IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...
7.1AI Score
RHEL 5 : microcode_ctl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: Intel SGX information leak (CVE-2019-0117) Improper conditions check in the voltage modulation...
6CVSS
6.7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 7 : Red Hat Single Sign-On 7.6.9 security update on RHEL 7 (Low) (RHSA-2024:3566)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3566 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
6.8AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 5 : gnutls (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: Heap read overflow in read-packet.c (CVE-2017-5337) The TLS protocol 1.2 and earlier, as used in...
7.5CVSS
7.4AI Score
0.256EPSS
RHEL 6 : microcode_ctl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for insufficient granularity of access control in out-of-band management in some...
7.5CVSS
7AI Score
0.0004EPSS
RHEL 8 : Red Hat Single Sign-On 7.6.9 security update on RHEL 8 (Low) (RHSA-2024:3567)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3567 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
7.1AI Score
0.0004EPSS
RHEL 9 : Red Hat Single Sign-On 7.6.9 security update on RHEL 9 (Low) (RHSA-2024:3568)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3568 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
RHEL 7 : microcode_ctl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for improper isolation of shared resources (CVE-2022-38090) Incorrect...
6.1CVSS
7.2AI Score
0.0004EPSS
RHEL 5 : ipsec-tools (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ipsec-tools: Parsing and storing ISAKMP fragments in malicious order can exhaust resources ...
7.5CVSS
7.6AI Score
0.018EPSS
RHEL 7 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
6.8CVSS
7.5AI Score
0.009EPSS
RHEL 6 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
6.8CVSS
8.7AI Score
0.009EPSS
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...
7.4CVSS
6.8AI Score
0.015EPSS
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
8.5AI Score
0.945EPSS
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
6AI Score
0.945EPSS
Online Payment Hub System 1.0 SQL Injection Vulnerability
Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
6AI Score
0.0004EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
5.9AI Score
0.0004EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
5.9AI Score
0.0004EPSS
Check Point Security Gateway Arbitrary File Read
This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...
8.6CVSS
7.4AI Score
0.945EPSS
New! Insight Agent Support for ARM-based Windows in InsightVM
We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...
7.1AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
5.9CVSS
6.1AI Score
0.0004EPSS
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting
The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05,...
7.2AI Score
7.4AI Score
Popup Builder < 4.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS
Description The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.7AI Score
0.0004EPSS
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
9.8CVSS
7.4AI Score
0.001EPSS
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to....
8.6CVSS
8.8AI Score
0.945EPSS
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...
9.8CVSS
8.7AI Score
0.039EPSS
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...
9.8CVSS
7.2AI Score
0.039EPSS
CVE-2024-24919: Check Point Security Gateway Information Disclosure
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a...
8.6CVSS
6.9AI Score
0.945EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.8CVSS
10AI Score
0.035EPSS
Security Bulletin: CVE-2024-3933 affects IBM® SDK, Java™ Technology Edition
Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure...
5.3CVSS
6.4AI Score
0.0004EPSS
Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...
7.5CVSS
7.7AI Score
0.002EPSS
The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied...
7.2CVSS
7.1AI Score
0.001EPSS
Check Point Quantum Gateway - Information Disclosure
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...
8.6CVSS
8.3AI Score
0.945EPSS
7.9CVSS
6.8AI Score
0.001EPSS
Check Point Quantum Security Gateways Information Disclosure Vulnerability
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several...
8.6CVSS
8.2AI Score
0.945EPSS
Check Point Quantum Gateway Directory Traversal (Direct Check)
A directory traversal vulnerability exists in Checkpoint Security Gateways with the IPsec VPN or Mobile Access software blades enabled. An unauthenticated attacker can exploit this issue to read certain information on Internet-connected Gateways with remote access VPN or mobile access...
8.6CVSS
6.8AI Score
0.945EPSS
New Generative AI category added to Talos reputation services
Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...
6.8AI Score
Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access...
6.7AI Score
EPSS
Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access...
6.9AI Score
EPSS
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...
7.6CVSS
6.7AI Score
0.0004EPSS
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...
7.6CVSS
7.3AI Score
0.0004EPSS
Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...
9.8CVSS
9.8AI Score
0.001EPSS
How to turn off location tracking on iOS and iPadOS
On iOS and iPadOS, location services are typically turned on when you first set up your device. However, there may be reasons why you don’t want your device to be located, perhaps because you don’t want to be found but need to keep the device with you. There are a few options to hide your location....
7AI Score