MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PackageKit vulnerabilities (USN-4538-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4538-1 advisory. PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and...

Ubuntu 16.04 ESM : Apache Tomcat 7 vulnerabilities (USN-4791-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4791-1 advisory. Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not...

Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies

An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. "The actors behind.....

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous...

What is The Dark Web ?

The Undernet, a term frequently shrouded in enigma and often linked with unlawful activities, is a concealed segment of the digital world that is purposefully veiled and unreachable via regular internet browsers. This chapter aims to unveil the secrets of the Undernet, step by step demythifying...

What is Cracktivator software?

Cisco Talos coined the term "Cracktivator software" to reference counterfeit or modified software for pirated versions of Windows applications. One of our teammates, James Nutland, led the research to look into cracked versions of the Microsoft Windows operating system and other Microsoft...

Unraveling Real-Life Attack Paths – Key Lessons Learned

In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just target single weaknesses; they're on the hunt for combinations of exposures and attack methods that can lead them to their desired...

Exploit for Unprotected Alternate Channel in Cisco Ios Xe

CVE-2023-20198 CVE-2023-20198 PoC (!) Description perform...

Cisco IOS XE vulnerability widely exploited in the wild

An authentication bypass affecting Cisco IOS X was disclosed on October 16, 2023. Researchers have found since then that the vulnerability is widely being exploited in the wild to help install implants on affected switches and routers. Cisco IOS XE is a universally deployed Internetworking...

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

CVE-2023-37537

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

CVE-2023-37537

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

Design/Logic Flaw

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

CVE-2023-37537 HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Updates Nov. 02: Identified a third version of the BadCandy implant. Added expected response from the new version of the implant against one of the HTTP requests used to check for infected device. Nov. 1: Observed increase in exploitation attempts since the publication of the proofs-of-concept...

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to...

The forgotten malvertising campaign

In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users...

Most Common Types of Cyber Attacks

Pioneering Perspectives on Prevalent Cyber Threats for Beginners Delving into the technology-powered period, it's indispensable to perceive technology as more than just a tool. Indeed, it has become an essential aspect of our day-to-day activities. As we navigate this interconnected realm, it's...

Hive Pro Unveils Revolutionary Platform Uni5 Xposure, Elevating the Potential of Threat Exposure Management

HERNDON, VA., Oct. 10, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management today announced the highly-anticipated release of their new platform Uni5 Xposure, which debuts live at the GITEX GLOBAL trade show in Dubai, UAE and at Triangle InfoSec Conference in North Carolina, USA. Uni5.....

Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats?

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies. Cyble, a...

F5 Networks BIG-IP HTTP/2 DoS (K000133467)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2...

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2023-98189)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita (Fortinet). The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An Access Control Error...

Adobe Bridge Resource Management Error Vulnerability (CNVD-2023-76925)

Adobe Bridge is a file viewer from the American company Audobee (Adobe). Adobe Bridge suffers from a Resource Management Error vulnerability that stems from the presence of uncontrolled resource consumption by the application, which can be exploited by an attacker to bypass mitigations such as...

Using Velociraptor for large-scale endpoint visibility and rapid threat hunting

TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks (150k+ Deployments aren’t unheard of) Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and...

Cisco Can’t Stop Using Hard-Coded Passwords

There's a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an.....

Huawei HarmonyOS and EMUI Licensing Issues Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI suffer from an authorization.....

Huawei HarmonyOS Trust Management Issue Vulnerability

Huawei HarmonyOS is an operating system from Huawei (China). It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a trust management issue vulnerability, which stems from the presence of a package name public key that is not verified in the....

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2023-98208)

Huawei HarmonyOS is an operating system from Huawei (China). It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which stems from the presence of mutual exclusion lock management in kernel modules. An...

Cisco Emergency Responder Trust Management Issues Vulnerability

Cisco Emergency Responder is an emergency response framework from Cisco (USA). A trust management issue vulnerability exists in Cisco Emergency Responder version 12.5(1)SU4, which arises from the presence of static user credentials for the root account, which are typically used during development,....

Backdoor Masquerading as Legitimate Plugin

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

IoT Secure Development Guide

Introduction This guide deals with threat modelling and early stages of development so that security issues and controls are identified before committing to manufacturing. Current attack methods, and the pitfalls we find in embedded designs, have been highlighted so that a finished product is as...

K000133467 : BIG-IP HTTP/2 vulnerability CVE-2023-40534

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with....

Cacti 1.2.24 Command Injection

...

Cacti 1.2.24 - Authenticated command injection when using SNMP options

...

Cacti 1.2.24 - Authenticated command injection when using SNMP options Vulnerability

...

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static....

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity...

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence...

Meta and TikTok consider charging users for ad-free experience

According to a report from the Wall Street Journal, Meta is considering charging its European users around $14 a month if they don't agree to personalized ads on Facebook and Instagram. On mobile devices, the price for a single account would be higher because Meta would factor in commissions...

Cisco Unified Communications Manager IM & Presence DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the remote host is affected by a denial of service (DoS) vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can...

Cisco Unified Communications Manager IM & Presence DoS (cisco-sa-cucm-imp-dos-49GL7rzT)

The version of Cisco Unified Communications IM & Presence Services installed on the remote host is prior to 12.5(1)SU7 or 14 prior to 14SU3. It is, therefore affected by a denial of service (DoS) vulnerability. Due to improper validation of user-supplied input, an unauthenticated, remote attacker.....

Cisco Unified Communications Manager DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unified Communications Manager running on the remote host is affected by a denial of service (DoS) vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can send a...

Cisco Unified Communications Manager SQLi (cisco-sa-cucm-injection-g6MbwH2)

The version of Cisco Unified Communications Manager installed on the remote host is prior to 12.5(1)SU8 or is version 14 and missing a security hotfix. It is, therefore, affected by a SQL injection vulnerability. Due to improper validation of user-supplied input, a remote attacker with read-only...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device....

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

Design/Logic Flaw

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the....

Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device....