atom.com.gt Improper Access Control vulnerability OBB-3832106

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New Botnet Malware 'Horabot' Targets Spanish-Speaking Users in Latin America

Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. "Horabot enables the threat actor to control the victim's Outlook mailbox, exfiltrate contacts' email addresses, and send phishing emails with malicious HTML...

guatedominios.com Cross Site Scripting vulnerability OBB-1200267

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Ke3chang APT Linked to Previously Undocumented Backdoor

The Ke3chang cyberespionage group, a.k.a. APT15, Mirage, Playful Dragon or Vixen Panda, has been tied to a backdoor called Okrum that has been used to target diplomatic missions throughout Europe and Latin America. The attribution widens the scope of known Ke3chang activity, an APT believed to be...

Starbucks: Blind SQL Injection on starbucks.com.gt and WAF Bypass :*

Starting with a blind SQL Injection on http://www.starbucks.com.gt/menu/beverage/detail, @d3417 was able to dump schema on several database tables. Initially closed as N/A because of our exclusion on automated tools, reopened to investigate the data reported in the tables, and because the casual...

guatemala.com XSS vulnerability

Open Bug Bounty ID: OBB-670289 Description| Value ---|--- Affected Website:| guatemala.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

guatemala.com XSS vulnerability

Open Bug Bounty ID: OBB-657527 Description| Value ---|--- Affected Website:| guatemala.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

Getting Back on the Field

Growing up as a foreign service brat, I was obsessed with security. Living in Guatemala in the 80s you had to adapt and become resilient as child. As there was no TV in our household, 10-year-old Tom began to tinker with my father’s computer and soon it became my oasis from the stress of living i...

Hacking Guatemala’s DNS – Spying on Active Directory Users By Exploiting a TLD Misconfiguration

Guatemala City, ByRigostar Own work CC BY-SA 3.0, via Wikimedia Commons. UPDATE: Guatemala has now patched this issue after I reached out to their DNS administrator and with a super quick turnaround as well! In search of new interesting high-impact DNS vulnerabilities I decided to take a look at...

Hacking Guatemala’s DNS – Spying on Active Directory Users By Exploiting a TLD Misconfiguration

Guatemala City, By Rigostar Own work CC BY-SA 3.0, via Wikimedia Commons. UPDATE: Guatemala has now patched this issue after I reached out to their DNS administrator and with a super quick turnaround as well! In search of new interesting high-impact DNS vulnerabilities I decided to take a look at...

birds-guatemala.org XSS vulnerability

Vulnerable URL: http://www.birds-guatemala.org/index.php?option=comcontent=article=112=227〈=es!prettyPhotogalleryc6b53462f0/0,%3Cimg%20src=x%20onerror=alert%28/XSSPOSED/%29%3E/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS...

CVE-2014-7484

The Coca-Cola FM Guatemala aka com.enyetech.radio.cocacola.fmgu application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Coca-Cola FM Guatemala aka com.enyetech.radio.cocacola.fmgu application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7484

CVE-2014-7484 affects the Coca-Cola FM Guatemala Android app (com.enyetech.radio.coca_cola.fm_gu) version 2.0.41725. The vulnerability is failure to verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive data via a crafted certificat...

CVE-2014-7484

The Coca-Cola FM Guatemala aka com.enyetech.radio.cocacola.fmgu application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Основатель компании McAfee попросил убежища в Гватемале

Основатель компании McAfee Джон Макафи, которого подозревают в убийстве своего соседа в Белизе, попросил убежища в Гватемале. Об этом сообщает Agence France-Presse со ссылкой на адвоката Макафи. Как сообщил адвокат Телесфоро Гуэрра, которого Макафи нанял в Гватемале, его подзащитный пересек грани...