Hive Pro Celebrates Remarkable Milestones in Securicom MSSP Partnership
HERNDON, VA., Sept. 13, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce significant achievements in its collaboration with Securicom, a customer-centric Global Managed IT Security Services Provider (MSSP). This partnership marks a crucial step forward in...
6.5AI Score
Vim Input Validation Error Vulnerability
Vim is a cross-platform text editor. An input validation error vulnerability exists in versions prior to Vim 9.0.1846 that stems from the presence of an integer overflow or wrap-around issue. A remote attacker can exploit this vulnerability by sending a malicious HTTP or HTTPS request to execute...
7.8CVSS
7.8AI Score
0.001EPSS
Ransomware review: September 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
7AI Score
Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign
A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...
7.7AI Score
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts. "Originating yet again from a Vietnamese-based group, this campaign...
6.9AI Score
NVIDIA GPU Display Driver June 2023 Security Updates
NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure. NVIDIA has released updates to mitigate these vulnerabilities. ...
8.8CVSS
7.7AI Score
0.001EPSS
Snappy PHAR deserialization vulnerability
Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper....
9.8CVSS
8.3AI Score
0.021EPSS
Snappy PHAR deserialization vulnerability
Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper....
9.8CVSS
8.3AI Score
0.021EPSS
Exploit for Insecure Default Initialization of Resource in Apache Superset
CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache...
9.8CVSS
8.6AI Score
0.97EPSS
HERNDON, Va., Sept. 7, 2023 - Hive Pro®, a pioneer vendor of Threat Exposure Management is now featured in two prominent Gartner publications that spotlight industry leaders and innovators: The Market Guide™ for Vulnerability Assessment (2023) and The Hype Cycle for Security Operations (2023). As.....
7AI Score
Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer's corporate account. This enabled the adversary to access a debugging environment that contained information....
6.6AI Score
Low level calls to accounts with no code will succeed in multiexcall function
Lines of code https://github.com/code-423n4/2023-09-ondo/blob/main/contracts/usdy/rUSDYFactory.sol#L126 Vulnerability details Impact Low level calls behave differently than function calls in Solidity. Calls at the EVM level to accounts with no code are successful, this is the expected and normal...
7.2AI Score
Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1666 advisory. The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote...
7AI Score
0.062EPSS
Snappy PHAR deserialization vulnerability
Description Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar://...
9.8CVSS
8.3AI Score
0.021EPSS
Cisco Unified Communications Manager Privilege Escalation (cisco-sa-cucm-priv-esc-D8Bky5eg)
The version of Cisco Unified Communications Manager installed on the remote host is 12.5(1)SU8 and missing a security patch. It is, therefore, affected by a privilege escalation vulnerability due to the lack of restrictions on files that are used for upgrades. An attacker with administrator...
7.2CVSS
7AI Score
0.001EPSS
QakBot's Endgame: The Final Move Before the Takedown
QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 (Attribution at the bottom) Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...
7.8AI Score
QakBot's Endgame: The Final Move Before the Takedown
QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 (Attribution at the bottom) Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...
8AI Score
Why is .US Being Used to Phish So Many of Us?
Domain names ending in ".US" -- the top-level domain for the United States -- are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains...
6.9AI Score
SapphireStealer: Open-source information stealer enables credential and data theft
SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December 2022. Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate.....
7.5AI Score
FreeBSD : FreeBSD -- Stack overflow in ping(8) (a005aea9-47bb-11ee-8e38-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a005aea9-47bb-11ee-8e38-002590c1f29c advisory. ping reads raw IP packets from the network to process responses in the pr_pack() function. ...
6.8AI Score
0.0004EPSS
How to Prevent ChatGPT From Stealing Your Content & Traffic
ChatGPT and similar large language models (LLMs) have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer need advanced coding skills to execute fraud and other damaging attacks against online businesses and customers, thanks to bots-as-a-service,...
6.5AI Score
Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits
Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web...
9.8CVSS
8.4AI Score
0.974EPSS
IT threat evolution in Q2 2023
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program,...
9.8CVSS
10AI Score
0.975EPSS
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which.....
9.8CVSS
6.8AI Score
0.071EPSS
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...
7AI Score
software: mosquitto 2.0.15 WASP: ROSA-CHROME package_evr_string: mosquitto-2.0.15-2.src.rpm CVE-ID: CVE-2021-34431 BDU-ID: 2022-01775 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message.....
7.5CVSS
6.7AI Score
0.001EPSS
Moxa ioLogik 4000 Series Incorrect Authorization (CVE-2023-4227)
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...
6.5CVSS
7AI Score
0.0005EPSS
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat By Trellix Advanced Research Center · August 28, 2023 Introduction Ransomware, a malicious software that encrypts valuable data and demands a ransom for its release, has a notorious history marked by its evolution from....
8AI Score
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat By Trellix Advanced Research Center · August 28, 2023 Introduction Ransomware, a malicious software that encrypts valuable data and demands a ransom for its release, has a notorious history marked by its evolution from....
7.6AI Score
Lazarus Group's infrastructure reuse leads to discovery of new malware
In the Lazarus Group's latest campaign, which we detailed in a recent blog, the North Korean state-sponsored actor is exploiting CVE-2022-47966, a ManageEngine ServiceDesk vulnerability to deploy multiple threats. In addition to their "QuiteRAT" malware, which we covered in the blog, we also...
9.8CVSS
9.9AI Score
0.975EPSS
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...
6.5CVSS
6.5AI Score
0.0005EPSS
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...
6.5CVSS
5.6AI Score
0.0005EPSS
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...
6.5CVSS
6.6AI Score
0.0005EPSS
CVE-2023-4227 ioLogik 4000 Series: Existence of an Unauthorized Service
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...
5.3CVSS
6.7AI Score
0.0005EPSS
Cisco Unified Communications Manager IM & Presence XSS (cisco-sa-cucm-imp-xss-QtT4VdsK)
The version of Cisco Unified Communications IM & Presence Services installed on the remote host is prior to 12.5(1)SU8 or 14 prior to 14SU4. It is, therefore affected by a cross-site scripting vulnerability (XSS). An unauthenticated remote attacker could, with the interaction of another user,...
6.1CVSS
7AI Score
0.001EPSS
Moxa NPort IAW5000A-I/O Series Hardcoded Credentials (CVE-2023-4204)
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerability which poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate...
9.8CVSS
9.1AI Score
0.001EPSS
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting...
7.8AI Score
WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging...
7.1AI Score
Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically
We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...
7AI Score
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode...
6.8AI Score
New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware,...
10CVSS
8.1AI Score
0.975EPSS
9.8CVSS
9.7AI Score
0.783EPSS
Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams
Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex traffic redirection scheme we had ever seen. In fact, the threat actor had started deploying infrastructure in earnest as early as 2017, about 3 years prior to our...
7.1AI Score
Google Chrome Data Forgery Problem Vulnerability (CNVD-2023-65156)
Google Chrome is a web browser from Google, an American company. A type obfuscation vulnerability exists in versions prior to Google Chrome 116.0.5845.96, which stems from the presence of type obfuscation in V8, and can be exploited by remote attackers to cause the browser to shut down via a...
8.8CVSS
6.5AI Score
0.002EPSS
Google Chrome Resource Management Error Vulnerability (CNVD-2023-64447)
Google Chrome is a web browser from Google, an American company. A resource management error vulnerability previously existed in Google Chrome version 93.0.4577.82, which stemmed from the presence of Blink free after use. An attacker could exploit the vulnerability to cause a denial of service...
8.8CVSS
6.5AI Score
0.001EPSS
Google Chrome Resource Management Error Vulnerability (CNVD-2023-64448)
Google Chrome is a web browser from Google, an American company. A resource management error vulnerability previously existed in Google Chrome version 92.0.4515.107, which stemmed from the presence of Blink free after use. An attacker could exploit the vulnerability to cause a denial of service...
8.8CVSS
6.5AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker....
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker....
6.1CVSS
5.5AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker....
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker....
4.8CVSS
6.1AI Score
0.001EPSS