70 matches found
CVE-2024-31943 WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2...
CVE-2024-31943 WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2...
CVE-2024-31943
CVE-2024-31943 is a CSRF vulnerability in USPS Shipping for WooCommerce – Live Rates (affected:
WordPress Plugin USPS Shipping for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin USPS Shipping for...
WordPress USPS Shipping for WooCommerce – Live Rates Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software USPS Shipping for WooCommerce – Live Rates Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31943 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3853ce4c77cb...
New iMessage Phishing Campaign Targets Postal Service Users Globally
By Waqas Some of the known targets of this iMessage phishing campaign are USPS the United States Postal Service, DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users...
Fedora: Security Advisory for icecat (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks
A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services AWS Simple Notification Service SNS. The SMS phishing messages are designed to propagate malicious links that are designed to capture victims'...
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data
By Deeba Ahmed Walmart customers have become the prime target of this phishing scam. This is a post from HackRead.com Read the original post: USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data...
Phishers Spoof USPS, 12 Other Natl’ Postal Services
The fake USPS phishing page. Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service USPS customers. Heres a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services i...
WordPress Advanced USPS Shipping Method Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Advanced USPS Shipping Method Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a753901c3acc Credits Rafie Muhammad...
A week in security (July 3 - 9)
Last week on Malwarebytes Labs: How kids pay the price for ransomware attacks on education Solar monitoring systems exposed: Secure your devices Warning issued over vulnerability in cardiac device monitoring software Update Android now! Google patches three actively exploited zero-days Malicious ...
Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service USPS has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the networks chief technolo...
A week in security (April 11 – 17)
Last week on Malwarebytes Labs: Credential-stealing malware disguises itself as Telegram, targets social media users Old Play Store apps served notice by upcoming API level changes Denonia cryptominer is first malware to target AWS Lambda Ransomware: March 2022 review Why identity management...
USPS “Your package could not be delivered” text is a smishing scam
A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: "U.S. Postal Service We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit bitdotly" I’ve never received an SMS from th...
Shipment-Delivery Scams Become the Favored Way to Spread Malware
Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Researchers from Avanan, a Check...
usps-track.us Cross Site Scripting vulnerability OBB-2120899
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
How to Vote by Mail and Make Sure It Counts
There's a lot going on with the USPS right now. Here's a complete state-by-state guide to how to get your ballot—and when it's due...
New version of IcedID Trojan uses steganographic payloads
This blog post was authored by @hasherezade, with contributions from @siriurz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strik...
ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes
As it gets harder for cybercriminals to bypass business email compromise BEC defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area,...