GHSA-MQ76-M7GV-XHFM sauce-connect downloads Resources over HTTP

Affected versions of sauce-connect insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-WR2C-PPJ9-F2FV Downloads Resources over HTTP in webdrvr

Affected versions of webdrvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

GHSA-G2PF-QJGF-6FW3 Downloads Resources over HTTP in openframe-glslviewer

Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

SYSTORME ISG Command Injection

===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title : Authenticated Shell command Injection Author: Kaustubh G. Padwad CVE ID: CVE-2019-7383 Vendor: Systrome Networks...

Bit-and-Piece DDoS Method Emerges to Torment ISPs

A pioneering distributed denial-of-service DDoS attack pattern has emerged, targeting internet service providers ISPs with something researchers have dubbed the bit-and-piece “Mongol” attack. The approach involves spreading out junk traffic across large numbers of IP addresses in order to evade...

“For security reasons DTD is prohibited in this XML document” error in Veeam Backup for Microsoft 365

Challenge Interactions with either SharePoint Online or OneDrive for Business within Veeam Backup for Microsoft 365 fail with either of the following errors: For security reasons DTD is prohibited in this XML document Copy Identity Client Runtime Library IDCRL could not look up the realm...

Google's G Suite, Search and Analytics Taken Down in Hijacking

Google said key business services were knocked offline Monday when web traffic to a portion of its cloud platform was hijacked and routed through Chinese, Nigerian and Russian ISPs. The incident lasted for 74 minutes in what is called a Border Gateway Protocol BGP hijacking. BGP is a protocol tha...

StrongPity APT Changes Tactics to Stay Stealthy

The APT group behind the sophisticated malware known as StrongPity a.k.a. Promethium has changed its tactics, after various research groups analyzed the malware and exposed its methods of deployment. The efforts have allowed the group to return to hidden status, even after being labeled a known...

California, U.S. Government Battle Over Net Neutrality State Law

The U.S. government and the state of California are butting heads over a newly-passed state law that enforces net neutrality regulations on internet service providers ISPs. And experts say that the outcome of the feud between federal and state law has long-standing implications for the future of...

GHSA-C2VR-2C89-PH88 Downloads Resources over HTTP in node-bsdiff-android

Affected versions of node-bsdiff-android insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on th...

fis-sass-all downloads Resources over HTTP

Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP in jstestdriver

Affected versions of jstestdriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

slimerjs-edge downloads Resources over HTTP

Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-P65H-233C-JXVM Downloads Resources over HTTP in resourcehacker

Affected versions of resourcehacker insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP in resourcehacker

Affected versions of resourcehacker insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-8WG9-92FR-6J7V marionette-socket-host downloads Resources over HTTP

Affected versions of marionette-socket-host insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

UPDATE A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability. As of Thursday morning, Censys.io has reported more than 170,000 active MikroTik devices infected with the...

GHSA-8HJ4-W233-G35Q Downloads Resources over HTTP in react-native-baidu-voice-synthesizer

Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Downloads Resources over HTTP in react-native-baidu-voice-synthesizer

Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

GHSA-M79W-4MQV-R39F windows-seleniumjar downloads Resources over HTTP

Affected versions of windows-seleniumjar insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...