Unicornscan 0.4.52

Unicornscan is an information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL...

CVE-2024-26762 cxl/pci: Skip to handle RAS errors if CXL.mem device is detached

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...

Design/Logic Flaw

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...

CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...

CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...

Unsafe Reflection

Overview stimulusreflex is an exciting new way to build modern, reactive, real-time apps with Ruby on Rails. Affected versions of this package are vulnerable to Unsafe Reflection due to the handling of websocket messages that allow specifying a classname and methodname. An attacker can manipulate...

Identity Theft Spikes Due to COVID-19 Relief

Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits. This is according to the Federal Trade Commission FTC, which received about 1.4 million reports of...

Aliens and UFOs: A Final Frontier for Social Engineers

Buried deep within the most recent round of COVID-19 stimulus legislation was a little provision with potentially explosive consequences: The Pentagon has six months to release a full report on what they know about the existence of what they term Unidentified Aerial Phenomena UAP — or UFOs to the...

Basecamp: HEY.com email stored XSS

An attacker can bypass the HEY.com HTML sanitizer and inject arbitrary unsafe HTML in emails. To reproduce the bug you have to send raw HTML-formatted email. You can do it e.g. with the Sendmail tool on Linux. Example email: plain From: [email protected] To: [email protected] Subject: HackerOne test...

Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams

Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found. Researchers from Secureworks Counter Threat Unit CTU have observed an...

COVID-19 relief package provides another platform for bad actors

The ongoing COVID-19 pandemic continues to yield new subject matter that bad actors can turn into fodder for enticing victims into clicking on malicious links and attachments. On March 27, the CARES Act was signed into law by the President, enacting a wide range of stimulus packages designed to a...

Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks

Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus...