dieselgeneratortech.com Cross Site Scripting vulnerability OBB-3705689

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The US Congress Has Trust Issues. Generative AI Is Making It Worse

Senators are meeting with Silicon Valley's elite to learn how to deal with AI. But can Congress tackle the rapidly emerging tech before working on itself?...

How China Demands Tech Firms Reveal Hackable Flaws in Their Products

Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers...

CVE-2023-37222

Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities CWE-79 can be exploited by a user with administrator privilege...

Cross site scripting

Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities CWE-79 can be exploited by a user with administrator privilege...

CVE-2023-37222 Farsight Tech Nordic AB ProVide

Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities CWE-79 can be exploited by a user with administrator privilege...

CVE-2023-37222 Farsight Tech Nordic AB ProVide

Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities CWE-79 can be exploited by a user with administrator privilege...

CVE-2023-37222

CVE-2023-37222 affects Farsight Tech Nordic AB ProVide 14.5. The vulnerability is multiple Cross-Site Scripting (CWE-79) in the web interface that can be exploited by a user with administrator privileges, with user interaction required. CVSS details from NVD indicate a low/moderate overall impact...

PT-2023-25841 · Farsight Tech Nordic Ab · Provide

Name of the Vulnerable Software and Affected Versions: Farsight Tech Nordic AB ProVide version 14.5 Description: Multiple XSS vulnerabilities can be exploited by a user with administrator privilege. Recommendations: For version 14.5, consider disabling access to administrator privileges until a...

Earth Estries Targets Government, Tech for Cyberespionage

We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures TTPs employed, we observed overlaps with the advanced persistent threat APT group FamousSparrow as Earth Estries targets governments and...

You Are a Woman in Tech: Own Your Voice

...

Teenage members of Lapsus$ ransomware gang convicted

A wave of video game developer compromises has come to a court-based conclusion for those responsible, with several convictions the end result. Arion Kurtaj, and a second teen who cannot be named due to their age, are finding themselves to be in quite a lot of trouble after repeated and sustained...

Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks

Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ aka Slippy Spider transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information...

Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success

Every company has some level of tech debt. Unless you're a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As those technologies age, they can leave your...

FAST TECH CMS 1.0 Cross Site Request Forgery

==================================================================================================================================== | Title : FAST TECH CMS v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 73.0.132-bit | | Vendor...

FAST TECH CMS 1.0 SQL Injection

==================================================================================================================================== | Title : FAST TECH CMS v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 73.0.132-bit | ...

Arbitrary File Read Vulnerability in DPtech SSL VPN of Hangzhou Dipu Technology Co.

Ltd. is a high-tech enterprise integrating R&D, production and sales in the field of network, security and application delivery. Ltd. DPtech SSL VPN suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive information...

Credit Lite 1.5.4 SQL Injection Vulnerability

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4407...

WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging...

Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams

Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex traffic redirection scheme we had ever seen. In fact, the threat actor had started deploying infrastructure in earnest as early as 2017, about 3 years prior to our...