54 matches found
EUVD-2006-5359
Malware in sbrugna...
EUVD-2024-53440
Malicious code in bioql PyPI...
Implementing Zero Trust Architecture to Enhance Security and Resilience in the Pharmaceutical Supply Chain
The pharmaceutical supply chain faces escalating cybersecurity challenges threatening patient safety and operational continuity. This paper examines the transformative potential of zero trust architecture for enhancing security and resilience within this critical ecosystem. We explore the...
CVE-2024-56829
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx...
CVE-2024-56829
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx...
CVE-2024-56829
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx...
Huang Yaoshi Pharmaceutical Management Software 安全漏洞
NWT Huang Yaoshi Pharmaceutical Management Software is a pharmaceutical management software from NWT. A security vulnerability exists in Huang Yaoshi Pharmaceutical Management version 16.0 and prior versions that originates from a file upload via the /XSDService.asmx interface that allows arbitra...
CVE-2024-56829
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx...
Hangzhou Meisoft Information Technology Finesoft Security Breach
Hangzhou Meisoft Information Technology Finesoft is a pharmaceutical management software from Hangzhou Meisoft Information China. A security vulnerability exists in Hangzhou Meisoft Information Technology Finesoft v.8.0 and prior versions that could allow a remote attacker to execute arbitrary co...
Hangzhou Meisoft Information Technology FineSoft Cross-Site Scripting Vulnerability
Hangzhou Meisoft Information Technology Finesoft is a pharmaceutical management software from Hangzhou Meisoft Information China. A cross-site scripting vulnerability exists in Hangzhou Meisoft Information Technology FineSoft v.8.0 and earlier versions, which can be exploited to allow a remote...
pharmaceutical-technology.com Improper Access Control vulnerability OBB-3828142
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
pharmaceutical-technology.com Cross Site Scripting vulnerability OBB-3807790
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Prioritizing the Pharmaceutical Supply Chain for Healthcare Resiliency
...
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out by an actor we track as Peach Sandstorm HOLMIUM. Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and...
For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma
Welcome to the second installment in our series looking at the latest ransomware research from Rapid7. Two weeks ago, we launched "Pain Points: Ransomware Data Disclosure Trends", our first-of-its-kind look into the practice of double extortion, what kinds of data get disclosed, and how the...
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of...
APT Groups Target Healthcare and Essential Services
Summary This is a joint alert from the United States Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC. CISA and NCSC continue to see indications that advanced persistent threat APT groups are...
pharmaceutical.ca Cross Site Scripting vulnerability OBB-2144646
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Oracle Argus Safety Information Disclosure Vulnerability
Oracle Argus Safety is a complete pharmacovigilance software system designed to address the pharmaceutical industry's toughest regulatory challenges. An information disclosure vulnerability exists in the Letters component of Oracle Argus Safety 8.2.2. An attacker could exploit this vulnerability ...
North Korean Hackers Trying to Steal COVID-19 Vaccine Research
Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a...