Month: June 2020

COVID-19 ‘Breach Bubble’ Waiting to Pop?

By mootiny

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. …

[KIS-2020-08] openSIS <= 7.4 Multiple SQL Injection Vulnerabilities

By mootiny

Posted by Egidio Romano on Jun 30—————————————————–
openSIS <= 7.4 Multiple SQL Injection Vulnerabilities
—————————————————–

[-] Software Link:

https://opensis.com/

[-] Affected Versions:

Version 7.4 and prior versions.

[-] Vulnerabilities Description:

The application is affected by multiple SQL Injection vulnerabilities,
following are some examples:

1) User input passed through the… …

[KIS-2020-07] openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability

By mootiny

Posted by Egidio Romano on Jun 30————————————————————–
openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability
————————————————————–

[-] Software Link:

https://opensis.com/

[-] Affected Versions:

Version 7.4 and prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the /Bottom.php script:

36…. …

[KIS-2020-06] openSIS <= 7.4 Incorrect Access Control Vulnerabilities

By mootiny

Posted by Egidio Romano on Jun 30——————————————————-
openSIS <= 7.4 Incorrect Access Control Vulnerabilities
——————————————————-

[-] Software Link:

https://opensis.com/

[-] Affected Versions:

Version 7.4 and prior versions.

[-] Vulnerabilities Description:

The application prevents unauthenticated access to its functionalities
by including
the 'RedirectIncludes.php',… …

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

By mootiny

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker…