PostBus, a subsidiary of ÖBB-Personenverkehrs AG, has fixed a serious data exposure vulnerability in one of its online Swiss public transport platforms. ZTF cybersecurity researchers Sven Faßbender, Martin Tschirsich, and Dr André Zilch conducted a penetration test on the Ticketcontrol.ch platform and found that it was vulnerable to attack.
Uncategorized
Billing Software App: SQL Injection Flaw
Cybercriminals are exploiting a vulnerability in BillQuick, the popular billing software. They are making it so that ransomware is spread. Security researchers at Huntress warn about this. BQE Software’s BillQuick Web Suite versions earlier than 22.0.9.1 has an SQL injection that gives rise to a more serious remote code execution (RCE) risk. The CVE-2021-42258 vulnerability … Read more
Three Malicious Packages after More than 10,000 Downloads Are Removed by PyPI Admins
The Python Package Index (PyPI) has removed thousands of packages that are dangerous. These packages tricked people by using the name of other packages, but they were really malware-deploying and data-stealing. Two packages in this group of three malicious packages included their source code URL as an existing popular library. This made it look like … Read more