CyberSecurityBoard
Sponsor Register Login

Critical Software Vulnerabilities Impacting Credit Unions Discovered by LMG Security Researcher

PRESS RELEASE. MISSOULA, Mont., Feb. 13, 2024 /PRNewswire/ - LMG Security, an internationally recognized cybersecurity consulting firm, has discovered three new critical software vulnerabilities that pose a significant threat to hundreds of organizations in the United States.
Emily Gosney, a cybersecurity consultant at LMG Security, discovered these vulnerabilities in a web application that is primarily used by credit unions to manage content.
These vulnerabilities pose a significant threat to hundreds of organizations across the United States.
CVE-2023-48985: A reflected cross-site scripting vulnerability in the CMS admin portal login page 'login.
Php' could enable an unauthenticated malicious actor to intercept login credentials for the CMS admin portal.
CVE-2023-48986: A reflected cross-site scripting vulnerability in 'users.
Php' within the CMS admin portal could enable a lower privileged malicious actor to elevate privileges or trick a user of a higher privilege level to perform unintended actions within the admin portal.
CVE-2023-48987: A blind SQL injection vulnerability in 'pages.
For the name of the company and full details on the company and software impacted, please visit: https://www.
Gosney recommends that organizations stay vigilant about supplier security standards for their current and prospective suppliers.
She also recommends organizations conduct penetration testing that includes web application and cloud environments at least annually so experts can identify your security gaps before an attacker uses them to breach your environment.
LMG Security's discovery and disclosure of these vulnerabilities reaffirm our commitment to cybersecurity and building a safer, more secure web.
LMG Security responsibly disclosed all three vulnerabilities to the software provider, and the software provider may have addressed these vulnerabilities in its application v7.75.
LMG Security is an internationally recognized leader in cybersecurity consulting, specializing in penetration testing, advisory and compliance services, cybersecurity solutions, and training.
Over the past 15 years, the LMG Security team has been featured on the Today show and team members have been quoted in the New York Times, Wall Street Journal, and many other publications.
The team has published cutting-edge research, written books on ransomware and cyber extortion, network forensics, and data breaches, and routinely speak at Black Hat, RSA and many other security conferences.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 15 Feb 2024 21:40:11 +0000


Cyber News related to Critical Software Vulnerabilities Impacting Credit Unions Discovered by LMG Security Researcher

Critical Software Vulnerabilities Impacting Credit Unions Discovered by LMG Security Researcher - PRESS RELEASE. MISSOULA, Mont., Feb. 13, 2024 /PRNewswire/ - LMG Security, an internationally recognized cybersecurity consulting firm, has discovered three new critical software vulnerabilities that pose a significant threat to hundreds of ...
1 year ago Darkreading.com CVE-2023-48985 CVE-2023-48986 CVE-2023-48987
Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend - One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday. Patelco Credit Union - one of the nation's oldest credit unions with more than $9 billion in assets - ...
1 year ago Therecord.media
60 US credit unions offline after cloud ransomware infection The Register - A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. This is according to the National Credit Union Administration, which on Friday told The ...
2 years ago Go.theregister.com
Credit union operations restored after tech supplier ransomware attack - The federal agency that oversees credit unions said operations at about 60 of the organizations have been restored following a ransomware attack last month. Ongoing Operations, a cloud services provider owned by credit union technology firm ...
2 years ago Therecord.media Lorenz
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
6 months ago Cybersecuritynews.com
60 US credit unions offline after cloud ransomware infection The Register - A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. This is according to the National Credit Union Administration, which on Friday told The ...
2 years ago Theregister.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
9 months ago Cybersecuritynews.com
Halting Hackers on the Holidays 2023 - As we saw with major holidays including Black Friday and Cyber Monday and now right around the corner and a massive increase in shopping online for the Christmas season, we count the breaches and total personally identifiable information records lost ...
2 years ago Cyberdefensemagazine.com
Preventing Credit Card Fraud with PoS Malware: How Prilex Blocks Contactless Payments - New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC ...
2 years ago Bleepingcomputer.com
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
2 years ago Cybersecurity-insiders.com
McCaffrey Joins 'ASTORS' Champion SIMS Software Board of Advisors - SIMS Software, the leading provider of security information management software to the government and defense industries - and the 2023 Platinum 'ASTORS' Award Champion for Best Security Workforce Management Solution, is delighted to announce that ...
1 year ago Americansecuritytoday.com PLATINUM
Mastering SDLC Security: Best Practices, DevSecOps, and Threat Modeling - In the ever-evolving landscape of software development, it's become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle. Each of these have illuminated different vulnerabilities that can be exploited ...
2 years ago Securityboulevard.com
Patelco Credit Union data breach impacted over 1 million people - The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company. Patelco Credit Union now provides an update on the incident and discloses that the data breach impacted ...
1 year ago Securityaffairs.com Ransomhub
Navy Federal Credit Union Data Breach Exposes Backup Files on Credit Union Serving Military Members - Navy Federal Credit Union, a major financial institution serving military members, recently suffered a data breach exposing backup files. This incident highlights the ongoing risks financial organizations face from cyber threats. The breach involved ...
4 months ago Bitdefender.com
What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
2 years ago Pandasecurity.com
CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. - Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp - used by double digit number of other credit unions across the United States. A ransomware group gained entry to Trellance via Ongoing ...
2 years ago Doublepulsar.com
Enhancing your DevSecOps with Wazuh, the open source XDR platform - As DevSecOps practices continue to evolve, Wazuh offers a flexible, open source platform that integrates security throughout the development and operations lifecycle. Implementing automated security scans for your software environment ensures ...
9 months ago Bleepingcomputer.com
Microsoft Mitigates Three Vulnerabilities in Azure HDInsight - Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. The Microsoft Security Response Center continually works with security researchers who discover ...
2 years ago Msrc.microsoft.com
9 tips to protect your family against identity theft and credit and bank fraud - With access to your personal information, bad actors can drain your bank account and damage your credit-or worse. By taking the right steps, you and your loved ones can enjoy the peace of mind that comes from identity protection. Check out the nine ...
1 year ago Webroot.com
How a Regional Credit Union Reinvented Email Security with Votiro Cloud - Located in the southeast U.S., this regional Credit Union boasts over a million members across 100+ branches and handles over $10 billion in assets. They provide a comprehensive range of financial services from basic banking to insurance. If you'd ...
2 years ago Securityboulevard.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
The Crucial Need for a Secure Software Development Lifecycle in Today's Digital Landscape - In today's increasingly digital world, software is the backbone of business operations, from customer-facing applications to internal processes. The rapid growth of software development has also made organizations more vulnerable to security threats. ...
2 years ago Cyberdefensemagazine.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
9 months ago Cybersecuritynews.com
Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking - A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. Cyber offensive researcher Rustam Amin ...
2 years ago Securityweek.com CVE-2023-0452
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 year ago Helpnetsecurity.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)