Frontier Airlines website publicly available email address validation

RISK EVALUATION The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks. 2. RECOMMENDED PRACTICES Use a...

EUVD-2019-0578

Malware in sbrugna...

EUVD-2018-12259

Malware in sbrugna...

PT-2025-23996 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0.2 Description: The issue is related to the default password requirements. By default, strong passwords are not required, making it easier for attackers to compromise user accounts. Recommendations:...

CVE-2024-22355

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781...

CVE-2019-13354

The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6...

Watch where you point that cred! Part 1

TL;DR Poorly protected authentication requests from privileged automated tasks e.g. vulnerability scanners, health checks could be intercepted by rogue authentication servers planted in the internal network. Weak authentication methods, overly broad privileges and scopes, as well as poor network...

CVE-2024-3263

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex that stems from not requiring users to use strong passwords by default, which makes it easier for attackers ...

PT-2025-1393 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.10 Description: The issue makes it easier for attackers to compromise user accounts due to a lack of strong password requirements by default. Recommendations: For IBM Aspera Faspex versions 5.0.0...

Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provid...

Number of data breach victims goes up 1,000%

Nope, that headlines not a typo. Over one thousand percent. The Identity Theft Resource Center ITRC tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 81,958,874 victims. The ITRC is a national non-profit organization set up with the goal of minimizing the ri...

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets...

Advance Auto Parts customer data posted for sale

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email...

CVE-2024-3263 Improper authentication in YMS VIS Pro

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...

CVE-2024-3263

CVE-2024-3263 affects YMS VIS Pro due to improper system-credentials generation and weak password policy, enabling brute-force login attempts. Public details identify affected versions as VIS Pro 3.3.0.7). There is no explicit exploitation details or public in-the-wild exploit information provide...

PT-2024-24730 · Unknown · Yms Vis Pro

Name of the Vulnerable Software and Affected Versions: YMS VIS Pro versions prior to 3.3.0.7 Description: The issue arises from a combination of an improper method for system credentials generation and a weak password policy, allowing passwords to be easily guessed and enumerated through brute...

What can we learn from the passwords used in brute-force attacks?

Brute force attacks are one of the most elementary cyber threats out there. Technically, anyone with a keyboard and some free time could launch one of them -- just try a bunch of different username and password combinations on the website of your choice until you get blocked. Nick Biasini and I...

American Express warns customers about third party data breach

American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered t...

PT-2024-2024 · Ibm · Ibm Qradar Suite +1

Name of the Vulnerable Software and Affected Versions: IBM QRadar Suite Products versions 1.10.12.0 through 1.10.18.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 Description: The issue is related to weak password requirements in IBM QRadar Suite and IBM Cloud Pak for Security...