LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune....
7.7AI Score
Milesight Routers - Information Disclosure
A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...
7.5CVSS
7.8AI Score
0.007EPSS
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 Vulnerability Detector ![CVE...
9.8CVSS
9.2AI Score
0.965EPSS
Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware
CVE-2023-43261 - PoC Critical Vulnerability Exposes...
7.5CVSS
7.9AI Score
0.007EPSS
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...
7.5CVSS
7.6AI Score
0.001EPSS
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...
7.5CVSS
7.8AI Score
0.001EPSS
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for...
9.8AI Score
QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don't see lots of QR...
7.1AI Score
Malwarebytes MDR wins G2 awards for "Best ROI," "Easiest to Use," and more
Malwarebytes Managed Detection and Response (MDR) earned a placed in 12 new reports on G2's Fall 2023 reports, winning badges for "Easiest to do Business With," "Best Est. ROI," "Easiest to Use," and "Easiest Admin." Purpose-built for resource constrained teams, Malwarebytes MDR provides IT staff.....
6.9AI Score
New Variant of RedLine Stealer Uses Batch Script to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of RedLine Stealer that is being distributed as a batch script file. This new variant of RedLine Stealer is more sophisticated than previous versions and uses a number of techniques to evade....
6.9AI Score
Amazon Linux 2 : firefox (ALASFIREFOX-2023-009)
The version of firefox installed on the remote host is prior to 102.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-009 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing ...
9.8CVSS
7.8AI Score
0.002EPSS
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-007)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.0.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-007 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1,...
9.8CVSS
7.5AI Score
0.001EPSS
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
The Qualys Threat Research Unit (TRU) has thoroughly analyzed vulnerabilities reported in 2023. Our comprehensive study assesses factors including weaponization status, existence in the CISA KEV, instances or usage of malware and ransomware, trending vulnerabilities, various scoring metrics, and...
9.8CVSS
9.8AI Score
0.971EPSS
ICS protocol coverage using Snort 3 service inspectors
With more devices on operational technology (OT) networks now getting connected to wide-reaching IT networks, it is more important than ever to have effective detection capabilities for ICS protocols. However, there are a few issues that usually arise when creating detection for ICS protocol...
7.1AI Score
Hive Pro Partners with Tech Titan to Fortify Cybersecurity Landscape in Southeast Asia
HERNDON, VA., Sept. 26, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce a strategic partnership with Tech Titan Group, a leading IT Solutions Provider renowned for its innovation-driven approach and dedication to addressing evolving customer needs across...
6.7AI Score
Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1742 Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-28393 SUMMARY A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of.....
8.8CVSS
7.2AI Score
0.001EPSS
Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1750 Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32284 SUMMARY An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted.....
9.8CVSS
7.2AI Score
0.001EPSS
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary,.....
7.8CVSS
7.8AI Score
0.001EPSS
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the...
7.3AI Score
Simplified Event Externalization with Spring Modulith
Transactional service methods are a common pattern in Spring applications. These methods trigger a state transition important to the business. This usually involves a core domain abstraction, such as an aggregate and its corresponding repository. A stereotypical example of such an arrangement...
6.8AI Score
Passkeys are generally available
Passkeys are a new form of sign-in and phishing resistant credential that make it easier to protect your GitHub account by reducing use of passwords and other, more easily phishable authentication methods. Since the launch of passkeys in beta in July, tens of thousands of developers have adopted...
6.8AI Score
Overview of IoT threats in 2023
IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks.....
9.1CVSS
8.1AI Score
0.571EPSS
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack
The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to...
6.4AI Score
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...
8.8CVSS
8.7AI Score
0.0004EPSS
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...
8.8CVSS
8.6AI Score
0.0004EPSS
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...
8.8CVSS
8.6AI Score
0.0004EPSS
CVE-2023-43635 Vault Key Sealed With SHA1 PCRs
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...
8.8CVSS
8.8AI Score
0.0004EPSS
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-344)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-344 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains...
9.8CVSS
7.5AI Score
0.001EPSS
Hi, Spring fans! Get the bits Before we get started, do something for me quickly. If you haven’t already, go install SKDMAN. Then run: sdk install java 21-graalce && sdk default java 21-graalce There you have it. You now have Java 21 and graalvm supporting Java 21 on your machine, ready to go....
6.9AI Score
Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our...
7.8AI Score
0.001EPSS
Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its...
6.9AI Score
7.1AI Score
0.001EPSS
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability
...
9.8CVSS
8.8AI Score
0.001EPSS
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. "All...
7.6AI Score
The peer-to-peer review source G2 has released their Fall 2023 reports, ranking Malwarebytes as a leader across a number of endpoint protection categories. In the most recent results, Malwarebytes is the only vendor to earn the "Easiest to Use" and "Easiest Admin" recognition for its Endpoint...
7.2AI Score
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82284)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
5.4CVSS
5.7AI Score
0.0005EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82283)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
5.7AI Score
0.0005EPSS
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...
4.3CVSS
4.6AI Score
0.001EPSS
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...
4.3CVSS
4.7AI Score
0.001EPSS
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...
4.3CVSS
4.7AI Score
0.001EPSS
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper...
4.3CVSS
5AI Score
0.001EPSS
Hive Pro Celebrates Remarkable Milestones in Securicom MSSP Partnership
HERNDON, VA., Sept. 13, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce significant achievements in its collaboration with Securicom, a customer-centric Global Managed IT Security Services Provider (MSSP). This partnership marks a crucial step forward in...
6.5AI Score
Vim Input Validation Error Vulnerability
Vim is a cross-platform text editor. An input validation error vulnerability exists in versions prior to Vim 9.0.1846 that stems from the presence of an integer overflow or wrap-around issue. A remote attacker can exploit this vulnerability by sending a malicious HTTP or HTTPS request to execute...
7.8CVSS
7.8AI Score
0.001EPSS
Ransomware review: September 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
7AI Score
Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign
A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...
7.7AI Score
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts. "Originating yet again from a Vietnamese-based group, this campaign...
6.9AI Score
NVIDIA GPU Display Driver June 2023 Security Updates
NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure. NVIDIA has released updates to mitigate these vulnerabilities. ...
8.8CVSS
7.7AI Score
0.001EPSS
Snappy PHAR deserialization vulnerability
Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper....
9.8CVSS
8.3AI Score
0.021EPSS