Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang #!/bin/zsh is being used.....
7.3CVSS
7.3AI Score
0.0004EPSS
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang #!/bin/zsh is being used.....
7.3CVSS
7.3AI Score
0.0004EPSS
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang #!/bin/zsh is being used.....
7.3CVSS
7.5AI Score
0.0004EPSS
Not everything has to be a massive, global cyber attack
Some of my Webex rooms recently have been blowing up with memes about blaming Canada or wild speculation that a state-sponsored actor is carrying out some sort of major campaign. After a widespread outage of cellular service with AT&T and other carriers a few weeks ago, people were sure it was...
6.8AI Score
0.0004EPSS
LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ)...
7.1AI Score
9.8CVSS
7.4AI Score
0.972EPSS
Malwarebytes Premium blocks 100% of malware during external AVLab test
Malwarebytes Premium earned a perfect score in the latest AVLab Cybersecurity Foundation “Advanced In-The-Wild Malware Test,” catching and stopping 100% of malware samples, outperforming multiple competitors in the field, and continuing a longstanding tradition of proven, perfect protection for...
7.1AI Score
PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app's icon from the home screen of the victim's device, IBM said...
7.4AI Score
Leading EV Charging Firm Spills Trove of Customer Info in Server Leak
By Waqas A massive data leak (585.81 GB) exposed customer information at Qmerit, including home images, charger locations, and potentially… This is a post from HackRead.com Read the original post: Leading EV Charging Firm Spills Trove of Customer Info in Server...
7AI Score
8.8CVSS
9.2AI Score
0.001EPSS
March 12, 2024—KB5035919 (Security-only update)
March 12, 2024—KB5035919 (Security-only update) Reminder As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see Update that enables...
8.8CVSS
6.8AI Score
0.001EPSS
March 12, 2024—KB5035933 (Security-only update)
March 12, 2024—KB5035933 (Security-only update) Reminder Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended Security...
8.8CVSS
6.8AI Score
0.001EPSS
March 12, 2024—KB5035885 (Monthly Rollup)
March 12, 2024—KB5035885 (Monthly Rollup) IMPORTANT If you plan to install this update on a domain controller (DC), we highly recommend that you install update KB5037426 instead (March 22, 2024). This out-of-band update addresses a known issue that affects the Local Security Authority Subsystem...
8.8CVSS
7.2AI Score
0.001EPSS
March 12, 2024—KB5035853 (OS Builds 22621.3296 and 22631.3296)
March 12, 2024—KB5035853 (OS Builds 22621.3296 and 22631.3296) 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session editions....
8.8CVSS
7.7AI Score
0.001EPSS
March 12, 2024—KB5035930 (Monthly Rollup)
March 12, 2024—KB5035930 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only....
8.8CVSS
6.7AI Score
0.001EPSS
March 12, 2024—KB5035845 (OS Builds 19044.4170 and 19045.4170)
March 12, 2024—KB5035845 (OS Builds 19044.4170 and 19045.4170) NEW 03/12/24 IMPORTANT The following editions of Windows 10, version 21H2 will reach end of service on June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that date,.....
8.8CVSS
7.7AI Score
0.001EPSS
March 12, 2024—KB5035920 (Monthly Rollup)
March 12, 2024—KB5035920 (Monthly Rollup) Reminder Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended Security Updates for....
8.8CVSS
6.8AI Score
0.001EPSS
March 12, 2024—KB5035888 (Monthly Rollup)
March 12, 2024—KB5035888 (Monthly Rollup) Reminder As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see Update that enables you to...
8.8CVSS
6.8AI Score
0.001EPSS
The big play of autonomous vehicles
TL;DR The benefits of autonomous vehicles may not yet be for us consumers There are other areas where autonomy can benefit auto manufacturers and others Having your autonomous car drive you home from the bar may be some way off yet! Car manufacturers and technology startups make a big play of...
7.1AI Score
Tổng quan CVE-2022-21445 (điểm CVSS 9,8), lỗ hổng là sự giải...
9.8CVSS
7.4AI Score
0.007EPSS
Tổng quan CVE-2022-21445 (điểm CVSS 9,8), lỗ hổng là sự giải...
9.7AI Score
EPSS
KB5035966: Servicing stack update for Windows 10: March 12, 2024
KB5035966: Servicing stack update for Windows 10: March 12, 2024 REMINDER Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise LoT editions. After April 9, 2019, these devices are no longer offered...
6.8AI Score
Stable Channel Update for Desktop
The Stable channel has been updated to 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 122.0.6261.129 for Windows and...
7.4AI Score
0.0004EPSS
KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024
KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024 REMINDER Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates. Windows...
6.9AI Score
Going viral shouldn’t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06
This week on the Lock and Code podcast… A disappointing meal at a restaurant. An ugly breakup between two partners. A popular TV show that kills off a beloved, main character. In a perfect world, these are irritations and moments of vulnerability. But online today, these same events can sometimes.....
7.4AI Score
SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names. LFI for Lateral Movement? Gain SSH Access? ?file=../../../../../../../../home/user/.ssh/id_rsa ?file=../../../../../../../../home/user/.ssh/id_rsa-cert SSH Private Key...
7.2AI Score
A Close Up Look at the Consumer Data Broker Radaris
If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the...
6.6AI Score
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to...
2.4CVSS
3.3AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to...
2.4CVSS
3.7AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to...
2.4CVSS
6.5AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to...
2.4CVSS
3.7AI Score
0.0004EPSS
It's that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams. These are something that pop up every year through email, texts, phone calls and even physical mail -- phony...
7AI Score
The 3 most common post-compromise tactics on network infrastructure
We've been discussing networking devices quite a lot recently and how Advanced Persistent Threat actors (APTs) are using highly sophisticated tactics to target aging infrastructure for espionage purposes. Some of these attacks are also likely prepositioning the APTs for future disruptive or...
8.3AI Score
The year in figures 45.60% of all email sent worldwide and 46.59% of all email sent in the Runet (the Russian web segment) was spam 31.45% of all spam email was sent from Russia Kaspersky Mail Anti-Virus blocked 135,980,457 malicious email attachments Our Anti-Phishing system thwarted 709,590,011.....
7.8CVSS
7.3AI Score
0.974EPSS
7.4AI Score
Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1887 Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability March 7, 2024 CVE Number CVE-2023-48725 SUMMARY A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear...
7.2CVSS
7.2AI Score
0.0005EPSS
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...
6.5CVSS
5.8AI Score
0.0004EPSS
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...
6.5CVSS
6.1AI Score
0.0004EPSS
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...
6.5CVSS
6.7AI Score
0.0004EPSS
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...
6.5CVSS
5.8AI Score
0.0004EPSS
CVE-2024-27287 ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...
6.5CVSS
6.4AI Score
0.0004EPSS
ALPHV ransomware gang fakes own death, fools no one
For the second time in only four months, all is not well on the ALPHV (aka BlackCat) ransomware gang's dark web site. Gone are the lists of compromised victims. In their place, a veritable garden of law enforcement badges has sprouted beneath the ominous message "THIS WEBSITE HAS BEEN SEIZED." The....
7.6AI Score
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Summary Edit configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves unsanitized data with “Content-Type: text/html; charset=UTF-8”, allowing remote authenticated user to inject arbitrary web script and exfiltrate...
6.5CVSS
5.7AI Score
0.0004EPSS
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Summary Edit configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves unsanitized data with “Content-Type: text/html; charset=UTF-8”, allowing remote authenticated user to inject arbitrary web script and exfiltrate...
6.5CVSS
5.6AI Score
0.0004EPSS
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home...
7.5CVSS
6.7AI Score
0.001EPSS
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero...
4.8CVSS
7AI Score
0.001EPSS
Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
7.5CVSS
7.1AI Score
0.001EPSS
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the....
4.7CVSS
6.6AI Score
0.0004EPSS
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded.....
5.5CVSS
6.1AI Score
0.0004EPSS
BIT-jupyter-notebook-2022-29238
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allow_hidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files....
4.3CVSS
6.9AI Score
0.001EPSS