CyberSecurityBoard
Sponsor Register Login

Dragonfly

Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16. Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.

This Cyber News was published on attack.mitre.org. Publication date: Thu, 07 Dec 2023 22:12:07 +0000


Cyber News related to Dragonfly

CVE-2022-41967 - Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly ...
2 years ago Dragonfly
Dragonfly - Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16. Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to ...
1 year ago Attack.mitre.org Dragonfly
CVE-2013-5671 - lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/77.html ...
10 years ago Dragonfly
CVE-2005-2220 - ** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) ...
8 years ago Dragonfly
CVE-2006-0644 - Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in ...
6 years ago Dragonfly
Chinese espionage tools deployed in RA World ransomware attack - A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. Researchers from Symantec’s ...
2 months ago Bleepingcomputer.com CVE-2024-0012 Dragonfly
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware - "The attacker then said administrative credentials were obtained from the company's intranet before stealing Amazon S3 cloud credentials from its Veeam server, using them to steal data from its S3 buckets before encrypting computers," ...
2 months ago Darkreading.com Dragonfly
CVE-2011-4685 - Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com. ...
13 years ago Dragonfly
CVE-2005-2221 - ** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) ...
8 years ago Dragonfly
CVE-2005-4351 - The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while ...
7 years ago Dragonfly
CVE-2006-0726 - Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users. ...
7 years ago Dragonfly
CVE-2013-1756 - The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. ...
6 years ago Dragonfly
CVE-2006-4162 - Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field. ...
6 years ago Dragonfly
CVE-2021-33564 - An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs ...
3 years ago Dragonfly
CVE-2021-33473 - An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. ...
2 years ago Dragonfly
dragonfly - ...
1 year ago
ALLANITE - ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to Dragonfly, although ALLANITEs ...
1 year ago Attack.mitre.org ALLANITE Dragonfly
CVE-2006-1033 - Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account ...
7 years ago Dragonfly
Harpie Launches Proactive Mechanism to Stop Crypto Theft - Last year, hackers, mainly from North Korea, stole a whopping $3.8 billion in cryptocurrency, making it the worst year ever for crypto theft, according to experts at Chainalysis, a company that tracks cybercrime. A secret United Nations report also ...
1 year ago Cysecurity.news Dragonfly
CVE-2005-0914 - Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter. ...
16 years ago Dragonfly
CVE-2006-0727 - SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL ...
14 years ago Dragonfly
New NailaoLocker ransomware used against EU healthcare orgs - Orange has shared several hypotheses for the attacks, including false flag operations meant to distract, strategic data theft operations doubled with revenue generation, and, more likely, a Chinese cyberespionage group "moonlighting" on the side to ...
1 month ago Bleepingcomputer.com CVE-2024-24919 Dragonfly

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)