Aggregator

Alleged Data Leak of Algerian Port Community System

Новая теория описывает Вселенную как вечную квантовую жидкость.

A vulnerability, which was classified as problematic, was found in Mega HOPEX. Affected is an unknown function of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-38482. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in EasyVista 2020.2.125.3/2022.1.109.0.03 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2022-38490. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in EasyVista 2020.2.125.3/2022.1.109.0.03 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2022-38492. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mega HOPEX. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-38481. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in EasyVista 2020.2.125.3. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-38489. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Zebra Enterprise Home Screen 4.1.19 and classified as critical. This vulnerability affects unknown code of the component Embedded Google Chrome Application. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-36442. The attack needs to be done within the local network. There is no exploit available.

The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of crucial sectors like railways, oil & gas, and external affairs ministries into their cyber activities. […]

The post SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

One actively exploited issue patched; five Critical-severity Office vulns exploitable via Preview Pane

Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data. Resecurity has identified a threat actor targeting government systems in Morocco with the goal of exfiltrating large volumes of sensitive data relating to citizens. The actor using the alias ‘Jabaroot’ released claims about the […]

Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority.

AttackIQ has released a new attack graph designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with CatB ransomware observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities.

The post Emulating the Misleading CatB Ransomware appeared first on AttackIQ.

The post Emulating the Misleading CatB Ransomware appeared first on Security Boulevard.

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow—a legitimate authentication mechanism—to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence researchers, alongside […]

The post Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.