Tag
#web
Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.
By Waqas To date, the LockBit ransomware gang targeted over 2,000 victims and received more than $120 million in ransom payments. This is a post from HackRead.com Read the original post: NCA’s LockBit Takedown: Source Code, Arrests and Recovery Tool Revealed
Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly
LockBit’s website, infrastructure, and data have been seized by law enforcement—striking a huge blow against one of the world’s most prolific ransomware groups.
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CISA Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GitHub commits (versions) of ICSNPP - Ethercat Plugin, a plugin for Zeek, are affected: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin: versions d78dda6 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution. CVE-2023-7244 has been assign...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: Electrical discharge machines Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following electrical discharge machines are affected by this vulnerability in Microsoft Message Queuing service: Wire-cut EDM MV Series MV1200S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV2400S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV4800S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV1200R D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-c...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Commend Equipment: WS203VICM Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Commend reports that the following versions of WS203VICM video door station are affected: WS203VICM: version 1.7 and prior 3.2 Vulnerability Overview 3.2.1 ARGUMENT INJECTION CWE-88 A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. CVE-2024-22182 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). 3.2.2 IMPROPER ACCESS CONTROL CWE-284 A remote attacker ...
Malvertising made a resurgence in 2023, with cybercriminals creating malicious ads and websites imitating Amazon, TradingView, and Rufus.
A Ukrainian national that is being accused of operating the Raccoon Infostealer in a Malware-as-a-Service has been extradited to the US.
Bruce’s story unfolds in Cincinnati, Ohio. As a young boy, he had an ambitious dream of one day becoming the President of the United States. This aspiration remained his guiding star until he began his professional career after college. His mother, amused by his