APACHE STRUTS 2 Critical Vulnerability – CVE: 2023-50164

Lockbit Ransomware

Risk Rating: CRITICAL CVSS Score: 9.8 Vulnerability Type: Remote Code Execution (RCE) CVE Identifier: CVE-2023-50164 Exploitation Status: Actively exploited. Affected Version: Struts 2.0.0-2.3.37(EOL), 6.0.0-6.3.0.1, 2.0.0-2.5.32. Link: Apache.org Introduction  Recently discovered, CVE-2023-50164 reveals a critical flaw in Apache Struts that could allow hackers to execute code remotely by manipulating file upload settings. Actively exploited, this poses an […]

Urgent Advisory: Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

Date: 10/07/2023  Link: The Hacker News Introduction  We would like to bring to your attention a significant security breach that has affected Revolut’s payment systems. Malicious actors successfully exploited an unknown flaw within the system, resulting in the theft of over $20 million from the company’s funds. The incident occurred in early 2022 but has […]

Urgent Advisory: Unpatched Security Vulnerability in Ultimate Member Plugin for WordPress

Title: Unpatched Security Vulnerability in Ultimate Member Plugin for WordPress  Date: 05/07/2023  Link: The HackerNews Introduction  We would like to inform our valued clients about a critical security vulnerability affecting the popular Ultimate Member plugin for WordPress. This vulnerability poses a significant risk to your website’s security, allowing attackers to create new user accounts with […]

Attention MOVEit Users: Critical Security Alert! Apply the Patch Now to Safeguard Your File Transfers

Risk Rating: CRITICAL Affected Products: MOVEit Transfer Affected Version: 2023.0.0 (15.0), 2022.1.x (14.1), 2022.0.x (14.0), 2021.1.x (13.1), 2021.0.x (13.0), 2020.1.x (12.1) Patched Version: CVE-2023-34362, CVE-2023-35036 Proof-of-Concepts available: no Vendor: Progress Software Corporation Date: 31/05/2023, 09/06/2023 Introduction: A severe Zero-Day vulnerability was disclosed, which posed a significant risk to Progress MOVEit File Transfer software users. “Progress” […]

Vulnerability Alert: Heap Buffer Overflow in WebRTC

Risk Rating: HIGH Affected Products: Google Chrome Affected Version:Versions previous to 103.0.5060.114 Patched Version: 103.0.5060.114 Vendor: Google Date: 01/07/2022 Introduction: A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability. Technical details are limited at […]

Vulnerability Alert: CVE-2022-1388 — F5 Big-Ip

Risk Rating: CRITICAL Affected Products: F5 Big-Ip Affected Version:16.1.0-16.1.2/ 15.1.0-15.1.5 / 14.1.0-14.1.4 / 13.1.0-13.1.4 /12.1.0-12.1.6 / 11.6.1-11.6.5 Patched Version: 17.0.0 / 16.1.2.2 / 15.1.5.1 / 14.1.4.6 / 13.1.5 Proof-of-Concepts available: yes Vendor: F5 Date: 04/05/2022 Introduction: F5 Big-Ip load-balancers can be abused to obtain Remote Command Execution (RCE). These devices have an administrative interface (iControl […]

Vulnerability Alert: TLStorm 2

Risk Rating: CRITICAL Affected Products: Avaya series; Aruba Affected Version: ERS3500/ERS3600/ERS4900/ERS5900; Aruba 5400R/3810/2920/2930F/2930M/2530/2540 Patched Version: N/A Vendor: Aruba and Avaya network switches Date: 04/05/2022 Introduction: Five critical vulnerabilities were identified within the various models of Aruba and Avaya network switches. The vulnerabilities affect the implementation of the TLS stack within those devices. Insecure memory management […]

Vulnerability Alert: CVE-2022-21449 – Psychic Signatures

Risk Rating: HIGH   Affected Product: Java SE & Oracle GraalVM Enterprise Edition product of Oracle Java SE  Affected Version: Versions 15, 16, 17 & 18, Oracle GraalVM Enterprise Edition: 21.3.1 & 22.0.0.2  Patched Version: April 2022 Critical Patch Update   Vendor: Oracle   Date of Disclosure: 19.04.2022  Introduction: A vulnerability exists within the implementation of ECDSA cryptographic […]

Vulnerability Alert: CVE-2022-20773 – Default SSH Host Key

Risk Rating: HIGH Affected Product: Cisco Umbrella Virtual Appliance  Affected Version: Virtual Appliance <= 3.3.2  Patched Version: Please see Remediation(s) section for more details.  Vendor: Cisco  Date of Disclosure: 20.04.2022  Introduction: Cisco Umbrella Virtual Applications contains a vulnerability in the key based SSH authentication mechanism which could potentially allow a remote unauthenticated attacker to impersonate […]

Nestlé Operating in Russia Causes Data Breach

Nestlé Operating in Russia

Another war was launched by a popular anonymous hacktivist on companies who still choose to run in Russia and pay taxes to the Russian Government. After Nestlé decided to continue operating in Russia the anonymous hackers threatened to attack them and eventually hacked into their system, leaking 10GB worth of sensitive data. Impact On 22nd […]

Risk Crew