Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
6.5AI Score
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
6.5AI Score
Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns
By Waqas Pinduoduo has confirmed the incident, but denied the presence of malware in its app. This is a post from HackRead.com Read the original post: Google Suspends Chinese Shopping App Pinduoduo Over Malware...
6.7AI Score
From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a...
9.8CVSS
8.7AI Score
0.975EPSS
Actors, Threats and Vulnerabilities 13 March to 19 March 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Over the past week, Hive Pro detected the presence of five active threat actors. The first of these is Dark Pink APT, a notorious group with a history of engaging in...
6.6AI Score
4.9CVSS
5.3AI Score
0.001EPSS
Sending L2 ---> L1 message without paying gas for published data due to uint256 overflow
Lines of code Vulnerability details Impact Due to this bug, a user can send arbitrarily long messages (greater than a certain length) from L2 to L1 without paying for the gas that is required for publishing data on L1. Proof of Concept Below is a PoC contract called "Test" that illustrates the...
7AI Score
KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...
0.1AI Score
KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...
0.1AI Score
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...
4.3CVSS
4.9AI Score
0.001EPSS
IBM Maximo Application Suite Licensing Issue Vulnerability
IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines (IBM). an authorization issue vulnerability exists in IBM Maximo Application Suite versions 8.8.0 and 8.9.0,...
6.5CVSS
6.1AI Score
0.0005EPSS
8.1CVSS
5.5AI Score
0.001EPSS
CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
3.5CVSS
5.3AI Score
0.001EPSS
YoroTrooper Stealing Credentials and Information from Government and Energy Organizations
A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials...
1.4AI Score
Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB5002348)
This host is missing an important security update according to Microsoft...
7.8CVSS
7.2AI Score
0.005EPSS
Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Cisco Talos has identified a new threat actor, which we are naming "YoroTrooper," that has been running several successful espionage campaigns since at least June 2022. YoroTrooper's main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other...
7.6AI Score
Vim Denial of Service Vulnerability (CNVD-2023-72256)
Vim is a cross-platform text editor. A denial of service vulnerability exists in Vim versions prior to 9.0.1392, which stems from the presence of a NULL pointer dereference in the utfc_ptr2len function, which can be exploited to cause a denial of service via crafted...
5.5CVSS
6.5AI Score
0.001EPSS
Malware targeting SonicWall devices could survive firmware updates
Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to steal....
0.5AI Score
Prometei botnet improves modules and exhibits new capabilities in recent updates
Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate...
9.8CVSS
10.4AI Score
0.975EPSS
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic
The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with the successful exploitation of susceptible Oracle WebLogic servers to...
0.6AI Score
The state of stalkerware in 2022
The state of stalkerware in 2022 (PDF) Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be...
6.4AI Score
DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation
This investigation was a joint effort between Malwarebytes Threat Intelligence's Jerome Segura, DeepSee's Rocky Moss and Antonio Torres. Key findings Over a dozen unique domains were found selling ad inventory through Google Ad Manager, even though the pages were embedded invisibly under the...
-0.4AI Score
9.8CVSS
9.7AI Score
0.018EPSS
8.1CVSS
8AI Score
0.936EPSS
8.8AI Score
0.028EPSS
-0.1AI Score
0.002EPSS
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined Exploit
CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives...
8.8CVSS
9AI Score
0.002EPSS
Protecting Android clipboard content from unintended exposure
Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data....
-0.2AI Score
Protecting Android clipboard content from unintended exposure
Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data....
-0.2AI Score
[SECURITY] [DLA 3354-1] kopanocore security update
Debian LTS Advisory DLA-3354-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 06, 2023 https://wiki.debian.org/LTS Package : kopanocore Version : 8.7.0-3+deb10u1 CVE ID ...
9.8CVSS
9.9AI Score
0.018EPSS
Debian DLA-3354-1 : kopanocore - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3354 advisory. HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array...
9.6AI Score
0.018EPSS
GitHub Security Lab audited DataHub: Here’s what they found
At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), we also love to contribute back to the community by helping improve the security posture of the OSS....
9.8CVSS
0.3AI Score
EPSS
6.7AI Score
0.0004EPSS
Dell PowerScale OneFS Resource Management Error Vulnerability
Dell PowerScale OneFS is an operating system from Dell (USA) Inc. Dell PowerScale OneFS is vulnerable to a resource management error that stems from the presence of uncontrolled resource consumption, which could be exploited by an attacker to compromise built-in hardware management functions and...
3.1AI Score
0.001EPSS
Dell PowerScale OneFS Licensing Issue Vulnerability (CNVD-2023-14503)
Dell PowerScale OneFS is an operating system from Dell (USA) Inc. Dell PowerScale OneFS version 9.4.0.x is vulnerable to an authorization issue that stems from the presence of incorrect default privileges, which could be exploited to overwrite arbitrary files and cause a denial of...
5.4AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : PostgreSQL vulnerability (USN-5906-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5906-1 advisory. PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of...
5AI Score
0.001EPSS
The Microsoft Intune Suite fuels cyber safety and IT efficiency
Today marks a significant shift in endpoint management and security. We're launching the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The new Intune Suite can simplify our customers’ endpoint management...
-0.1AI Score
The Microsoft Intune Suite fuels cyber safety and IT efficiency
Today marks a significant shift in endpoint management and security. We're launching the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The new Intune Suite can simplify our customers’ endpoint management...
-0.1AI Score
Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware
Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software...
-0.1AI Score
Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client
At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore's...
1AI Score
Description There is a presence of stored xss in username, which directly gets rendered whenever the page is opened. # Proof of Concept ``` 1: use the below command to clone the repo in your machine git clone https://github.com/answerdev/answer.git 2: Navigate inside the repo cd answer 3: Use...
5.4CVSS
5.6AI Score
0.001EPSS
Authorization vs. Intent: Why You Should Always Verify Both
The Wordfence Threat Intelligence team has observed a recent increase in the number of partial vulnerability patches that don’t properly address separate underlying issues. More specifically, we have been seeing an increase in Missing Authorization vulnerabilities that are fixed using tools...
0.1AI Score
Mozilla Critical Services: Email user account in indexacao waybackurl
Indexing a large number of user emails on the Internet Archive. When leaked data, like user email addresses, are found in online search engine cache's like archive.org, Mozilla rewards bounty hunters who report it in two cases: - The volume of leaked data is large enough to warrant us contacting...
6.8AI Score
Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible (CVE-2017-18017 and CVE-2017-17449). An exploit of CVE-2017-18017 could allow a remote attacker to cause a denial of service condition. An exploit of CVE-2017-17449 could...
9.8CVSS
7.7AI Score
0.954EPSS
Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388) could allow a remote attacker to wage a denial of service...
8.1CVSS
0.6AI Score
0.948EPSS
Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to expose sensitive information, execute arbitrary code, perform cross-site scripting, and/or cause a...
8.8CVSS
9AI Score
0.009EPSS
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the...
5.5CVSS
-0.5AI Score
0.467EPSS
Apache ShenYu License Issue Vulnerability (CNVD-2023-23553)
Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, is vulnerable to authorization issues in versions prior to Apache ShenYu 2.5.1. The vulnerability stems from the presence of improper privilege management, which could be exploited.....
8.8CVSS
8.5AI Score
0.002EPSS
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0206)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0206 advisory. In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the search_listener' parameter in a search allows for a...
6.3AI Score
0.001EPSS
IoC detection experiments with ChatGPT
ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such as....
-0.4AI Score