MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune....

Milesight Routers - Information Disclosure

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 Vulnerability Detector ![CVE...

Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware

CVE-2023-43261 - PoC Critical Vulnerability Exposes...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

Design/Logic Flaw

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

People's Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for...

QR codes in email phishing

QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don't see lots of QR...

Malwarebytes MDR wins G2 awards for "Best ROI," "Easiest to Use," and more

Malwarebytes Managed Detection and Response (MDR) earned a placed in 12 new reports on G2's Fall 2023 reports, winning badges for "Easiest to do Business With," "Best Est. ROI," "Easiest to Use," and "Easiest Admin." Purpose-built for resource constrained teams, Malwarebytes MDR provides IT staff.....

New Variant of RedLine Stealer Uses Batch Script to Evade Detection

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of RedLine Stealer that is being distributed as a batch script file. This new variant of RedLine Stealer is more sophisticated than previous versions and uses a number of techniques to evade....

Amazon Linux 2 : firefox (ALASFIREFOX-2023-009)

The version of firefox installed on the remote host is prior to 102.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-009 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing ...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-007)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.0.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-007 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1,...

Qualys Survey of Top 10 Exploited Vulnerabilities in 2023

The Qualys Threat Research Unit (TRU) has thoroughly analyzed vulnerabilities reported in 2023. Our comprehensive study assesses factors including weaponization status, existence in the CISA KEV, instances or usage of malware and ransomware, trending vulnerabilities, various scoring metrics, and...

ICS protocol coverage using Snort 3 service inspectors

With more devices on operational technology (OT) networks now getting connected to wide-reaching IT networks, it is more important than ever to have effective detection capabilities for ICS protocols. However, there are a few issues that usually arise when creating detection for ICS protocol...

Hive Pro Partners with Tech Titan to Fortify Cybersecurity Landscape in Southeast Asia

HERNDON, VA., Sept. 26, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce a strategic partnership with Tech Titan Group, a leading IT Solutions Provider renowned for its innovation-driven approach and dedication to addressing evolving customer needs across...

Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1742 Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-28393 SUMMARY A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of.....

Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1750 Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32284 SUMMARY An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted.....

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary,.....

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the...

Simplified Event Externalization with Spring Modulith

Transactional service methods are a common pattern in Spring applications. These methods trigger a state transition important to the business. This usually involves a core domain abstraction, such as an aggregate and its corresponding repository. A stereotypical example of such an arrangement...

Passkeys are generally available

Passkeys are a new form of sign-in and phishing resistant credential that make it easier to protect your GitHub account by reducing use of passwords and other, more easily phishable authentication methods. Since the launch of passkeys in beta in July, tens of thousands of developers have adopted...

Overview of IoT threats in 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks.....

Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack

The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to...

CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

Design/Logic Flaw

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

CVE-2023-43635 Vault Key Sealed With SHA1 PCRs

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-344)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-344 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains...

Hello, Java 21

Hi, Spring fans! Get the bits Before we get started, do something for me quickly. If you haven’t already, go install SKDMAN. Then run: sdk install java 21-graalce && sdk default java 21-graalce There you have it. You now have Java 21 and graalvm supporting Java 21 on your machine, ready to go....

Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks

On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our...

Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its...

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection

...

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability

...

Hook: New Android Banking Trojan That Expands on ERMAC's Legacy

A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. "All...

Malwarebytes named leader across six endpoint security categories, marking its ease of use, in G2 Fall 2023 results

The peer-to-peer review source G2 has released their Fall 2023 reports, ranking Malwarebytes as a leader across a number of endpoint protection categories. In the most recent results, Malwarebytes is the only vendor to earn the "Easiest to Use" and "Easiest Admin" recognition for its Endpoint...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82284)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82283)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...

Design/Logic Flaw

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...

Hive Pro Celebrates Remarkable Milestones in Securicom MSSP Partnership

HERNDON, VA., Sept. 13, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce significant achievements in its collaboration with Securicom, a customer-centric Global Managed IT Security Services Provider (MSSP). This partnership marks a crucial step forward in...

Vim Input Validation Error Vulnerability

Vim is a cross-platform text editor. An input validation error vulnerability exists in versions prior to Vim 9.0.1846 that stems from the presence of an integer overflow or wrap-around issue. A remote attacker can exploit this vulnerability by sending a malicious HTTP or HTTPS request to execute...

Ransomware review: September 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts. "Originating yet again from a Vietnamese-based group, this campaign...

NVIDIA GPU Display Driver June 2023 Security Updates

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure. NVIDIA has released updates to mitigate these vulnerabilities. ...

Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper....