Tag
On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed "Operation Cookie Monster," resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI's warrant here for details specific to this case. In light of these events, I'd like to discuss how OSINT
Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue. "By abusing the flaw and enabling
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
By Waqas According to Fortinet Labs, third parties have already purchased top-level domains (TLD) such as Joomla.zip and MSNBC.zip, which could potentially be a breach of the Anticybersquatting Consumer Protection Act (ACPA). This is a post from HackRead.com Read the original post: FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks
By Owais Sultan Email is a key, highly effective communication concept used by a variety of business environments around the world.… This is a post from HackRead.com Read the original post: Five key ways to effectively manage email signatures
By Habiba Rashid The news was initially reported by The Standard and German news magazine Der Spiegel, who claim the data leak is authentic. This is a post from HackRead.com Read the original post: VirusTotal Data Leak Exposes User Info, Including Intel Agencies’ Data
CCOM Events CMS version 0.1.02 suffers from a remote SQL injection vulnerability.
Catpops Technobiz CMS version 4.0 suffers from a cross site scripting vulnerability.
Carbiz Buy Sell Car Marketplace Script version 1.2.0 appears to leave default credentials installed after installation.
Capitol Matrimonial Banquet Centre version 1.5 suffers from a remote SQL injection vulnerability.