ABB Ability™ SCADAvantage Security Vulnerabilities

ROS-20240402-12

A vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to update any personal or global external storage, making it inaccessible to everyone else. Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass existing...

2024 State of Malware in Education report: Top 6 cyberthreats facing K-12 and Higher Ed

Educational institutions may face a range of cyberthreats in 2024, but our 2024 State of Malware in Education report identifies the six most critical ones. Ransomware, for example, stands out as a key threat for schools and universities. The report covers how last year, we witnessed a 92% increase....

Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page

Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...

Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page

Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...

Hive Pro Announces Launch of Alliance Partner Program in North America for MSPs and VARs

Herndon, VA – 01 April 2024 – Hive Pro, a pioneer vendor in Threat Exposure Management, announced the formal launch of its North America Alliance Partner Program for Managed Service Providers (MSP) and Value-Added Resellers (VARs). This initiative aims to empower Managed Service Providers (MSPs)...

Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its...

Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Flexera Software FlexNet Publisher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-053)

The version of kernel installed on the remote host is prior to 5.10.210-201.852. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-053 advisory. 2024-05-23: CVE-2024-26625 was added to this advisory. 2024-05-23: CVE-2024-26665 was added to this...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-062)

The version of kernel installed on the remote host is prior to 5.4.269-183.369. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-062 advisory. 2024-05-23: CVE-2024-26625 was added to this advisory. 2024-04-25: CVE-2024-26602 was added to this...

CVE-2024-29890

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem...

CVE-2024-29890 Remote code execution in datalens-ui

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem...

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by....

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a....

Powering the future of ThreatDown with AI

Nobody can deny the influence of AI today. In just a few years, we have observed AI's capacity to be as transformative as the internet and smartphones, especially for cybersecurity. Indeed, the potential of AI to radically simplify complex security environments is unmistakable, and aligns closely.....

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive...

DinodasRAT Linux implant targeting entities worldwide

DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a target's computer. A Windows version of this RAT was used in attacks against government entities in...

Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. "Using iMessage and RCS rather than SMS to send...

BIT-airflow-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

Advisory ROSA-SA-2024-2385

Software: kernel-ml-6.6 6.6.11 OS: rosa-server79 package_evr_string: kernel-ml-6.6.6.11-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmet_tcp_free_crypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...

Advisory ROSA-SA-2024-2384

Software: kernel-ml 5.15.146 OS: rosa-server79 package_evr_string: kernel-ml-5.15.146-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmet_tcp_free_crypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...

Advisory ROSA-SA-2024-2383

Software: kernel 3.10.0 OS: rosa-server79 package_evr_string: kernel-3.10.0-1160.105.1.el7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmet_tcp_free_crypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...

Linux Kernel nft_exthdr_ipv6_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Linux Kernel nft_exthdr_tcp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Linux Kernel nft_exthdr_sctp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality impacts and a timing-based side-channel attack due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts [CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945] and a timing-based side-channel attack [CVE-2023-33850] as described in the...

web3-utils Prototype Pollution vulnerability

Impact: The mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing...

web3-utils Prototype Pollution vulnerability

Impact: The mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing...

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product (CVE-2023-42017). This vulnerability has been addressed. IBM Planning...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-42503 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial...

CVE-2023-6400

Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions. "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly...

CVE-2023-6400 Incorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product.

Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...

SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals

As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new...

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to....

Meta to abandon social media tracking tool CrowdTangle

On 14 March, Meta announced it would abandon CrowdTangle, saying the tool will no longer be available after August 14, 2024. While most people have never heard of CrowdTangle, among journalists the tool is considered essential. Its popularity largely depends on the ability to monitor social media.....

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

Remote Code Execution

friendsofsymfony1/symfony1 is vulnerable to Remote Code Execution. The vulnerability is due to the ability to abuse the __destruct methods in Swift Mailer classes, which can be exploited to execute arbitrary PHP code if a developer unserializes untrusted user...

(RHSA-2024:1533) Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard...

(RHSA-2024:1532) Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) kernel: sched/membarrier:...

Intel® oneAPI Toolkit Software Advisory

Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkits and standalone component software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-35121 Description: Improper...

RHEL 9 : kernel (RHSA-2024:1532)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1532 advisory. kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard...

ROS-20240327-01

The golang package vulnerability is related to the ability to correlate consecutive connections by comparing the ticket ages during session resumption. Exploitation of the vulnerability could allow an intruder, acting remotely, an intruder could gain unauthorized access to session identifiers The.....

RHEL 9 : kernel-rt (RHSA-2024:1533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1533 advisory. kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard...

Improper Authorization

python is vulnerable to Improper Authorization. The vulnerability is due to dereferencing symlinks during cleanup of permissions-related errors, potentially allowing users with the ability to run privileged programs to modify permissions of files referenced by symlinks in certain...

Apache Airflow Improper Preservation of Permissions vulnerability

Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

Apache Airflow Improper Preservation of Permissions vulnerability

Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

Advisory ROSA-SA-2024-2382

Software: openssh 7.4p1 OS: rosa-server79 package_evr_string: openssh-7.4p1-23.0.3.res7 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...