Sodinokibi Ransomware Group Sponsors Hacking Contest

White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same...

CVE-2011-3613

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled...

CVE-2011-3614

An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9...

Improper access control

An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9...

Design/Logic Flaw

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled...

CVE-2011-3614

CVE-2011-3614 affects Vanilla Forums (Facebook, Twitter, and Embedded plugins) prior to version 2.0.17.9. The issue is an Access Control vulnerability that could impact confidentiality, integrity, and availability. Remediation: upgrade to Vanilla Forums 2.0.17.9 or newer; apply any vendor-supplie...

CVE-2011-3614

An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9...

CVE-2011-3613

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled...

CVE-2011-3613

Vanilla Forums before 2.0.17.9 contains a cookie handling issue that can lead to information disclosure. The vulnerability affects Vanilla Forums (PHP-based open source forum) and is described across multiple connected entries (CVE-2011-3613; CNVD-2020-13206). Root cause: improper cookie handling...

Cross site request forgery (csrf)

A Cross-site Request Forgery CSRF vulnerability exists in Advanced Electron Forums AEF through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions...

Arbitrary File Download Vulnerability in Cruise Cloud Light Forum System

Cruise Cloud Light Forum System is an open source web application based on JAVA + MYSQL architecture, including forums, Q&A modules. Patrol Cloud Light Forum system has an arbitrary file download vulnerability, attackers can use this vulnerability to download arbitrary files to obtain sensitive...

PUBG: RXSS to Stored XSS - forums.pubg.com | URL parameter

René Kroka found a Reflected XSS vulnerability that could be chained to a Stored XSS attack in the Invision Community forums software used by PUBG. By crafting a malicious URL the attacker is able to trigger Javascript to execute on their own page; known as Reflected XSS. The attacker then create...

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways

Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise BEC attacks. According t...

Why Were the Russians So Set Against This Hacker Being Extradited?

The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States. When Israeli authorities turned down requests to send him back to Russia -- supposedly to face separate hacking charges...

The Unhappiest Subscribers on Earth? Disney+ Accounts Hacked & Hijacked

The highly anticipated Disney+ streaming service launched last week – and was promptly targeted by hackers looking to compromise users’ accounts. Around 4,000 customer account credentials have shown up for sale on hacking forums for around $3 each, according to reports. An investigation by ZDNet...

Raccoon Malware Scavenges 100,000+ Devices to Steal Data

A new information stealer, dubbed Raccoon, is rapidly gaining popularity with cybercriminals. In just a few months, researchers say the malware has already infected hundreds of thousands of devices across the world to rove through victims’ credit card data, email credentials and more. The malware...

When Card Shops Play Dirty, Consumers Win

Cybercrime forums have been abuzz this week over news that BriansClub -- one of the underground's largest shops for stolen credit and debit cards -- has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money

ARCHIVED STORY McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money By John Fokker · October 14, 2019 Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandCrab, the mos...

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account...

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account...