Security News > 2023 > March > Police pounce on 'pompompurin' – alleged mastermind of BreachForums

Police pounce on 'pompompurin' – alleged mastermind of BreachForums
2023-03-20 06:02

Per Inky's report, the attack starts with fake DocuSign notifications branded to appear as if they came from SVB's Know Your Customer Refresh Team, and asks the victim to fill out a pair of surveys to verify their identity as an SVB account holder.

CVSS 9.8 - multiple CVEs: Honeywell OneWireless Wireless Device Manager has a trio of vulnerabilities that could allow an attacker to escalate their privileges and execute remote code.

CVSS 9.1 - CVE-2023-0811: Omron's CJ1M PLCs have a whole bunch of vulnerable components that could allow an attacker to bypass user memory protections, overwrite passwords and lock engineers from reading their own memory regions.

CVSS 9.8 - LOTS of CVEs: 65 separate CVE numbers are included in this warning that more than a dozen Siemens Scalance and a pair of Ruggedcom devices contain vulnerabilities that could let an attacker inject code and cause denial of service.

CVSS 9.1 - CVE-2023-25957: Several versions of Siemens Mendix SAML software contain an incorrectly implemented authentication algorithm that could allow an unauthenticated remote attacker to bypass authentication.

CVSS 8.8 - 2 CVEs: All versions of Siemens Ruggedcom Crossbow prior to version 5.3 are missing authorization checks that allow an attacker to launch SQL injection attacks.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/20/in_brief_security/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-0811 Improper Access Control vulnerability in Omron products
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored.
network
low complexity
omron CWE-284
critical
9.1
2023-03-14 CVE-2023-25957 Improper Authentication vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6).
network
low complexity
mendix CWE-287
7.5