US-CERT Bulletin (SB22-122):Vulnerability Summary for the Week of April 25, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
HackerOne Bug Bounty Disclosure: blind-xss-via-feedback-form-byb3hlull
Programme HackerOne Judge.me Judge.me Submitted by b3hlull b3hlull Report Blind XSS via Feedback form. Full Report
HackerOne Bug Bounty Disclosure: self-dos-due-to-template-injection-via-email-field-in-password-reset-form-on-access-acronis-combysudo_bash
Programme HackerOne Acronis Acronis Submitted by sudo_bash sudo_bash Report Self-DoS due to template injection via email field in password reset...
BugCrowd Bug Bounty Disclosure: P4 – No Rate Limiting on resend email option when signing up for an account – By CyberKey
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P3 – XSS reflected – https://www.indeed.com/hire/employer-confirmation [co, hl] – By CGuillaume
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
State-backed hacking group from China is targeting the Russian military
In an unexpected turn of events, research has surfaced about a Chinese APT (advanced persistent threat) group targeting the Russian...
A DNS flaw impacts a library used by millions of IoT devices
A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of...
Craft fair vendors targeted by fake event scammers on Facebook
A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It...
US healthcare billing services group hacked, affecting at least half a million individuals
According to the US Department of Health and Human Services, Adaptive Health Integrations (AHI), a healthcare software and billing services...
Airdrop phishing: what is it, and how is my cryptocurrency at risk?
Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures...
Over 50 countries sign the “Declaration for the Future of the Internet”
Governments of the US, EU member states, and 32 other countries have announced the launch of the “Declaration for the...
FirmWire -b Full-System Baseband Firmware Emulation Platform For Fuzzing, Debugging, And Root-Cause Analysis Of Smartphone Baseband Firmwares
FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and FirmWire...
China-linked Moshen Dragon abuses security software to sideload malware
A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A...
BugCrowd Bug Bounty Disclosure: P3 – XSS reflected – https://www.indeed.com/hire/employer-confirmation [co, hl] – By CGuillaume
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
Cobalt Stike Beacon Detected – 154[.]39[.]150[.]156:8888
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 101[.]200[.]233[.]32:9997
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 20[.]110[.]209[.]33:88
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 167[.]71[.]254[.]209:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 101[.]32[.]201[.]44:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Linux Kernel security update-CVE-2021-22600
NAME Linux Kernel Organization - Linux Kernel Platforms Affected:Linux KernelRisk Level:mediumCVE Type:Double free DESCRIPTION CVE-2021-22600 is a double free vulnerability...
Delta Electronics DIAEnergie SQL injection | CVE-2022-1367
NAME Delta Electronics DIAEnergie SQL injection Platforms Affected:Delta Electronics DIAEnergie 1.8.02Risk Level:9.8Exploitability:HighConsequences:Data Manipulation DESCRIPTION Delta Electronics DIAEnergie is vulnerable to...
Hermit plugin for WordPress SQL injection | CVE-2022-29411
NAME Hermit plugin for WordPress SQL injection Platforms Affected:WordPress Hermit plugin for WordPress 3.1.6 WordPress Hermit plugin for WordPress 3.1.5Risk...
Delta Electronics DIAEnergie SQL injection | CVE-2022-1375
NAME Delta Electronics DIAEnergie SQL injection Platforms Affected:Delta Electronics DIAEnergie 1.8.02Risk Level:9.8Exploitability:HighConsequences:Data Manipulation DESCRIPTION Delta Electronics DIAEnergie is vulnerable to...
Expat (aka libexpat) integer overflow | CVE-2022-25315
NAME Expat (aka libexpat) integer overflow Platforms Affected:libexpat libexpat 2.4.4Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Expat (aka libexpat) could allow a remote...
