17 matches found
Out-of-bounds
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/servicecrud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...
PT-2023-10449 · Undefined · Undefined
ParsedReport CompletenessLow 30-05-2023 Subgroup of the Blind Eagle? Analysis of recent attack activities from the Hagga organization https://ti.qianxin.com/blog/articles/Subgroup-of-Blind-Eagle-Analysis-of-Recent-Attack-Activities-from-Hagga-Group-CN Report completeness: Low Actors/Campaigns:...
Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram
The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure...
Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware
The Computer Emergency Response Team of Ukraine CERT-UA this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed...
Russian Hackers Targeted Petroleum Refinery in NATO Country During Ukraine War
The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple intrusions orchestrated by the...
Security Bulletin: Vulnerability in SSLv3 affects IBM Intelligent Operations Center and related products, and Integrated Information Core (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM HTTP Server and IBM WebSphere Application Server, used by the IBM products listed below. Vulnerability Details CVE ID :CVE-2014-3566...
Colonial Pipeline’s Ransomware Attack Sparks Emergency Declaration
The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations. On Monday morning, FireEye also confirmed to Threatpost that it’s been called...
SQL Injection Vulnerability in Liquefied Petroleum Gas Call Distribution Management System
Shenzhen Puyan Computer Software Technology Co., Ltd LPG call distribution management system is a one-stop comprehensive service system that can quickly and correctly complete the ordering of gas, repair, complaints, consultation, and return visit through the telephone-based multimedia access...
Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China
Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency CIA to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The targeted industry sectors include aviation...
A week in security (September 30 – October 6)
Last week on Malwarebytes Labs, Malwarebytes renewed its pledge to fight stalkerware for National Cybersecurity Awareness NCSA and Domestic Violence Awareness Month. We also looked into what security orchestration is and reported about partnering with security firm, HYAS, to determine the...
Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
The German police yesterday raided the house of the developer of OmniRAT and seized his laptop, computer and mobile phones probably as part of an investigation into a recent cyber attack, a source told The Hacker News. OmniRAT made headlines in November 2015 when its developer launched it as a...
Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
The German police yesterday raided the house of the developer of OmniRAT and seized his laptop, computer and mobile phones probably as part of an investigation into a recent cyber attack, a source told The Hacker News. OmniRAT made headlines in November 2015 when its developer launched it as a...
Liar, liar, pants on fire! Barclays phish claims cards explode
We feel compelled to relay the dire warning from this Barclays snail-mail letter, which we acquired through social media, therefore it must be true. Warning: Barclays debit cards may catch fire! The letter reads as follows: Dear costumer, Many of our bank costumers have reported that their debit...
speed.bharatpetroleum.in XSS vulnerability
Open Bug Bounty ID: OBB-638218 Description| Value ---|--- Affected Website:| speed.bharatpetroleum.in Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
marathonpetroleum.com XSS vulnerability
Vulnerable URL: http://www.marathonpetroleum.com/Search/?search2=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSSPOSED%22%29%3C%2FSCRIPT%3E%22%3E Details: Description| Value ---|--- Patched:| Yes, at 09.06.2017 Latest check for patch:| 09.06.2017 10:09 GMT Vulnerability type:| XSS Vulnerability...
AVCON 4.6.8.7 Buffer Overflow
!/usr/bin/perl Exploit Title: AVCON Buffer Overflow Date: 5/7/10 Author: Dillon Beresford URL: http://www.avcon.com.cn/ Version: 4.6.8.7 Tested on: XP SP2 and SP3 CVE : NONE Code : exploit.pl Twitter: http://twitter.com/D1N Dork: site:gov.cn "AVCON" There are other bugs... This is just for fun ;-...
AVCON Buffer Overflow
Exploit for windows platform in category local exploits ===================== AVCON Buffer Overflow ===================== !/usr/bin/perl Exploit Title: AVCON Buffer Overflow Date: 5/7/10 Author: Dillon Beresford URL: http://www.avcon.com.cn/ Version: 4.6.8.7 Tested on: XP SP2 and SP3 CVE : NONE...