Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat aka DarkCrystal RAT that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian...

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system including username, hardware, browsers installed, anti-virus...

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

BlackGuard Password Stealing Malware Being Sold on Russian Hacking Forums

By Deeba Ahmed Zscaler ThreatLabz researchers have discovered sophisticated new info stealing malware available as malware-as-a-service on Russian hacking forums. In… This is a post from HackRead.com Read the original post: BlackGuard Password Stealing Malware Being Sold on Russian Hacking Forums...

Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP...

ImpressCMS path traversal vulnerability

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...

Lawmakers Probe Early Release of Top RU Cybercrook

Aleksei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Image: Andrei Shirokov / Tass via Getty Images. Aleksei Burkov, a cybercriminal who long operated two of Russias most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian...

Format string

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected...

UBUNTU-CVE-2021-32472

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected...

GHSA-7P79-6X2V-5H88 Server crash if running Python 3.10 w/ Sanic 20.12

!!! ONLY APPLIES TO VERSIONS PRIOR TO Sanic v20.12 WHEN USING Python 3.10 !!! Sanic v20.12 officially supports Python versions 3.6, 3.7, 3.8, and 3.9. However, if you accidentally run it with version 3.10 which is not supported by Sanic 20.12, your server is prone to crashing on an incoming web...

Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a...

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

A new .NET malware packer being used to deliver a variety of remote access trojans RATs and infostealers has a fixed password named after Donald Trump, giving the new find its name, “DTPacker.” DTPacker was discovered by researchers at Proofpoint who, since 2020, have observed it being used by...

Discourse 授权问题漏洞

Discourse is an open source community discussion platform that includes community, email, and chat room features. A security vulnerability exists in Discourse, which stems from the fact that users invited via email to a forum with "must approve users" enabled will automatically log in, bypassing...

CVE-2021-43850 Denial of Service in discourse

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

Who Is the Network Access Broker ‘Babam’?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials -- such as usernames and passwords needed to remotely connect to the...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-102811)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin Asgaros Forums 1.15.13 and its previous...

CVE-2021-42365

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the /admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to...

CVE-2021-42365

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the /admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to...