MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

Exploit for Unprotected Alternate Channel in Cisco Ios Xe

CVE-2023-20198 CVE-2023-20198 PoC (!) Description perform...

Cisco IOS XE vulnerability widely exploited in the wild

An authentication bypass affecting Cisco IOS X was disclosed on October 16, 2023. Researchers have found since then that the vulnerability is widely being exploited in the wild to help install implants on affected switches and routers. Cisco IOS XE is a universally deployed Internetworking...

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

CVE-2023-37537

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

CVE-2023-37537

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

Design/Logic Flaw

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

CVE-2023-37537 HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Updates Nov. 02: Identified a third version of the BadCandy implant. Added expected response from the new version of the implant against one of the HTTP requests used to check for infected device. Nov. 1: Observed increase in exploitation attempts since the publication of the proofs-of-concept...

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to...

The forgotten malvertising campaign

In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users...

Most Common Types of Cyber Attacks

Pioneering Perspectives on Prevalent Cyber Threats for Beginners Delving into the technology-powered period, it's indispensable to perceive technology as more than just a tool. Indeed, it has become an essential aspect of our day-to-day activities. As we navigate this interconnected realm, it's...

Hive Pro Unveils Revolutionary Platform Uni5 Xposure, Elevating the Potential of Threat Exposure Management

HERNDON, VA., Oct. 10, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management today announced the highly-anticipated release of their new platform Uni5 Xposure, which debuts live at the GITEX GLOBAL trade show in Dubai, UAE and at Triangle InfoSec Conference in North Carolina, USA. Uni5.....

Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats?

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies. Cyble, a...

F5 Networks BIG-IP HTTP/2 DoS (K000133467)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2...

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2023-98189)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita (Fortinet). The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An Access Control Error...

Adobe Bridge Resource Management Error Vulnerability (CNVD-2023-76925)

Adobe Bridge is a file viewer from the American company Audobee (Adobe). Adobe Bridge suffers from a Resource Management Error vulnerability that stems from the presence of uncontrolled resource consumption by the application, which can be exploited by an attacker to bypass mitigations such as...

Using Velociraptor for large-scale endpoint visibility and rapid threat hunting

TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks (150k+ Deployments aren’t unheard of) Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and...

Cisco Can’t Stop Using Hard-Coded Passwords

There's a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an.....

Huawei HarmonyOS and EMUI Licensing Issues Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI suffer from an authorization.....

Huawei HarmonyOS Trust Management Issue Vulnerability

Huawei HarmonyOS is an operating system from Huawei (China). It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a trust management issue vulnerability, which stems from the presence of a package name public key that is not verified in the....

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2023-98208)

Huawei HarmonyOS is an operating system from Huawei (China). It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which stems from the presence of mutual exclusion lock management in kernel modules. An...

Cisco Emergency Responder Trust Management Issues Vulnerability

Cisco Emergency Responder is an emergency response framework from Cisco (USA). A trust management issue vulnerability exists in Cisco Emergency Responder version 12.5(1)SU4, which arises from the presence of static user credentials for the root account, which are typically used during development,....

Backdoor Masquerading as Legitimate Plugin

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

IoT Secure Development Guide

Introduction This guide deals with threat modelling and early stages of development so that security issues and controls are identified before committing to manufacturing. Current attack methods, and the pitfalls we find in embedded designs, have been highlighted so that a finished product is as...

K000133467 : BIG-IP HTTP/2 vulnerability CVE-2023-40534

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with....

Cacti 1.2.24 Command Injection

...

Cacti 1.2.24 - Authenticated command injection when using SNMP options

...

Cacti 1.2.24 - Authenticated command injection when using SNMP options Vulnerability

...

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static....

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity...

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence...

Meta and TikTok consider charging users for ad-free experience

According to a report from the Wall Street Journal, Meta is considering charging its European users around $14 a month if they don't agree to personalized ads on Facebook and Instagram. On mobile devices, the price for a single account would be higher because Meta would factor in commissions...

Cisco Unified Communications Manager IM & Presence DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the remote host is affected by a denial of service (DoS) vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can...

Cisco Unified Communications Manager IM & Presence DoS (cisco-sa-cucm-imp-dos-49GL7rzT)

The version of Cisco Unified Communications IM & Presence Services installed on the remote host is prior to 12.5(1)SU7 or 14 prior to 14SU3. It is, therefore affected by a denial of service (DoS) vulnerability. Due to improper validation of user-supplied input, an unauthenticated, remote attacker.....

Cisco Unified Communications Manager DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unified Communications Manager running on the remote host is affected by a denial of service (DoS) vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can send a...

Cisco Unified Communications Manager SQLi (cisco-sa-cucm-injection-g6MbwH2)

The version of Cisco Unified Communications Manager installed on the remote host is prior to 12.5(1)SU8 or is version 14 and missing a security hotfix. It is, therefore, affected by a SQL injection vulnerability. Due to improper validation of user-supplied input, a remote attacker with read-only...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device....

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

Design/Logic Flaw

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device....

Cisco Emergency Responder Static Credentials Vulnerability

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center. CVE-2023-22515 was originally announced as a privilege escalation vulnerability, but was later changed to a...

Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers...

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the...

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

The Qualys Threat Research Unit (TRU) has discovered a buffer overflow vulnerability in GNU C Library's dynamic loader's processing of the GLIBC_TUNABLES environment variable. We have successfully identified and exploited this vulnerability (a local privilege escalation that grants full root...

Meta is using your public Facebook and Instagram posts to train its AI

Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters, Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large...

Know your Malware – A Beginner’s Guide to Encoding Techniques Used to Obfuscate Malware

With the launch of Wordfence CLI, our high performance security scanner that can detect the vast majority of PHP malware targeting WordPress, Wordfence continues to emphasize the importance of malware detection and remediation. Malware targeting WordPress uses a variety of obfuscation techniques...