US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
HackerOne Bug Bounty Disclosure: b-hackerone-support-system-doesn-t-require-any-authentication-may-lead-unauthorized-action-b-rafsanzami
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'rafsanzami'Link to Submitters Profile:https://hackerone.com/b'rafsanzami' Report Title:b"HackerOne Support System Doesn't Require Any Authentication...
HackerOne Bug Bounty Disclosure: b-wiiu-switch-remote-code-execution-inside-the-enl-library-b-crazy-man
Company Name: b'Nintendo' Company HackerOne URL: https://hackerone.com/nintendo Submitted By:b'crazy_man123'Link to Submitters Profile:https://hackerone.com/b'crazy_man123' Report Title:b' Remote code execution inside the ENL...
HackerOne Bug Bounty Disclosure: b-idor-in-channel-id-leads-to-customer-email-disclosure-on-https-video-ibm-com-b-tusnj
Company Name: b'IBM' Company HackerOne URL: https://hackerone.com/ibm Submitted By:b'tusnj'Link to Submitters Profile:https://hackerone.com/b'tusnj' Report Title:b'IDOR in channel ID leads to customer...
HackerOne Bug Bounty Disclosure: b-create-miscellaneous-support-ticket-on-anyone-s-account-through-support-hackerone-com-email-b-sayaanalam
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'sayaanalam'Link to Submitters Profile:https://hackerone.com/b'sayaanalam' Report Title:b"Create miscellaneous support ticket on anyone's account...
HackerOne Bug Bounty Disclosure: b-nginx-alias-traversal-babel-bluetab-net-b-dk-trin
Company Name: b'IBM' Company HackerOne URL: https://hackerone.com/ibm Submitted By:b'dk4trin'Link to Submitters Profile:https://hackerone.com/b'dk4trin' Report Title:b'Nginx Alias Traversal - babel.bluetab.net'Report Link:https://hackerone.com/reports/2061826Date Submitted:11...
HackerOne Bug Bounty Disclosure: b-rxss-at-image-hackerone-live-via-the-url-parameter-b-todayisnew
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'todayisnew'Link to Submitters Profile:https://hackerone.com/b'todayisnew' Report Title:b'RXSS at image.hackerone.live via the `url` parameter'Report...
HackerOne Bug Bounty Disclosure: b-hackerone-all-private-program-name-leaked-to-public-via-collaborator-or-attacker-can-easily-dump-all-private-program-names-through-collaborator-b-hackit-bharat
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'hackit_bharat'Link to Submitters Profile:https://hackerone.com/b'hackit_bharat' Report Title:b'Hackerone All Private Program Name Leaked to...
HackerOne Bug Bounty Disclosure: b-dns-rebinding-in-inspect-again-via-invalid-ip-addresses-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'DNS rebinding in --inspect (again) via invalid...
HackerOne Bug Bounty Disclosure: b-policy-restricted-modules-can-escalate-to-higher-privileges-by-impersonating-other-modules-in-a-policy-list-using-module-constructor-createrequire-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'Policy-restricted modules can escalate to higher privileges...
HackerOne Bug Bounty Disclosure: b-node-reads-openssl-cnf-from-home-iojs-build-upon-startup-b-msvrmiscovet
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'msvrmiscovet'Link to Submitters Profile:https://hackerone.com/b'msvrmiscovet' Report Title:b'Node 18 reads openssl.cnf from /home/iojs/build/... upon...
HackerOne Bug Bounty Disclosure: b-fs-mkdtemp-and-fs-mkdtempsync-are-missing-getvalidatedpath-checks-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks.'Report...
HackerOne Bug Bounty Disclosure: b-permission-model-bypass-by-specifying-a-path-traversal-sequence-in-a-buffer-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'Permission model bypass by specifying a path...
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome...
Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks...
New SystemBC Malware Variant Targets Southern African Power Company
An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with...
Researchers Shed Light on APT31’s Advanced Backdoors and Data Exfiltration Tactics
The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a...
Akira Ransomware Victim: Optimum Technology
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: The Belt Railway Com pany of Chicago
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Boson
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Rite Technology
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: zain[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Play Ransomware Victim: Top Light
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Play Ransomware Victim: EAI
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
