New Marvin attack revives 25-year-old decryption flaw in RSA
A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been...
Amazon sends Mastercard, Google Play gift card order emails by mistake
10/1/23 update adds Amazon statement below. Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift...
US-CERT Vulnerability Summary for the Week of September 18, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- cyber_protect_home_officeSensitive information disclosure due to insecure folder permissions. The following...
Mellon – OSDP Attack Tool
OSDP attack tool (and the Elvish word for friend) Attack #1: Encryption is Optional OSDP supports, but doesn't strictly require,...
LockBit 3.0 Ransomware Victim: palaciodosleiloes[.]com[.]br
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: solveindustrial[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: cdwg[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: palaciodosleiloes[.]com[.]br
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: solveindustrial[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: cdwg[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Discourse Encrypt cross-site scripting | CVE-2023-43657
NAME__________Discourse Encrypt cross-site scriptingPlatforms Affected:Discourse EncryptRisk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Discourse Encrypt is vulnerable to cross-site scripting, caused by improper validation of...
OpenFGA denial of service | CVE-2023-43645
NAME__________OpenFGA denial of servicePlatforms Affected:OpenFGA OpenFGA 1.3.1Risk Level:5.9Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________OpenFGA is vulnerable to a denial of service, caused by...
Chai.js Assertion Library get-func-name denial of service | CVE-2023-43646
NAME__________Chai.js Assertion Library get-func-name denial of servicePlatforms Affected:Chai.js Assertion Library get-func-name 2.0.0Risk Level:7.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________Chai.js Assertion Library...
Matrix Hookshot security bypass | CVE-2023-43656
NAME__________Matrix Hookshot security bypassPlatforms Affected:matrix.org Hookshot 4.4.1Risk Level:5.6Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Matrix Hookshot could allow a local attacker to bypass security restrictions,...
Warptech Warpgate security bypass | CVE-2023-43660
NAME__________Warptech Warpgate security bypassPlatforms Affected:Warptech Industries Warpgate 0.8.0Risk Level:6.2Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Warptech Warpgate could allow a remote authenticated attacker to bypass...
Weekly Cyber Security Tip: Harnessing The Power of Firewall Technology
In today's interconnected world, where data is the new oil, cyber security acts as a safeguard protecting this valuable resource....
Cloudflare DDoS protections ironically bypassed using Cloudflare
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security...
MOVEit Developer Patches Critical File Transfer Bugs
Progress Software has urged customers to patch a critical new vulnerability in one of its flagship file transfer software products,...
Microsoft Breach Exposed 60,000 State Department Emails
A sophisticated Chinese cyber-espionage campaign targeting Microsoft Outlook accounts gave Beijing access to tens of thousands of private US government...
Russian Company Offers $20m For Non-NATO Mobile Exploits
The Russian firm Operation Zero has announced a staggering $20m reward for hacking tools capable of compromising iPhones and Android...
Privacy Regulator Orders End to Spreadsheet FOI Responses
The UK’s information commissioner has called for an immediate end to the use of excel spreadsheets to publish Freedom of Information...
Phishing, Smishing Surge Targets US Postal Service
Recent weeks have witnessed a significant increase in cyber-attacks targeting the US Postal Service (USPS), mainly through phishing and smishing...
Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads
Microsoft’s Bing Chat has come under scrutiny due to a significant security concern – the infiltration of malicious ads.Malwarebytes researchers...
US-CERT Vulnerability Summary for the Week of September 18, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- cyber_protect_home_officeSensitive information disclosure due to insecure folder permissions. The following...
