US-CERT Vulnerability Summary for the Week of November 25, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some...
[RANSOMHUB] – Ransomware Victim: KHKKLOW[.]com
Ransomware Group: RANSOMHUB VICTIM NAME: KHKKLOWcom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
HackerOne Bug Bounty Disclosure: open-redirected-by-host-header-black-world
Company Name: Localize Company HackerOne URL: https://hackerone.com/localizejs Submitted By:black_worldLink to Submitters Profile:https://hackerone.com/black_world Report Title:open redirected by host headerReport Link:https://hackerone.com/reports/2828499Date Submitted:02...
HackerOne Bug Bounty Disclosure: buffer-overflow-vulnerability-in-strcpy-leading-to-remote-code-execution-tix
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:tix01Link to Submitters Profile:https://hackerone.com/tix01 Report Title:Buffer Overflow Vulnerability in strcpy() Leading to...
[FOG] – Ransomware Victim: Conlin’s Pharmacy (conlinspharmacy[.]com)
Ransomware Group: FOG VICTIM NAME: Conlin's Pharmacy (conlinspharmacycom) NOTE: No files or stolen information are by RedPacket Security. Any legal...
[LYNX] – Ransomware Victim: Mmaynewagemicro
Ransomware Group: LYNX VICTIM NAME: Mmaynewagemicro NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CVE Alert: CVE-2024-53748
Vulnerability Summary: CVE-2024-53748 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP Mermaid allows...
[MEDUSA] – Ransomware Victim: Down East Granite
Ransomware Group: MEDUSA VICTIM NAME: Down East Granite NOTE: No files or stolen information are by RedPacket Security. Any legal...
[MEDUSA] – Ransomware Victim: Avico Spice
Ransomware Group: MEDUSA VICTIM NAME: Avico Spice NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
[MEDUSA] – Ransomware Victim: Wiley Metal Fabricating
Ransomware Group: MEDUSA VICTIM NAME: Wiley Metal Fabricating NOTE: No files or stolen information are by RedPacket Security. Any legal...
CVE Alert: CVE-2024-53743
Vulnerability Summary: CVE-2024-53743 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Countdown Timer for Elementor...
CVE Alert: CVE-2024-53745
Vulnerability Summary: CVE-2024-53745 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유...
CVE Alert: CVE-2024-53746
Vulnerability Summary: CVE-2024-53746 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Elementor Button Plus allows...
CVE Alert: CVE-2024-53747
Vulnerability Summary: CVE-2024-53747 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NuttTaro Video Player for WPBakery...
CVE Alert: CVE-2024-53744
Vulnerability Summary: CVE-2024-53744 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Skybootstrap Elementor Image Gallery Plugin...
CVE Alert: CVE-2024-53749
Vulnerability Summary: CVE-2024-53749 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider...
CVE Alert: CVE-2024-53742
Vulnerability Summary: CVE-2024-53742 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism I.T. Systems Multilevel Referral...
CVE Alert: CVE-2024-53752
Vulnerability Summary: CVE-2024-53752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation allows...
CVE Alert: CVE-2024-12007
Vulnerability Summary: CVE-2024-12007 A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown...
CVE Alert: CVE-2024-53750
Vulnerability Summary: CVE-2024-53750 Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder:...
Decoding the Power of Cryptographic Protocols for Secure Communication
As our digital world grows more complex, the need for secure communication becomes paramount. Cryptographic protocols serve as the backbone...
[RAWORLD] – Ransomware Victim: NT****st
Ransomware Group: RAWORLD VICTIM NAME: NT****st NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments
Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments CISA has received multiple reports of a large-scale spearphishing campaign...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
