126 matches found
joinourdorset.nhs.uk Cross Site Scripting vulnerability OBB-2655443
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Steer clear of this “TestNTrace” SMS spam
Yesterday I received an SMS from “TestNTrace”, with the message resembling an official NHS communication: The text reads as follows: NHS: You’ve been in close contact with a person who has contracted the Omicron variant. Please order a test kit via: URL redacted Well, that’s an alarming thing to...
fm.walsallhealthcare.nhs.uk Cross Site Scripting vulnerability OBB-2479198
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Covid app’s privacy information ruled not clear enough
The UKs data watchdog has issued a reprimand to both the Scottish government and NHS National Services Scotland about their Covid Status app. The Information Commissioners Office ICO urged both to act swiftly to address its concerns about the app that, according to the ICO, failed to provide peop...
Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers
An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response IR teams today,...
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
The digital security team at the U.K. National Health Service NHS has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on...
midlandsdecisionsupport.nhs.uk Cross Site Scripting vulnerability OBB-2309228
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
hampshirehospitals.nhs.uk Cross Site Scripting vulnerability OBB-2304148
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Omicron Phishing Scam Already Spotted in UK
The global pandemic has provided cover for all sorts of phishing scams over the past couple of years, and the rise in alarm over the spread of the latest COVID-19 variant, Omicron, is no exception. As public health professionals across the globe grapple with what they fear could be an even more...
clinicalknowledgepublisher.scot.nhs.uk Cross Site Scripting vulnerability OBB-2153239
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
taysideformulary.scot.nhs.uk Cross Site Scripting vulnerability OBB-2153237
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
grampianformulary.scot.nhs.uk Cross Site Scripting vulnerability OBB-2153236
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
homerton.nhs.uk Cross Site Scripting vulnerability OBB-2139255
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
sth.nhs.uk Cross Site Scripting vulnerability OBB-2137363
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
mpft.nhs.uk Cross Site Scripting vulnerability OBB-2136009
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
apps.nhslothian.scot Improper Access Control vulnerability OBB-2123355
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Beware of COVID Pass scams
You’ve likely seen fake parcel delivery texts in the news recently, and we’ve covered a few of these ourselves. SMS missives claim a package is waiting to be delivered, and a small processing fee is required. There is no package; it’s a ruse to have people hand over their credit card details. It’...
The value of regulator-driven red teaming: CBEST
How do we in the UK avoid something like the Colonial Oil Pipeline ransomware attack happening? How would you feel if your mobile phone suddenly stopped working altogether? What if ambulances couldn’t respond to 999 emergency calls? What if the mechanism of government suddenly ground to a halt? T...
The Threat That Never Went Away Is Back (with a Vengeance)
What is your recollection of May 2017? Emmanuel Macron won the French election. The Ringling Bros. and Barnum & Bailey Circus gave its final performance after a 146-year run. The U.S. FCC voted to overturn net neutrality rules. And the National Health Service in the United Kingdom was crippled by...
A week in security (April 12 – 18)
Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with us. We announced the release of the Malwarebytes SMB Cybersecurity Trust & Confidence Report 2021, a first-of-its-kind survey of the hardworking IT professionals on...