Risolte vulnerabilità in Google Chrome
(AL01/240522/CSIRT-ITA)
Google ha rilasciato un aggiornamento per il browser Chrome al fine di correggere 6 vulnerabilità di sicurezza, di cui 4 con gravità “alta”.

by CSIRT - https://r.zerozone.it/post/K0bvGyw8aGxqgmsVs

WordPress-XStore-Core-Plugin-SQL-Injection(CVE-2024-33551)
WordPress-XStore-Core-Plugin-SQL-Injection(CVE-2024-33551)

by SeeBug - https://r.zerozone.it/post/eVYFs1vVZgv94jeGg

Un grande classico da tenere sempre a mente

Risolte vulnerabilità in prodotti Ivanti
(AL03/240522/CSIRT-ITA)
Ivanti rilascia aggiornamenti di sicurezza che risolvono 16 vulnerabilità, di cui 6 con gravità “critica”, nei prodotti Avalanche, Neurons for ITSM, Connect Secure, Secure Access Client ed Endpoint Manager.

by CSIRT - https://r.zerozone.it/post/jHJywZJXFk1Bx2azj

Risolte vulnerabilità in prodotti VMware
(AL02/240522/CSIRT-ITA)
VMware ha rilasciato aggiornamenti di sicurezza per sanare 3 vulnerabilità, di cui 2 con gravità “alta”, nei prodotti VMware ESXi, Workstation, Fusion e vCenter Server.

by CSIRT - https://r.zerozone.it/post/T4xyKnzjG1GrxhU5F

Zabbix 后台延时注入(CVE-2024-22120)
Zabbix 后台延时注入(CVE-2024-22120)

by SeeBug - https://r.zerozone.it/post/rV7wxqBsuQKRM46tQ

Vulnerabilità in Veeam Backup Enterprise Manager
(AL04/230522/CSIRT-ITA)
Veeam ha reso noto, tramite un bollettino di sicurezza, la presenza di 4 vulnerabilità, di cui una con gravità “critica”, nel prodotto Backup Enterprise Manager che potrebbe permettere ad un utente remoto la possibilità di ottenere privilegi elevati sui sistemi target.

by CSIRT - https://r.zerozone.it/post/36RsmJ2g2puX1mA0B

PoC pubblico per lo sfruttamento della CVE-2024-4323
(AL05/240522/CSIRT-ITA)
Disponibile un Proof of Concept (PoC) per la CVE-2024-4323 – già sanata dal vendor – presente in Fluent Bit, processore e forwarder di log.

by CSIRT - https://r.zerozone.it/post/EPBrTgR6VGKK0XW8T

🏴‍☠️ Play has just published a new victim : Ryder Scott Co.
United States

by Ransomware live - https://r.zerozone.it/post/9gH84Xe0H83k03rh4

🏴‍☠️ 8base has just published a new victim : ALO diamonds
ALO diamonds, a Czech jewelry company since 1995, produces dazzling jewelry with diamonds and colorful gems of various collections and styles in one of the largest creative studios in central Europe. In the collections of ALO diamonds you can find engagement, wedding rings, chains, earrings and children's earrings, pendants, necklaces, [...]

by Ransomware live - https://r.zerozone.it/post/VrTWXRFBZTJV9CmXR

🏴‍☠️ Hunters has just published a new victim : Jess-link Products
Country : Taiwan - Exfiltraded data : yes - Encrypted data : yes

by Ransomware live - https://r.zerozone.it/post/eP995e4u9Pn06masG

🏴‍☠️ Blackbasta has just published a new victim : levian.com
Le Vian is a family-owned jewelry company with a long history, dating from the 15th century. As purveyors of fine jewelry, Le Vian had gained such a reputation that in 1746, Nadir Shah, one Persia’s most powerful rulers, chose them to safeguard the collection of jewels he had amassed — [...]

by Ransomware live - https://r.zerozone.it/post/YJ60Dkz6yUEv972BY

🏴‍☠️ Akira has just published a new victim : Newman Ferrara
Newman Ferrara maintains a multifaceted practice based in New Yor k City with attorneys specializing in complex commercial and mult i-party litigation, securities fraud and shareholder litigation, consumer protection, civil rights, and real estate. More than 45G B of data will be publicly available soon. Court processes, heari ngs [...]

by Ransomware live - https://r.zerozone.it/post/SwuCS2qz4xS015geY

🏴‍☠️ Medusa has just published a new victim : Aztec Services Group
Aztec Services Group, Inc - the scope of the company is environmental remediation and demolition services. Aztec Services Group, Inc corporate office is located in 3814 William P Dooley Bypass, Cincinnati, OH 45223, USA. The total amount of data leakage is 398.38 GB

by Ransomware live - https://r.zerozone.it/post/q6gdB48wvYK28ekQq

🏴‍☠️ Incransom has just published a new victim : Richland City Hall
The Richland Library continues to offer temporary digital library cards and will soon provide enhanced access to Ancestry.com. There are also future plans for drive-up or curbside capabilities.

by Ransomware live - https://r.zerozone.it/post/GyEb8ZWWEdGRA9ryY

🏴‍☠️ Rhysida has just published a new victim : ICC
ICC ICC is a structured cabling solutions manufacturer of copper & fiber optic connectivity products for commercial & residential applications More

by Ransomware live - https://r.zerozone.it/post/xXGEubEQeBBMJDpn7

🏴‍☠️ Qilin has just published a new victim : Golden Acre
Golden Acre Garden Sentre. Calgary's garden centre since 1967 and still growing strong. With hundreds of thousands of square feet in retail space.Golden Acre carries a wide variety of Annuals, Perennials, Trees and Shrubs, Houseplants, Garden ...

by Ransomware live - https://r.zerozone.it/post/U4vtynekRng3vDs00

Sonatype Nexus Repository 3路径遍历漏洞（CVE-2024-4956）
Sonatype Nexus Repository 3路径遍历漏洞（CVE-2024-4956）

by SeeBug - https://r.zerozone.it/post/w66aCYV1P32nA3Hab

🏴‍☠️ Cactus has just published a new victim : schuettemetals.com
Download link #1:  https://***************.onion/SMI/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/SMI/PROOF/DATA DESCRIPTIONS: Financial documents, supplier agreements, contracts, NDAs, Personal identifying information, Engineering data, employee personal files, database exports, etc. 

by Ransomware live - https://r.zerozone.it/post/XU6nbGvAf6374JV0r

🏴‍☠️ Blacksuit has just published a new victim : catiglass.com $100.000


by Ransomware live - https://r.zerozone.it/post/d8eX7qgNQ89KhDnQP

🏴‍☠️ Lockbit3 has just published a new victim : londondrugs.com
London Drugs offers weekly flyer deals, Earth Month essentials, savings events and in-store events for various products. Shop online or in-store for pharmaceuticals, cosmetics, electronics, cameras, housewares and more. With endless revenue, greed...

by Ransomware live - https://r.zerozone.it/post/Dt0Wnu3wDvpsbHJ1K