10 matches found
What’s the point of press releases from threat actors?
Welcome to this weeks edition of the Threat Source newsletter. As a former reporter, Ive seen my fair share of press releases. But one from a threat actor was definitely a new one for me last week. ALPHV aka BlackCat publicly took credit for a massive cyber attack against MGM, a resort, gambling...
ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2023-59104)
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...
OSINT your OT suppliers
There is much talk about supply chain security and reviewing your suppliers for cyber security. But how much information do they intentionally and unintentionally leak about your organisation online? We see this particularly in the industrial controls sector as its cyber security maturity is...
ImpressCMS path traversal vulnerability
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...
An Internet Troll Gives Nonalcoholic Spirits Startups the Spins
From false press releases to misleading domain names, one man has allegedly gone to great lengths to sabotage his competitors...
Trend Micro and JC3 Study on Fraud, Phishing Targeting Japanese Users
This blog details the aspects of two major phishing fraud groups identified from the research and analysis. This study was also announced via separate press releases from Trend Micro Incorporated and JC3...
pia.ca.gov XSS vulnerability
Open Bug Bounty ID: OBB-289707 Description| Value ---|--- Affected Website:| pia.ca.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
olympus.cz XSS vulnerability
Vulnerable URL: https://www.olympus.cz/corporate/cs/presscentre/pressreleases/pressreleasesoverview.jsp?c==%22%3E%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E=12 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability...
Ukrainian Hacker Admits Stealing Corporate Press Releases for $30 Million Profit
A 28-year-old Ukrainian hacker has pleaded guilty in the United States to stealing unpublished news releases and using that non-public information in illegal trading to generate more than $30 Million £20.8 Million in illicit profits. Vadym Iermolovych, 28, admitted Monday that he worked with two...
Hack That Fueled Insider Trading Ring Netted $100M
Hackers based in Ukraine and Russia allegedly broke into servers belonging to several newswires and passed sensitive information onto an underground trading ring as part of what’s being referred to as an unprecedented new level of insider trading. Prosecutors claimed Tuesday that corporate...