A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London congratulations, Real Madrid! marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors a...

Friday Squid Blogging: Emotional Support Squid

When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: Theyre emotional support squid because theyre large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows and you can fidget with the arms and tentacles for...

6 Phone Management Tips When Traveling Abroad

By Owais Sultan Phones are a major reason why travelling is more accepted and comfortable than ever before. First of all,… This is a post from HackRead.com Read the original post: 6 Phone Management Tips When Traveling Abroad...

CVE-2023-50864

CVE-2023-50864 concerns Travel Website v1.0, with multiple unauthenticated SQL injection vulnerabilities in the hotelDetails.php hotelId parameter. The underlying issue is that characters received are not validated/filtered before being sent to the database, enabling potential data access/alterat...

CVE-2023-50863

Travel Website v1.0 contains unauthenticated SQL Injection vulnerabilities in generateReceipt.php, via unsanitized hotelIDHidden input sent to the database. Root cause: lack of input validation for hotelIDHidden leads to arbitrary SQL execution with high impact (CVSS 3.1: 9.8 CRITICAL, AV:N/AC:L/...

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific APAC region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and th...

The Benefits Of Blockchain In The Travel Industry

By Owais Sultan Blockchain technology advocates say it’s poised to disrupt numerous industries, ranging from finance to supply chain tracking and real estate. This is a post from HackRead.com Read the original post: The Benefits Of Blockchain In The Travel Industry...

Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations

A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name...

CVE-2022-30414

The CVE-2022-30414 entry concerns Covid-19 Travel Pass Management System v1.0, which is reported to be vulnerable to SQL Injection through the parameter in /ctpms/admin/?page=applications/view_application&id=. The connected records consistently describe an SQL injection vulnerability originating ...

Memory corruption

An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation lock or unlock activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app either Android or iOS to add th...

Malicious Campaign Targets Latin America: The seller, The operator and a curious link

By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer. Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT.The campaign targets travel and hospitality organizations in Latin America.Techniques utilized in this campaign...

File Upload Vulnerability in Travel Management System in PHP (CNVD-2021-51849)

Travel Management System in PHP is an automated system designed to help customers easily check their parcel details while helping travel companies track packages online. A file upload vulnerability exists in Travel Management System in PHP, which can be exploited by an attacker to upload a webshe...

How Does One Get Hired by a Top Cybercrime Gang?

The U.S. Department of Justice DOJ last week announced the arrest of a 55-year-old Latvian woman whos alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how di...

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate...

Love Travel < 2.0 - Unauthenticated Reflected XSS & XFS

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Love Travel theme for WordPress, affected versions: 1.0-1.9. Vulnerable parameters: ndtravelarchiveformkeyword, ndtraveltypologyslug. The issue was fixed due to a code rewrite of the theme. $ :: Payloads: " "...

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

UPDATE Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. Meanwhile, the Department of Treasury also imposed sanctions on individuals and organizations associated with Iran-linked APT39. APT41 a.k.a...

Ransom Demands Return: New DDoS Extortion Threats From Old Actors Targeting Finance and Retail

Update 08/24/2020 As mentioned below, the Akamai SIRT has been tracking attacks from the so-called Armada Collective and Fancy Bear actors, who are sending ransom letters to various industry verticals such as finance, travel, and e-commerce. In addition to the...

WordPress Travel Booking theme <= 2.8.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Vlad Vector in WordPress Travel Booking theme versions = 2.8.3. Solution Update the WordPress Travel Booking theme to the latest available version at least 2.8.4...

ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel

Bad bots, bad bots, whatcha gonna do? Target e-commerce, the travel industry, media and online marketplaces, that’s what. Those are the top four verticals attacked by bots in the last year, according to data released on Wednesday from Radware, with e-commerce accounting for the most activity. In...

What Will Happen to My ISO Certificate During a Global Pandemic?

As the coronavirus outbreak continues and safety concerns relating to travel and large group meetings increase globally, Coalfire ISO "CFISO" has been monitoring the effects of this crisis on both its customers and its employees. As a certification body, CFISO maintains accreditation with both th...