Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are...
rtMedia plugin for WordPress, BuddyPress and bbPress code execution | CVE-2023-5939
NAME__________rtMedia plugin for WordPress, BuddyPress and bbPress code executionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________rtMedia plugin for WordPress, BuddyPress and bbPress could...
Lot Reservation Management System index.php information disclosure |
NAME__________Lot Reservation Management System index.php information disclosurePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________Lot Reservation Management System could allow a remote...
Lot Reservation Management System ajax.php file upload |
NAME__________Lot Reservation Management System ajax.php file uploadPlatforms Affected:Risk Level:7.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Lot Reservation Management System could allow a remote...
NOKIA NFM-T directory traversal | CVE-2022-41760
NAME__________NOKIA NFM-T directory traversalPlatforms Affected:NOKIA NFM-T R19.9Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________NOKIA NFM-T could allow a remote authenticated attacker to traverse directories...
WP Mail Log Plugin for WordPress file include | CVE-2023-5672
NAME__________WP Mail Log Plugin for WordPress file includePlatforms Affected:WordPress WP Mail Log Plugin for WordPress 1.1.2Risk Level:4.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WP Mail...
Apache DolphinScheduler code execution | CVE-2023-49299
NAME__________Apache DolphinScheduler code executionPlatforms Affected:Apache DolphinScheduler 3.1.9Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache DolphinScheduler could allow a remote authenticated attacker to execute arbitrary...
Microsoft Windows PowerShell code execution |
NAME__________Microsoft Windows PowerShell code executionPlatforms Affected:Microsoft PowerShellRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft Windows PowerShell could allow a local authenticated attacker to execute...
rtMedia plugin for WordPress, BuddyPress and bbPress for WordPress file upload | CVE-2023-5931
NAME__________rtMedia plugin for WordPress, BuddyPress and bbPress for WordPress file uploadPlatforms Affected:Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________rtMedia plugin for WordPress, BuddyPress and...
RansomHouse Ransomware Victim: Banco Promerica de la República Dominicana
RansomHouse Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Malware Abuses Google Oauth Endpoint To Revive Cookies Hijack Accounts
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log...
The Week In Ransomware December 29th 2023 Lockbit Targets Hospitals
It's been a quiet week, with even threat actors appearing to take some time off for the holidays. We did...
Steam Game Mod Breached To Push Password Stealing Malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push...
Hospitals Ask Courts To Force Cloud Storage Firm To Return Stolen Data
Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack...
Critical Vulnerability in Apache OFBiz
Apache has released updates addressing a critical vulnerability (CVE-2023-51467) in their OFBiz Enterprise Resource Planning (ERP) system. The vulnerability has...
CISA: CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords Today, CISA published guidance on How Manufacturers Can Protect...
CISA: FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware
FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure...
CISA: CISA Releases Seven Industrial Control Systems Advisories
CISA Releases Seven Industrial Control Systems Advisories CISA released seven Industrial Control Systems (ICS) advisories on December 19, 2023. These...
CISA: CISA and FBI Release Advisory on ALPHV Blackcat Affiliates
CISA and FBI Release Advisory on ALPHV Blackcat Affiliates Today, CISA and the Federal Bureau of Investigation (FBI) released a...
CISA: CISA Releases Advisory on Cyber Resilience for the HPH Sector
CISA Releases Advisory on Cyber Resilience for the HPH Sector Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights...
CISA: Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla Releases Security Updates for Firefox and Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird....
CISA: Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool CISA has published the finalized Microsoft 365 Secure Configuration Baselines,...
