EUVD-2014-7229

Malware in sbrugna...

vermontdanbymarble.com Cross Site Scripting vulnerability OBB-3928993

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vermonthousingmanagers.org Cross Site Scripting vulnerability OBB-2952517

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fsdnet.ahs.state.vt.us Cross Site Scripting vulnerability OBB-2896916

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vermontweddings.com Cross Site Scripting vulnerability OBB-2775844

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vermontgravestones.org Improper Access Control vulnerability OBB-2524646

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

alis.edlicensing.vermont.gov Cross Site Scripting vulnerability OBB-2151041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| alis.edlicensing.vermont.gov ---|--- Op...

Arbitrary File Deletion Vulnerability in Vermont Cloud at Shanghai Vermont Software Co.

Ltd. is a foreign trade SaaS service provider, but also a professional foreign trade industry solutions provider. Ltd. VUMA Cloud suffers from an arbitrary file deletion vulnerability. An attacker can exploit this vulnerability to delete arbitrary information...

Cyberattack on UVM Health Network Impedes Chemotherapy Appointments

The University of Vermont UVM health network is scrambling to recover its systems after a cyberattack led to widespread delays in patient appointments – including chemotherapy appointments, as well as mammograms and biopsies. The UVM Health Network is a six-hospital, home-health and hospice syste...

vermontregisteredagent.com Cross Site Scripting vulnerability OBB-1377528

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

maps.vcgi.vermont.gov Improper Access Control vulnerability OBB-1372520

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the Past Three Years

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes f...

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice PDF posted on the department’s website warned taxpayers who filed a Property Transfer Tax return...

vermontconservationvoters.com Cross Site Scripting vulnerability OBB-1021060

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator...

vermontcivilwar.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-960116 Security Researcher KhanJanny Helped patch 3061 vulnerabilities Received 9 Coordinated Disclosure badges Received 38 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting vermontcivilwar.org websi...

vermont.farmvisit.com XSS vulnerability

Open Bug Bounty ID: OBB-653549 Description| Value ---|--- Affected Website:| vermont.farmvisit.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Vermont Librarian Wins Small-Claims Suit Against Equifax

In a David-and-Goliath moment, a 49-year-old librarian has won damages against credit giant Equifax, in the wake of its head-spinningly massive 2017 data breach. It’s a small but significant victory: a small claims court awarded $600 to Jessamyn West, native of the small town of Randolph in Orang...

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old...

New Data Privacy Regulations

When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the Internet. Right now, the only way we can force these companies to take our privacy more...