58 matches found
EUVD-2016-9945
Malware in sbrugna...
EUVD-2019-5659
Malware in sbrugna...
EUVD-2003-0719
Malware in sbrugna...
EUVD-2001-0905
Malware in sbrugna...
EUVD-2021-26255
Malware in sbrugna...
EUVD-2022-2825
Malicious code in bioql PyPI...
EUVD-2022-5270
Malicious code in bioql PyPI...
EUVD-2025-5066
Malicious code in bioql PyPI...
EUVD-2024-45179
Malicious code in bioql PyPI...
CVE-2024-50339
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
A week in security (March 24 – March 30)
Last week on Malwarebytes Labs: Vulnerability in most browsers abused in targeted attacks "This fraud destroyed my life." Man ends up with criminal record after ID was stolen Moving from WhatsApp to Signal: A good idea? Security expert Troy Hunt hit by phishing attack Booking.com phish uses fake...
“This fraud destroyed my life.” Man ends up with criminal record after ID was stolen
This is a sad story that illustrates how losing your ID can effectively ruin your life and reputation. 19-year-old dual German Tunisian national Rami Battikh travelled to the UK in 2019, bringing both his passport and his German national ID. When he returned to Germany, Rami noticed that his Germ...
Wiesemann & Theis ComServer Series Authentication Bypass by Spoofing (CVE-2022-4098)
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
CVE-2024-50339
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
ID Theft Service Resold Access to USInfoSearch Data
One of the cybercrime undergrounds more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram...
CVE-2022-4098 Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
FBI Seizes 'SSNDOB' ID Theft Service for Selling Personal Info of 24 Million People
An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice DoJ announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24...