Hyped up curl vulnerability falls short of expectations
curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long...
Shadow PC warns of data breach as hacker tries to sell gamers’ info
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private...
ToddyCat hackers use ‘disposable’ malware to target Asian telecoms
A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021,...
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers...
Ransomware attacks now target unpatched WS_FTP servers
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks. As recently observed by Sophos...
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along...
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities...
New Microsoft bug bounty program focuses on AI-powered Bing
Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. With the AI-powered...
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
RecycledInjector – Native Syscalls Shellcode Injector
(Currently) Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate +...
HackerOne Bug Bounty Disclosure: b-stored-xss-at-nordvpn-com-b-tvmbug
Company Name: b'Nord Security' Company HackerOne URL: https://hackerone.com/nordsecurity Submitted By:b'tvmbug'Link to Submitters Profile:https://hackerone.com/b'tvmbug' Report Title:b'Stored XSS at nordvpn.com'Report Link:https://hackerone.com/reports/1841042Date Submitted:12...
Ransomware review: October 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on...
Medusa Locker Ransomware Victim: SIMTA
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: Evasión
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: Neodata
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: ZOUARY & Associés
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Dark Angel Victim: CannonDesign
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Dark Angel Victim: Roper & Vertafore
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Dark Angel Victim: Robins & Morton
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Dark Angel Victim: Go-Ahead Group
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
SAP BusinessObjects Web Intelligence cross-site scripting | CVE-2023-42474
NAME__________SAP BusinessObjects Web Intelligence cross-site scriptingPlatforms Affected:SAP BusinessObjects Web Intelligence 420Risk Level:6.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________SAP BusinessObjects Web Intelligence is vulnerable to...
Fortinet FortiManager and FortiAnalyzer security bypass | CVE-2023-42787
NAME__________Fortinet FortiManager and FortiAnalyzer security bypassPlatforms Affected:Fortinet FortiAnalyzer 6.2.0 Fortinet FortiManager 7.0.0 Fortinet FortiAnalyzer 7.0.0 Fortinet FortiManager 6.4.0 Fortinet FortiAnalyzer...
SAP Business One information disclosure | CVE-2023-41365
NAME__________SAP Business One information disclosurePlatforms Affected:SAP Business One 10Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SAP Business One could allow a remote authenticated attacker...
Siemens SIMATIC CP Devices denial of service | CVE-2023-37195
NAME__________Siemens SIMATIC CP Devices denial of servicePlatforms Affected:Siemens SIMATIC CP 1604 Siemens SIMATIC CP 1623 Siemens SIMATIC CP 1626 Siemens...
