#web

By Deeba Ahmed Third-Party Library Blamed for Wyze Camera Security Lapse. This is a post from HackRead.com Read the original post: Wyze Cameras Glitch: 13,000 Users Saw Footage from Others’ Homes

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.

Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.

By Waqas To date, the LockBit ransomware gang targeted over 2,000 victims and received more than $120 million in ransom payments. This is a post from HackRead.com Read the original post: NCA’s LockBit Takedown: Source Code, Arrests and Recovery Tool Revealed

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly

LockBit’s website, infrastructure, and data have been seized by law enforcement—striking a huge blow against one of the world’s most prolific ransomware groups.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CISA Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GitHub commits (versions) of ICSNPP - Ethercat Plugin, a plugin for Zeek, are affected: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin: versions d78dda6 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution. CVE-2023-7244 has been assign...