Exploits0
HackRead
HackRead
added 2023/11/15 5:19 p.m.26 views

Domain Squatting and Brand Hijacking: A Silent Threat to Digital Enterprises

By Waqas Domain squatting can lead you to malicious websites, and it might be too late to realize what actually happened. This is a post from HackRead.com Read the original post: Domain Squatting and Brand Hijacking: A Silent Threat to Digital Enterprises...

7.2AI score
Exploits0
HackRead
HackRead
added 2023/11/01 5:31 p.m.22 views

Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats

By Deeba Ahmed Atlassian Confluence is a popular collaborative wiki system enterprises use to organize/share work. This is a post from HackRead.com Read the original post: Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats...

7.2AI score
Exploits0
HackRead
HackRead
added 2023/08/30 1:12 p.m.10 views

Korea Blockchain Week 2023: Presenting Web3’s Leading Voices

By Owais Sultan Korea Blockchain Week 2023 brings together the most sought-after builders, enterprises, thought leaders and innovators to spark crucial… This is a post from HackRead.com Read the original post: Korea Blockchain Week 2023: Presenting Web3s Leading Voices...

7AI score
Exploits0
Rows per page
Query Builder