Aggregator

North Korea's Andariel Pivots to 'Play' Ransomware Games

darkreading
1 year 5 months ago
The prominent state-sponsored advanced persistent threat (APT), aka Jumpy Pisces, appears to be moving away from its primary cyber-espionage motives and toward wreaking widespread disruption and damage.
Elizabeth Montalbano, Contributing Writer

CVE-2024-10597 | ESAFENET CDG 5 PolicyActionService.java delPolicyAction id sql injection

VulDB Recent Entries
1 year 5 months ago
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10597. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-10596 | ESAFENET CDG 5 EncryptPolicyTypeService.java delEntryptPolicySort id sql injection

VulDB Recent Entries
1 year 5 months ago
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-10596. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-10595 | ESAFENET CDG 5 PublicDocInfoAjax.java delFile/delDifferCourseList sql injection

VulDB Recent Entries
1 year 5 months ago
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-10595. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-10594 | ESAFENET CDG 5 FileDirectoryService.java docHistory fileId sql injection

VulDB Recent Entries
1 year 5 months ago
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. This vulnerability is traded as CVE-2024-10594. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs
1 year 5 months ago
Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank, formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen […]
Pierluigi Paganini

Managed ad