Security
Headlines
HeadlinesLatestCVEs

Tag

#web

ELLIO and ntop Partnership Enhances Real-Time Network Traffic Monitoring

By Cyber Newswire ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic scans, botnets, and… This is a post from HackRead.com Read the original post: ELLIO and ntop Partnership Enhances Real-Time Network Traffic Monitoring

HackRead
#vulnerability#web#intel#botnet#zero_day
BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters,

Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale at $500K

By Waqas ShinyHunters hacking group has claimed to have breached Ticketmaster, stealing the personal data of 560 million users. The… This is a post from HackRead.com Read the original post: Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale at $500K

Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale at $500K

By Waqas ShinyHunters hacking group has claimed to have breached Ticketmaster, stealing the personal data of 560 million users. The… This is a post from HackRead.com Read the original post: Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale at $500K

GHSA-927p-xrc2-x2gj: ansibleguy-webui Cross-site Scripting vulnerability

### Impact Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. ### Patches We recommend to upgrade to version >= [0.0.21](https://github.com/ansibleguy/webui/releases/tag/0.0.21) ### References * [Report](https://github.com/ansibleguy/webui/files/15358522/Report.pdf) * [GitHub Issue 44](https://github.com/ansibleguy/webui/issues/44)

GHSA-pmrx-695r-4349: dbt allows Binding to an Unrestricted IP Address via socketsocket

### Summary Binding to `INADDR_ANY (0.0.0.0)` or `IN6ADDR_ANY (::)` exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to `INADDR_ANY` by passing `""` as the address. This effectively binds to any network interface on the local system, not just localhost (127.0.0.1). ### Details As stated in the Python docs, a special form for address is accepted instead of a host address: `''` represents `INADDR_ANY`, equivalent to `"0.0.0.0"`. On systems with IPv6, '' represents `IN6ADDR_ANY`, which is equivalent to `"::"`. https://github.com/dbt-labs/dbt-core/blob/main/core/dbt/task/docs/serve.py#L23C38-L23C39 The text around this code also imply the intention is to host docs only on localhost. ### PoC To recreate, run the docs ServeTask.run() to stand up the HTTP server. Then run `netstat` to see what addresses this process is bound. ### Impact A ...

GHSA-rpj9-xjwm-wr6w: Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality

### Impact Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality ### Patches 12.1.4, 10.0.5 ### References https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023

GHSA-vpr3-cw3h-prw8: SimpleSAMLphp Reflected Cross-site Scripting vulnerability

### Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an HTTP redirection or by automatically posting a form to them. ### Description When sending a SAML message to another entity, SimpleSAMLphp will use the URL of the appropriate endpoint to redirect the user’s browser to it, or craft a form that will be automatically posted to it, depending on the SAML binding used. The URL that’s target of the message is fetched from the stored metadata for the given entity, and that metadata is trusted as correct. However, if that metadata has been altered by a malicious party (either an attacker or a rogue administrator) to substitute the URLs of the endpoints with javascript code, SimpleSAMLphp was blindly using them without any validation, trusting the...

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

Stalkerware app pcTattleWare had its websites defaced and databases leaked after researchers found several security flaws.