115 matches found
CVE-2024-11016
CVE-2024-11016 affects Webopac from Grand Vice info. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Reported CVSS 3.1 v3.1 base score is 9.8 (CRITICAL) with network attack Vector, no...
PT-2024-16704 · Grand Vice Info · Webopac
Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The issue is a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...
PT-2024-16710 · Grand Vice Info · Webopac
Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The issue is a Stored Cross-site Scripting vulnerability, allowing remote attackers with regular privileges to inject arbitrary JavaScript code into the server. When...
PT-2024-16706 · Unknown · Grand Vice Info Webopac
Name of the Vulnerable Software and Affected Versions: Grand Vice Info Webopac versions up to 6.5.0/7.2.2 Description: The issue is related to the lack of proper file type validation in the Webopac component, allowing unauthenticated remote attackers to upload and execute webshells. This could le...
Grand Vice info Webopac 跨站脚本漏洞
Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability in Grand Vice info Webopac version 6.x before 6.5.1 and version 7.x before 7.2.3 exists,...
Grand Vice info Webopac 代码问题漏洞
Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A code issue vulnerability exists in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3, which...
Grand Vice info Webopac 跨站脚本漏洞
Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3 exist...
PT-2024-16707 · Grand Vice Info · Webopac
Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The issue is a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser throug...
Grand Vice info Webopac SQL注入漏洞
Grand Vice info Webopac is an online public access catalog from China Xinxueying Info Grand Vice info. It is used for users to use library services through the Internet. A SQL injection vulnerability exists in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3, whic...
Grand Vice info Webopac 代码问题漏洞
Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A code issue vulnerability exists in Grand Vice info Webopac versions 6.x prior to 6.5.1 and 7.x prior to 7.2.3, which stems fr...
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector
Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest formerly DEV-083...
Rhysida Ransomware Cracked, Free Decryption Tool Released
Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and...
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...
A Bootiful Podcast: GraalVM founder and Oracle vice president Thomas Wuerthinger
Hi, Spring fans! In this installment Josh Long talks to Oracle vice president Thomas Wuerthinger about the project he created and leads, GraalVM. This was recorded live from Devoxx Belgium 2023!...
Rhysida Ransomware
Rhysida Ransomware By Alexandre Mundo, Max Kersten, and Leandro Velasco · October 9, 2023 New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an anonymised version of an attack by...
Rhysida Ransomware
Rhysida Ransomware By Leandro Velasco · October 9, 2023 This blog was also written by Alexandre Mundo and Max Kersten New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an...
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware
Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their targeting of education and healthcare sectors. "As Vice Society was observed deploying a variety of commodity ransomware payloads, this link does not sugge...
The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...
Ransomware review: May 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors TAs using built-in data exfiltration methods like living off the...