18 matches found
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiris's tactics, name...
Morning 安全漏洞
Morning is a public service online e-commerce store by the individual developer of Morning in China. A security vulnerability exists in Morning bc782730c74ff080494f145cc363a0b4f43f7d3e and prior versions, which stems from vulnerability to cross-site request forgery attacks...
FBI Warns of Data Extortion Scam Targeting Corporate Executives
The Federal Bureau of Investigation FBI Internet Crime Complaint Center IC3 has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitiv...
Malicious code in Be.Vlaanderen.Basisregisters.PublicServicеRegistry.Aрi.Backoffice (NuGet)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4057 Malicious code in Be.Vlaanderen.Basisregisters.PublicServicеRegistry.Aрi.Backoffice (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaanderen.Basisregisters.PսblicServicеRegistry.Aрi.Bаckoffice (NuGet)
--- -= Per source details. Do not edit below this line.=-...
GHSA-2QPH-QPVM-2QF7 tls-listener affected by the slow loris vulnerability with default configuration
Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new vulnerable to a slow-loris DoS attack. rust /// Default numbe...
tls-listener affected by the slow loris vulnerability with default configuration
Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new vulnerable to a slow-loris DoS attack. rust /// Default numbe...
China's bidding and tendering public service platform has information leakage vulnerability
China's bidding and tendering public service platform provides market public information services for bidding and tendering transaction platforms and parties, realizing the pooling, sharing, dynamics and openness of market information, and providing data support for regulating and supervising the...
CVE-2021-40495
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application...
SQL Injection Vulnerability in Public Service Platform for Tenders and Bids
China Bidding Public Service Platform Co., Ltd. in the National Development and Reform Commission under the guidance and promotion of the China Bidding and Tendering Association, led by eight enterprises jointly invested in the establishment of public service enterprises. There is a SQL injection...
China Bidding Public Service Platform Limited Bidding and Tendering Public Service Platform has Arbitrary File Download Vulnerability
China Bidding Public Service Platform Co., Ltd. is a public service enterprise approved by the State Council and set up under the guidance and promotion of the National Development and Reform Commission, and jointly invested by eight enterprises led by China Bidding and Tendering Association. The...
Logic flaws exist in the public service platform for continuing education of professional and technical personnel of Beijing EdiKosen Education Technology Co.
Ltd. is a national high-tech enterprise. The company is committed to the development of e-learning platforms and the integration and production of curriculum resources. It strictly implements the ISO9001 international quality standard, owns 35 software copyrights, and has been awarded by the...
CISA-FBI Joint Announcement on PRC Targeting of COVID-19 Research Organizations
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have jointly released a Public Service Announcement on the People’s Republic of China’s targeting of COVID-19 research organizations. CISA and FBI encourage COVID-19 research organizations to...
FBI Encouraging Ransomware Victims To Report Infections
The Federal Bureau of Investigation this week urged victims of ransomware to report infections to federal law enforcement in hopes of better understanding the threat. The agency, in tandem with the Internet Crime Complaint Center IC3, issued a public service announcement on Thursday asking...
Inout Ad server Ultimate Shell Upload Vulnerabilty
No description provided by source. ============================================================== Inout Ad server Ultimate -- Shell upload Vulnerabilty ============================================================== Name : Inout Ad server Ultimate Shell upload Vulnerabilty Date : july 9,2010...
Google to Pay $7M Settlement Over Street View Data Collection
Google has agreed to pay a $7 million settlement to several dozen U.S. states as part of an agreement of charges that the company was collecting private user data from WiFi hotspots while its Street View cars were driving around taking photos in various locations. The controversy over Google’s...
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...