The Week in Ransomware – October 13th 2023 – Increasing Attacks
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if...
US Smashes Annual Data Breach Record With Three Months Left
There were 2116 reported US data breaches and leaks in the first nine months of 2023, making it the worst...
European Police Hackathon Hunts Down Traffickers
Law enforcers from 26 countries came together recently in a hackathon designed to enhance intelligence gathering on human trafficking gangs,...
Fifth of UK Cybersecurity Pros Work Excessive Hours
The UK’s cybersecurity professionals believe they have excellent career prospects and are employed in a “booming” sector, but many are...
Chinese APT ToddyCat Targets Asian Telecoms, Governments
A new malicious espionage campaign is targeting telecommunications organizations and governments across Central and Southeast Asia, CheckPoint Research has discovered.The...
Half of Small Businesses Hit by Cyber-Attack Over the Past Year
Cybersecurity has become a top concern for small and medium enterprises (SMEs) and nearly half (48%) of SMEs have experienced...
Vulnerability Exposed in WordPress Plugin User Submitted Posts
A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack...
UK Regulator Fines Equifax £11m for 2017 Data Breach
The UK’s financial regulator has fined Equifax Ltd. over £11m ($13.4m) for failing to protect UK consumer data stolen in...
California Enacts “Delete Act” For Data Privacy
California Governor Gavin Newsom has signed into law the first bill in the US compelling data brokers to delete all...
New Phishing Campaign Uses LinkedIn Smart Links in Blanket Attack
Email security provider Cofense has discovered a new phishing campaign comprising over 800 emails and using LinkedIn Smart Links.The campaign...
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
Pyxamstore – Python Utility For Parsing Xamarin AssemblyStore Blob Files
This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and...
HackerOne Bug Bounty Disclosure: b-potential-spoofing-risk-through-firefox-private-relay-service-b-nicholas-cw
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'nicholas_cw'Link to Submitters Profile:https://hackerone.com/b'nicholas_cw' Report Title:b'Potential Spoofing Risk through Firefox...
HackerOne Bug Bounty Disclosure: b-xss-reflected-pqm-tva-com-b-tvmbug
Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'tvmbug'Link to Submitters Profile:https://hackerone.com/b'tvmbug' Report Title:b'xss reflected - pqm.tva.com'Report Link:https://hackerone.com/reports/1363001Date...
HackerOne Bug Bounty Disclosure: b-exposing-django-debug-panel-and-sensitive-infrastructure-information-at-https-dev-fxprivaterelay-nonprod-cloudops-mozgcp-net-b-aliend
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'aliend89'Link to Submitters Profile:https://hackerone.com/b'aliend89' Report Title:b'Exposing Django Debug Panel and...
HackerOne Bug Bounty Disclosure: b-admin-mytva-com-customer-lookup-and-internal-notes-bypass-b-itssixtynein
Company Name: b'Tennessee Valley Authority' Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:b'itssixtynein'Link to Submitters Profile:https://hackerone.com/b'itssixtynein' Report Title:b'Admin.MyTVA.com Customer lookup and internal...
HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-b-holybugx
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'holybugx'Link to Submitters Profile:https://hackerone.com/b'holybugx' Report Title:b'Subdomain takeover on one of...
Siemens SICAM PAS/PQS privilege escalation | CVE-2023-45205
NAME__________Siemens SICAM PAS/PQS privilege escalationPlatforms Affected:Siemens SICAM PAS 8.00 Siemens SICAM PAS 8.21 Siemens SICAM PQS 8.00 Siemens SICAM PQS...
Samba denial of service | CVE-2023-42669
NAME__________Samba denial of servicePlatforms Affected:Samba Samba 4.17 Samba Samba 4.18.0 Samba Samba 4.19Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Samba is vulnerable to...
Microsoft Windows TCP/IP denial of service | CVE-2023-36603
NAME__________Microsoft Windows TCP/IP denial of servicePlatforms Affected:Microsoft Windows Server 2019 Microsoft Windows 10 1809 for x64-based Systems Microsoft Windows 10...
Samba denial of service | CVE-2023-42670
NAME__________Samba denial of servicePlatforms Affected:Samba Samba 4.17 Samba Samba 4.18.0 Samba Samba 4.19Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Samba is vulnerable to...
Unisoc Chipsets information disclosure | CVE-2023-40632
NAME__________Unisoc Chipsets information disclosurePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc T760 Unisoc T618 Unisoc T612...
Juniper Networks Junos OS and Junos OS Evolved denial of service | CVE-2023-36839
NAME__________Juniper Networks Junos OS and Junos OS Evolved denial of servicePlatforms Affected:Juniper Networks Junos OS 21.1 Juniper Networks Junos OS...
Unisoc Chipsets information disclosure | CVE-2023-40631
NAME__________Unisoc Chipsets information disclosurePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc T760 Unisoc T618 Unisoc T612...
