CACTUS Ransomware Victim: www[.]orthumbau[.]de
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
CACTUS Ransomware Victim: www[.]astrolighting[.]com
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
SickKids impacted by BORN Ontario data breach that hit 3.4 million
The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach...
Can we fix the weaknesses in password-based authentication?
In password-based authentication, end-users confirm their identity using login credentials, commonly a unique username, and a secret password. These credentials...
ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
Security researchers have identified infrastructure belonging to a threat actor now tracked as ShadowSyndicate, who likely deployed seven different ransomware families...
New AtlasCross hackers use American Red Cross as phishing lure
A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor...
Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. Openfire...
New ZeroFont phishing tricks Outlook into showing fake AV-scans
Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned...
Google assigns new maximum rated CVE to libwebp bug exploited in attacks
Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and...
Sony investigates cyberattack as hackers fight over who’s responsible
Sony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for...
Apple Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of...
ChromeOS Multiple Vulnerabilities
Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service...
CISA Publishes Hardware Bill of Materials Framework
The US Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance designed to improve the accuracy of risk assessments...
Pension Firms Report 4000% Surge in Breaches
Pension providers reported a staggering quadruple-digit percentage increase in data breaches to the UK regulator last year, according to new...
Tech Giants Launch Post-Quantum Cryptography Coalition
A new tech consortium launched today with a mission to drive adoption of post-quantum cryptography (PQC).The PQC Coalition features Microsoft,...
ZenRAT Malware Uncovered in Bitwarden Impersonation
A new malware strain called ZenRAT has emerged, concealed within counterfeit Bitwarden installation packages.Discovered by Proofpoint, ZenRAT is a modular...
More than 30 US Banks Targeted in New Xenomorph Malware Campaign
Xenomorph malware has reemerged in a new distribution campaign, expanding its scope to target over 30 US banks along with...
Half of Cyber-Attacks Go Unreported
Fear, ignorance and forgetfulness are some of the reasons for widespread shortcomings in reporting cyber-attacks and breaches, both internally and...
ShadowSyndicate Investigation Reveals RaaS Ties
A recent collaborative investigation by Group-IB Threat Intelligence, Bridewell and threat researcher Michael Koczwara has exposed the existence of a new...
US-CERT Vulnerability Summary for the Week of September 11, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infowibu -- codemeter_runtime A heap buffer overflow vulnerability in Wibu CodeMeter Runtime...
AtlasReaper – A Command-Line Tool For Reconnaissance And Targeted Write Operations On Confluence And Jira Instances
AtlasReaper is a command-line tool developed for offensive security purposes, primarily focused on reconnaissance of Confluence and Jira. It...
KnockKnock – Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output
Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods. Additionally, it can output/create a...
HackerOne Bug Bounty Disclosure: b-existance-of-calendars-and-addressbooks-can-be-checked-by-unauthenticated-users-b-themarkib-x
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'themarkib0x0'Link to Submitters Profile:https://hackerone.com/b'themarkib0x0' Report Title:b'Existance of calendars and addressbooks can be...
HackerOne Bug Bounty Disclosure: b-nextcloud-all-in-one-path-disclosure-of-internal-frontend-b-shuvam
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'shuvam321'Link to Submitters Profile:https://hackerone.com/b'shuvam321' Report Title:b'Nextcloud All-In-One path disclosure of internal frontend'Report...
