Kaspersky has continued to track the Roaming Mantis campaign. The group's attack methods have improved and new targets continuously added in order to steal more funds. The attackers' focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis...
0.5AI Score
ns2.magic-inc.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1103928 Security Researcher error404 Helped patch 526 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting ns2.magic-inc.com website...
0.3AI Score
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via....
7.4CVSS
6.9AI Score
0.002EPSS
JVN#28845872: Android App "MyPallete" vulnerable to improper server certificate verification
Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification (CWE-295) and to improper host-matching validation (CWE-297). ## Impact A...
7.4CVSS
3.2AI Score
0.002EPSS
familynhome.org Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1070441 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
0.8AI Score
satisloh.de Cross Site Scripting vulnerability
Security Researcher metamorfosec Helped patch 1908 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting satisloh.de website and its users. Following...
0.2AI Score
The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other...
7.8CVSS
7.3AI Score
0.0004EPSS
The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other...
7.8CVSS
7.4AI Score
0.0004EPSS
The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other...
7.8CVSS
7.3AI Score
0.0004EPSS
The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other...
7.4AI Score
0.0004EPSS
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version...
8.8CVSS
8.8AI Score
0.001EPSS
Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port...
9.8CVSS
9.2AI Score
0.012EPSS
Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005.....
6.1CVSS
6.3AI Score
0.001EPSS
JVN#17127920: Smart TV Box fails to restrict access permissions
Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if...
9.8CVSS
2.3AI Score
0.012EPSS
Details of the Cloud Hopper Attacks
Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud....
1AI Score
The openstack-nova packages provide OpenStack Compute (code name Nova), which provides services for provisioning, managing, and using virtual machine instances. A flaw was found in the way the Nova VNC proxy handled console tokens. In some cases, a console token that was valid for one virtual...
6AI Score
0.011EPSS
Payroll Provider Gives Extortionists a Payday
Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...
6.7AI Score
V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access...
5.3CVSS
5.1AI Score
0.001EPSS
JVN#40439414: A vulnerability in V20 PRO L-01J that may cause a crash
V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. ## Impact If an attacker sets up a specially crafted Passpoint applied...
5.3CVSS
3.4AI Score
0.001EPSS
Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS
simonandschuster.com XSS vulnerability
Open Bug Bounty ID: OBB-702178 Description| Value ---|--- Affected Website:| simonandschuster.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
About the security content of Safari 11.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, see....
8.8CVSS
0.1AI Score
0.17EPSS
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to....
5.9CVSS
5AI Score
0.001EPSS
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to....
5.9CVSS
5.2AI Score
0.001EPSS
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to....
5.9CVSS
5AI Score
0.001EPSS
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to....
5.1AI Score
0.001EPSS
Google's G Suite, Search and Analytics Taken Down in Hijacking
Google said key business services were knocked offline Monday when web traffic to a portion of its cloud platform was hijacked and routed through Chinese, Nigerian and Russian ISPs. The incident lasted for 74 minutes in what is called a Border Gateway Protocol (BGP) hijacking. BGP is a protocol...
1.4AI Score
paperrebel.com XSS vulnerability
Open Bug Bounty ID: OBB-683564 Description| Value ---|--- Affected Website:| paperrebel.com Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Open Bug Bounty ID: OBB-682393 Description| Value ---|--- Affected Website:| otelo.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
0.1AI Score
Open Bug Bounty ID: OBB-682392 Description| Value ---|--- Affected Website:| otelo.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
0.1AI Score
Open Bug Bounty ID: OBB-682389 Description| Value ---|--- Affected Website:| otelo.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
0.1AI Score
foschini.co.za XSS vulnerability
Open Bug Bounty ID: OBB-681408 Description| Value ---|--- Affected Website:| foschini.co.za Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
totalsports.co.za XSS vulnerability
Open Bug Bounty ID: OBB-681366 Description| Value ---|--- Affected Website:| totalsports.co.za Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
yachtworld.fi Open Redirect vulnerability
Open Bug Bounty ID: OBB-681063 Description| Value ---|--- Affected Website:| yachtworld.fi Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
yachtworld.dk Open Redirect vulnerability
Open Bug Bounty ID: OBB-681062 Description| Value ---|--- Affected Website:| yachtworld.dk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
yachtworld.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-681060 Description| Value ---|--- Affected Website:| yachtworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
yachtworld.de Open Redirect vulnerability
Open Bug Bounty ID: OBB-681061 Description| Value ---|--- Affected Website:| yachtworld.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
yachtworld.fr Open Redirect vulnerability
Open Bug Bounty ID: OBB-681058 Description| Value ---|--- Affected Website:| yachtworld.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
yachtworld.es Open Redirect vulnerability
Open Bug Bounty ID: OBB-681059 Description| Value ---|--- Affected Website:| yachtworld.es Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
yachtworld.it Open Redirect vulnerability
Open Bug Bounty ID: OBB-681057 Description| Value ---|--- Affected Website:| yachtworld.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
no.yachtworld.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-681054 Description| Value ---|--- Affected Website:| no.yachtworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
nl.yachtworld.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-681055 Description| Value ---|--- Affected Website:| nl.yachtworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
ru.yachtworld.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-681053 Description| Value ---|--- Affected Website:| ru.yachtworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
se.yachtworld.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-681052 Description| Value ---|--- Affected Website:| se.yachtworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
yachtworld.co.uk Open Redirect vulnerability
Open Bug Bounty ID: OBB-681051 Description| Value ---|--- Affected Website:| yachtworld.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
au.yachtworld.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-681050 Description| Value ---|--- Affected Website:| au.yachtworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
0.1AI Score
JVN#37288228: +Message App fails to verify SSL server certificates
+Message App fails to verify SSL server certificates. ## Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. ## Solution Update the Application Update to the latest version according to the information provided by the developer. ## Products Affected.....
5.9CVSS
3.5AI Score
0.001EPSS
americangreetings.com XSS vulnerability
Open Bug Bounty ID: OBB-679799 Description| Value ---|--- Affected Website:| americangreetings.com Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
kennametal.com XSS vulnerability
Open Bug Bounty ID: OBB-676061 Description| Value ---|--- Affected Website:| kennametal.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
americangreetings.com XSS vulnerability
Open Bug Bounty ID: OBB-662673 Description| Value ---|--- Affected Website:| americangreetings.com Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
0.1AI Score