Car Repair Services & Auto Mechanic Security Vulnerabilities

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05,...

OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

TeamCity Server < 2023.5.6 XSS Vulnerability

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.5.6 It is, therefore, affected by a reflected XSS on the subscriptions page is possible Note that Nessus did not actually test for these issues, but instead...

HP LaserJet Printers XSS (HPSBPI03940)

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

WordPress Plugin 'Yoast SEO' < 22.7 XSS

The WordPress application running on the remote host has a version of the 'Yoast SEO' plugin that is prior to 22.7. It is, therefore, affected by a stored cross-site scripting (XSS) vulnerability due to insufficient input sanitization and output escaping. An authenticated attacker with...

TeamCity Server Multiple Vulnerabilities (CVE-2024-36362 / CVE-2024-36365)

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2, prior to 2023.11.5, prior to 2023.5.6, prior to 2022.10.6, prior to 2022.04.7. It is, therefore, affected by multiple vulnerabilities: Path traversal...

Amazon Linux 2 : golang (ALAS-2024-2554)

The version of golang installed on the remote host is prior to 1.22.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2554 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

TeamCity Server < 2024.3.2 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2 It is, therefore, affected by multiple vulnerabilities: Users can perform actions that should not be available to them based on their permissions...

QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval

Description The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for....

Apple TV < 17.5 Multiple Vulnerabilities (HT214102)

According to its banner, the version of Apple TV on the remote device is prior to 17.5. It is therefore affected by multiple vulnerabilities as described in the...

Ubuntu Pro Subscription Detection

The remote Ubuntu host has an active Ubuntu Pro...

In the jungle of AWS S3 Enumeration

Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable...

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

CVE-2024-36890

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) =...

CVE-2024-36890

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) =...

CVE-2024-36890

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label...

CVE-2024-36890 mm/slab: make __free(kfree) accept error pointers

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) =...

CVE-2024-36890 mm/slab: make __free(kfree) accept error pointers

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) =...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...

How to Build Your Autonomous SOC Strategy

Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from.....

Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware

Europol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot as part of a coordinated law enforcement effort codenamed Operation Endgame. "The actions focused on disrupting...

U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global...

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1743)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-1749)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1772)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-1772)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is...

FreeBSD : chromium -- security fix (6926d038-1db4-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6926d038-1db4-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1728)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1749)

The remote host is missing an update for the Huawei...

Veritas System Recovery Arbitrary File Creation (VTS24-005)

The version of Veritas System Recovery installed on the remote Windows host is 23.2 or prior. It is, therefore, affected by an arbitrary file creation vulnerability. A local attacker could create a file in any arbitrary location within the filesystem. This includes protected directories, such as...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1766)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 320a19f7-1ddd-11ef-a2ae-8c164567ca3c advisory. The nginx development team reports: This update fixes the following vulnerabilities: Tenable...

CVE-2024-36890

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) =...

ORing IAP-420 2.01e Cross Site Scripting / Command Injection

...

Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...

Cybercriminals Abuse Stack Overflow to Promote Malicious Python Package

Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing......

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...

How to turn off location tracking on iOS and iPadOS

On iOS and iPadOS, location services are typically turned on when you first set up your device. However, there may be reasons why you don’t want your device to be located, perhaps because you don’t want to be found but need to keep the device with you. There are a few options to hide your location....

6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy

Multicloud computing has become the foundation for digital businesses, with 86% of organizations having already adopted a multicloud approach.1 However, for all its benefits around increased agility, flexibility, and choice, we also see unique challenges with multicloud—including the need to...

2024 Cybersecurity Trends: What’s Observable Already?

2024 has already witnessed a staggering number of cyber incidents, with over 29.5 billion records breached across 4,645 publicly disclosed incidents in January alone, according to the IT Governance Security Spotlight. Moreover, CVEs are growing significantly year over year, with 13% growth from...