CentOS 8 : frr (CESA-2024:0130)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0130 advisory. bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a flowspec overflow. (CVE-2023-38406) ...
9.8CVSS
7.8AI Score
0.001EPSS
Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
Microsoft followed up one of the lightest recent Patch Tuesdays in December with another month of no zero-day vulnerabilities and only two critical issues. Many of the company's monthly security updates in 2023 included vulnerabilities that were actively being exploited in the wild or had publicly....
8.8CVSS
8.4AI Score
0.004EPSS
Apache InLong Code Issue Vulnerability (CNVD-2024-08088)
Apache InLong is the U.S. Apache (Apache) Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a code issue vulnerability that stems from the presence of a deserialization vulnerability. An attacker can...
7.5CVSS
7.1AI Score
0.003EPSS
Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an...
7.6AI Score
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their cybersecurity strategy has changed over the past two years." This stagnation in strategy adaptation can be traced back to several key...
7AI Score
Rapid7’s Data-Centric Approach to AI in Belfast
Authored by Stuart Millar and Ryan Wilson. Rapid7 has expanded significantly in Belfast since establishing a presence back in 2014, resulting in the company's largest R&D hub outside the US with over 350 people spread across eight floors in our Chichester Street office. There is a wide range of...
7AI Score
How to Protect Your Privacy Online
Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening...
7.4AI Score
How to comply with HIPAA requirements
Understanding the Grounds of HIPAA Let's take a deep dive into understanding the broad structure and intent behind the Act for the Secure Management and Duty of Patient Data (ASMDPD), a landmark piece of legislation that has deeply transformed the healthcare sector since its inception at the turn.....
7.6AI Score
Helping a mobile malware fraud victim
Back at the start of October, we had a call from the BBC asking if we could help unpick a fraud. The victim had been defrauded of ~£12,000 through a rogue bank transfer and mentioned that her Android mobile phone had been behaving oddly. Of course we would help; who wouldn’t be up for the...
6.6AI Score
The Initial Overview: Learning about MQTT & AMQP In the dynamic arenas of Internet of Things (IoT) and cloud computing, communication protocols that are robust, reliable and capable of handling high traffic volumes have become essential. The two protocols that have recently gained significant...
7.1AI Score
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 Vulnerability Detector ![CVE...
9.8CVSS
9.7AI Score
0.965EPSS
Exploit for Deserialization of Untrusted Data in Apache Kafka Connect
This tool is intended for security testing purposes only. Do...
8.8CVSS
9.7AI Score
0.97EPSS
There’s One Last Gift Under the Tree, It’s Hands-On IoT!
It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime. But first, a little background. Every year Rapid7 has a pretty solid presence at DefCon in Las Vegas. This year was.....
7.1AI Score
How Cache Purge Helps Keep Your Website Content Fresh and Responsive
Content Delivery Networks (CDNs) accelerate web traffic across the internet through servers residing in strategic locations (known as points of presence or PoPs) across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...
6.8AI Score
How ransomware operators try to stay under the radar
An often heard remark is that when your security solution notices a ransomware attack, it’s already too late. There's a lot of truth in that, if you consider the encryption process to be the ransomware attack. However, these days encryption is just a part of many ransomware attacks. Some of the...
7.8AI Score
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices
A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called...
7.4AI Score
Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164
Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results in....
9.8CVSS
8.1AI Score
0.09EPSS
Linux kernel denial of service vulnerability (CNVD-2024-1476840)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a denial of service vulnerability that originates from the presence of a null pointer dereference in the function...
5.5CVSS
6.5AI Score
0.0004EPSS
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with...
7AI Score
0.0004EPSS
Mallox Ransomware A Resurgent Threat Exploiting MS-SQL Flaws
Summary: Mallox is a resilient Ransomware-as-a-Service (RaaS) threat, utilizing tactics like exploiting MS-SQL vulnerabilities and employing brute force attacks. Operating with a prolonged presence, Mallox's recent variant, "Mallox.Resurrection," exhibits consistent functionalities, emphasizing...
7.4AI Score
Expired tokens can be renewed without validating the account password
Impact In versions of the proxy from 2022-09-05 onwards (since 8c874c2ff3d503ac20c7d32f46e08547fcb9e23f), expired OAuth 2.0 client credentials grant (CCG) flow authorisation tokens could be renewed automatically without checking their validity against the original account configuration (i.e., the.....
7.8AI Score
Expired tokens can be renewed without validating the account password
Impact In versions of the proxy from 2022-09-05 onwards (since 8c874c2ff3d503ac20c7d32f46e08547fcb9e23f), expired OAuth 2.0 client credentials grant (CCG) flow authorisation tokens could be renewed automatically without checking their validity against the original account configuration (i.e., the.....
7.8AI Score
Cloud environments differ in a number of ways from more traditional on-prem environments. From the immense scale and compounding complexity to the rate of change, the cloud creates a host of challenges for security teams to navigate and grapple with. By definition, anything running in the cloud...
7.3AI Score
Behind the scenes at the Wiz Booth: how to create a memorable expo experience
Discover how Wiz reinvents its presence at every cybersecurity event, surprising visitors with engaging themes and unique...
7.3AI Score
TotalCloud Insights: Hidden Risks of Amazon S3 Misconfigurations
Misconfiguring Amazon S3 Buckets Can Pose Major Risks Amazon Web Services (AWS) is the world’s largest cloud security provider, and it provides the ability to store massive amounts of cloud-resident data with the Amazon Simple Storage Service (S3) bucket. Amazon S3 is an object storage solution...
7.6AI Score
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
4.7AI Score
0.0004EPSS
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
0.0004EPSS
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
7.1AI Score
0.0004EPSS
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
5AI Score
0.0004EPSS
Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges
The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of...
8AI Score
Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam
Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and...
7.3AI Score
The scanner detected the presence of a web page protected by a 'NTLM'...
7.3AI Score
Bearer Token Authentication Detected
The scanner detected the presence of a web page protected by a 'Bearer'...
7.3AI Score
Digest Authentication Detected
The scanner detected the presence of a web page protected by a 'Digest'...
7.3AI Score
New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...
9.8CVSS
9.5AI Score
0.135EPSS
Ten Years Later, New Clues in the Target Breach
On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also.....
7.1AI Score
SAP Cloud Connector Resource Management Error Vulnerability
SAP Cloud Connector is a tool from SAP Germany to establish a secure connection between local systems and SAP Cloud Platform. A resource management error vulnerability exists in SAP Cloud Connector version 2.0, which stems from the presence of uncontrolled resource consumption in the application...
3.5CVSS
6.8AI Score
0.0004EPSS
Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm
Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...
8AI Score
Unveiling the Cyber Threats to Healthcare: Beyond the Myths
Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to...
4.3CVSS
7.4AI Score
0.0004EPSS
Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat...
7.1AI Score
Intel 2023.4 IPU – BIOS November 2023 Security Update
Intel has informed HP of potential security vulnerabilities in the BIOS firmware for some Intel® Processors, which might allow escalation of privilege or denial of service. Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...
8CVSS
8AI Score
0.0004EPSS
Unwrap Fee Rounding Down: Revenue Loss, User Unfairness, and Reduced Confidence
Lines of code Vulnerability details Impact The issue with the unwrap fee rounding down can have several detrimental impacts on the Ocean protocol: Revenue Loss: Due to rounding down, the contract loses out on potential unwrap fees, particularly for smaller unwrap amounts. This can significantly...
7.2AI Score
2024 Predictions for Cybersecurity: The Rise of AI Brings New Challenges
The emergence of generative AI has put new resources in the hands of both attackers and defenders, and in 2024, Imperva believes the technology will have an even greater impact. Understanding how attackers are leveraging the technology will be critical for organizations seeking to keep...
7.2AI Score
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand
A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is "able to conceal.....
7.1AI Score
Scanning Danger: Unmasking the Threats of Quishing
Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi, Raghav Kapoor and Rohan Shah · December 07, 2023 Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 percent of data breaches, making it a significant avenue for the theft of sensitive credentials and...
7.4AI Score
SUSE SLES15 / openSUSE 15 Security Update : frr (SUSE-SU-2023:4663-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4663-1 advisory. bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a flowspec overflow....
9.8CVSS
6.7AI Score
0.001EPSS
Scanning Danger: Unmasking the Threats of Quishing
Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi and Rohan Shah · December 7, 2023 This blog was also written by Raghav Kapoor Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 percent of data breaches, making it a significant avenue for the theft...
7.4AI Score
PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We...
9.1AI Score
New Report: Unveiling the Threat of Malicious Browser Extensions
Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily....
7AI Score
New macOS Trojan-Proxy piggybacking on cracked software
Illegally distributed software historically has served as a way to sneak malware onto victims' devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a "free lunch". They are an excellent target for cybercriminals who realize that an...
7.7AI Score