28 matches found
Turns out even the NFL is worried about deepfakes
Welcome to this weeks edition of the Threat Source newsletter. Im at the point in the calendar year where Im a sponge for NFL content. I couldnt be happier to escape from my six-month American football-free slumber and am ready to watch games three days a week and listen to NFL podcasts or read...
CVE-2022-4871
CVE-2022-4871 affects nflpick-em.com up to version 2.2.x. The vulnerability is in the _Load_Users function of html/includes/runtime/admin/JSON/LoadUsers.php, where manipulating the sort parameter enables SQL injection. The administrative JSON entrypoint is required for exploitation, and remote in...
Threat Source newsletter (April 28, 2022) — The 2022 Cybersecurity Mock Draft
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter that’s going to be a little different, but bear with me. In honor of the NFL Draft starting this evening — an event that Cisco is helping to secure — I thought it’d be appropriate to look at building a... This is only...
BlackByte Tackles the SF 49ers & US Critical Infrastructure
The San Francisco 49ers were recently kneecapped by a BlackByte ransomware attack that temporarily discombobulated the NFL team’s corporate IT network on the Big Buffalo Wing-Snarfing Day itself: Superbowl Sunday. BlackByte – a ransomware-as-a-service RaaS gang that leases its ransomware to...
nflpickspage.com Cross Site Scripting vulnerability OBB-1418070
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Friday Squid Blogging: Introducing the Seattle Kraken
The Kraken is the name of Seattle's new NFL franchise. I have always really liked collective nouns as sports team names like the Utah Jazz or the Minnesota Wild, mostly because it's hard to describe individual players. As usual, you can also use this squid post to talk about the security stories ...
News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security
For the week ended April 24, Threatpost editors discuss the hottest cybersecurity news stories, including: Apple zero days disclosed in the iPhone iOS that researchers say have been exploited for years. Meanwhile, Apple has pushed back and said there’s no evidence to support such activity. Ninten...
NFL Tackles Cybersecurity Concerns Ahead of 2020 Draft Day
The NFL draft is slated to start Thursday, and thanks to the COVID-19 pandemic, it will be the first virtual version of the event ever presented. This raises a few cybersecurity concerns, according to researchers and the teams themselves — but the NFL is planning on knocking the security ball...
imagecomposer.nfl.com XSS vulnerability
Open Bug Bounty ID: OBB-666674 Description| Value ---|--- Affected Website:| imagecomposer.nfl.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Madden NFL Football - Base64 encoded String, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Madden NFL Football published at the 'play' market has multiple vulnerabilities...
NFL Players and Agents Targeted in Database Extortion Attempt
A misconfigured database containing records belonging to 1,133 National Football League players and their agents was exposed via an unsecured Elasticsearch server. The database belongs to the NFL Players Association and includes the home address, phone numbers and IP addresses for hundreds of...
nflcommunications.com XSS vulnerability
Vulnerable URL: https://nflcommunications.com/Pages/Forms/AllItems.aspx?FollowSite=0=%27-confirm%27OPENBUGBOUNTY%27-%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 278418 VIP...
jeruji.tk XSS vulnerability
Vulnerable URL: http://jeruji.tk/news/2017-NFL-Free-Agency:-Winners-&-Losers-of-Week-2%22%27%2D%2D%21 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4947896 VIP website status:| No Check jeruji.tk SSL connection...
scout.com XSS vulnerability
Vulnerable URL: http://www.scout.com/nfl/bears/a.z?s=25=9=12=2016=83=83"--!"=16=3 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6321 VIP website status:| Yes Check scout.com SSL...
gamepass.nfl.com XSS vulnerability
Vulnerable URL: https://gamepass.nfl.com/nflgp/secure/packages?icampaign=X%22;alertOPENBUGBOUNTY;// Details: Description| Value ---|--- Patched:| Yes, at 13.09.2017 Latest check for patch:| 13.09.2017 08:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown...
scout.com XSS vulnerability
Vulnerable URL: http://www.scout.com/nfl/bears/news?query=NoGe=prompt'OPENBUGBOUNTY'...
NFL PLAY 60 - Base64 encoded String, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application NFL PLAY 60 published at the 'play' market has multiple vulnerabilities...
NFL Emojis - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application NFL Emojis published at the 'play' market has multiple vulnerabilities...
NFL HUDDLE: NFL Card Trader - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application NFL HUDDLE: NFL Card Trader published at the 'play' market has multiple vulnerabilities...
Sports Alerts - NFL edition - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application Sports Alerts - NFL edition published at the 'play' market has multiple vulnerabilities...