Lucene search
K

129 matches found

Malwarebytes
Malwarebytes
added 2024/06/05 10:3 a.m.30 views

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens witho...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.4 views

Okta Verify 安全漏洞

Okta Verify is a lightweight application from Okta that allows you to securely access your application with two-step verification, ensuring that you and only you have access to your application account. A security vulnerability exists in Okta Verify versions prior to 4.10.7 that stems from the...

7.1CVSS7.6AI score0.00457EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/03/06 4:11 a.m.334 views

Exploit for Unrestricted Upload of File with Dangerous Type in F-Logic Datacube3

CVE-2024-25830 and CVE-2024-25832 - DataCube3 Improper Access...

9.8CVSS9.5AI score0.2403EPSS
Exploits6
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.8 views

Users are able to front-run settlements to avoid loss

Lines of code Vulnerability details Impact A user is able to front-run the call to settle function in to avoid paying the loss. settle is called by Admin which is a public function, When this functions is called the transaction will appear in the mem pool. A user may then call redeem from LP Vaul...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/28 9:0 p.m.16 views

Google strengthens its Workplace suite protection

Google has announced the strengthening of safeguard measures for its Workspace customers. You may well be using Workspace without realising it. If youre using a Google product such as Gmail, Calendar, Drive, or Google Docs Editors Suite among other apps, then congratulations: you are fully inside...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/18 7:15 p.m.20 views

Attackers demand ransoms for stolen LinkedIn accounts

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.18 views

Two-step ownership transfer process in LSP0ERC725AccountCore can be bypassed

Lines of code Vulnerability details Bug Description To transfer ownership of the LSP0ERC725AccountCore contract, the owner has to call transferOwnership to nominate a pending owner. Afterwards, the pending owner must call acceptOwnership to become the new owner. When called by the owner,...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/04/28 12:0 a.m.15 views

Insecure Ownership Management in DNSSECImpl.sol

Lines of code Vulnerability details Impact This finding highlights a potential security risk related to the lack of safeguards when changing ownership in the DNSSECImpl.sol contract. As it stands, the current implementation allows for the owner to be set to address0, which could result in the los...

6.8AI score
Exploits0
ICS
ICS
added 2023/03/06 7:52 p.m.44 views

Rittal CMC III Access systems

1. EXECUTIVE SUMMARY CVSS v3 4.8 Vendor: Rittal Equipment: CMC III Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to open control cabinets secured with Rittal locks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rittal...

4.6CVSS4.6AI score0.00261EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2023/01/26 5:0 a.m.62 views

WhatsApp hijackers take over your account while you sleep

Late last week, Twitter user Zuk @ihackbanme tweeted an issue about WhatsApp that has the potential to turn heads. The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with...

0.2AI score
Exploits0
OSV
OSV
added 2023/01/13 4:15 a.m.7 views

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

9.8CVSS5.8AI score0.00948EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.5 views

PT-2023-19046 · Microsoft +1 · Outlook +1

Name of the Vulnerable Software and Affected Versions: Axigen version 10.3.3.52 Description: A 2-Step Verification issue allows an attacker to access a mailbox by bypassing 2-Step Verification when trying to add an account to any third-party webmail service with IMAP or POP3 without any...

9.8CVSS7.2AI score0.00948EPSS
Exploits0References8
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.13 views

Single-step process for critical ownership transfer/renounce is risky

Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.10 views

Two-step change of privileged roles

Lines of code Vulnerability details Impact Lack of two-step procedure for critical operations is error-prone and can lead to irrevocable mistakes, might leave the system operationally with no/malicious privileged role. For example, when transfer admin role, in a single-step change, if the current...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.8 views

Single-step ownership change for contracts is risky

Lines of code Vulnerability details Vulnerability details The owner addresses can be changed in a single-step in VotingEscrow. If set to the wrong address this could lead to loss/lock of funds or allow a malicious smart contract to interact with the protocol. When privileged roles are being...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/19 11:12 a.m.29 views

Roblox breached: Internal documents posted online by unknown attackers

A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown attacker has breached an employee account, and is in the process of exposing the data theyve collected. Nobody knows if theyve exhausted their newly-plundered...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/01 1:4 p.m.22 views

WhatsApp accounts hijacked by call forwarding

In a short post on LinkedIn Rahul Sasi, founder and CEO of CloudSEK, explains how WhatsApp account takeovers are possible. The methods consists of several steps and it takes some social engineering skills, but it’s good to be aware of the possibility and how it works. It starts with the threat...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/01/25 2:15 p.m.7 views

CVE-2022-23034

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a...

5.5CVSS5.8AI score0.00336EPSS
Exploits0References7
OSV
OSV
added 2022/01/25 2:15 p.m.3 views

ALPINE-CVE-2022-23034

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a...

5.5CVSS6.6AI score0.00336EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2021/10/20 1:28 p.m.96 views

‘Lone Wolf’ APT Uses Commodity RATs

An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...

9.3CVSS8.7AI score0.99945EPSS
Exploits33References6
Rows per page
Query Builder