RHEL 7 : dbus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour ...
8AI Score
0.002EPSS
New Attack Against Self-Driving Car AI
This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...
7AI Score
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as.....
6.8AI Score
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team....
9.8CVSS
7.1AI Score
0.975EPSS
How AI enhances static application security testing (SAST)
In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%). As their teams "shift left" and integrate security checks earlier into the software development lifecycle (SDLC), developers have become the...
7.8AI Score
DocGo patient health data stolen in cyberattack
Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain...
7.7AI Score
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....
7.7AI Score
In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential.....
7.6AI Score
GLSA-202405-29 : Node.js: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-29 (Node.js: Multiple Vulnerabilities) The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774) A flaw was found in c-ares library, where a missing input validation check of...
9.8CVSS
9.4AI Score
EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
9.8CVSS
9.9AI Score
0.1EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
9.8CVSS
9.6AI Score
0.005EPSS
Exploits and vulnerabilities in Q1 2024
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....
8.9AI Score
0.972EPSS
CISA Known Exploited Vulnerability Catalog April 2024
Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and...
7.5AI Score
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system...
5.5CVSS
5.3AI Score
0.0004EPSS
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system...
5.5CVSS
6.5AI Score
0.0004EPSS
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system...
5.5CVSS
5.6AI Score
0.0004EPSS
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system...
5.5CVSS
6.6AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-22262 DESCRIPTION: **VMware Tanzu Spring...
9.8CVSS
9.8AI Score
0.024EPSS
Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-25658 DESCRIPTION: **TensorFlow is vulnerable to a denial of...
9.8CVSS
9AI Score
0.002EPSS
New capabilities to help you secure your AI transformation
AI is transforming our world, unlocking new possibilities to enhance human abilities and to extend opportunities globally. At the same time, we are also facing an unprecedented threat landscape with the speed, scale, and sophistication of attacks increasing rapidly. To meet these challenges, we...
7.4AI Score
Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries
A command line Windows API tracing tool for Golang binaries. Note: This tool is a PoC and a work-in-progress prototype so please treat it as such. Feedbacks are always welcome! How it works? Although Golang programs contains a lot of nuances regarding the way they are built and their behavior in...
7.1AI Score
It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs
Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like.....
7.1AI Score
A week in security (April 29 – May 5)
Last week on Malwarebytes Labs: You get a passkey, you get a passkey, everyone should get a passkey Dropbox Sign customer data accessed in breach Watch out for tech support scams lurking in sponsored search results Psychotherapy practice hacker gets jail time after extorting patients, publishing...
7.2AI Score
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...
5.9AI Score
Security above all else—expanding Microsoft’s Secure Future Initiative
Last November, we launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to...
7.8AI Score
Healthcare Needs To Be Laser-Focused on API Security and Its Blind Spots
API-powered tools can enhance patient access to healthcare services, but these tools also introduce risk. Learn how to protect your...
7.2AI Score
[10.0.0-6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6] - qemu: virtiofs: do not crash if cgroups are missing (RHEL-7386) - qemu: virtiofs: set correct label when creating the socket (RHEL-7386) - qemu: virtiofs: error out if getting the group or user name fails...
5CVSS
7.3AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses Apache Tomcat which is vulnerable to CVE-2024-24549 and CVE-2024-23672. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-24549 DESCRIPTION: **Apache Tomcat is vulnerable...
7.8AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Compress which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons...
8.1CVSS
5.8AI Score
0.001EPSS
What can we learn from the passwords used in brute-force attacks?
Brute force attacks are one of the most elementary cyber threats out there. Technically, anyone with a keyboard and some free time could launch one of them -- just try a bunch of different username and password combinations on the website of your choice until you get blocked. Nick Biasini and I...
7.6AI Score
Agentless FIM for Detecting Network Configuration Changes
Dealing with multiple network administrators making frequent configuration changes with a monitoring solution that provides insights into device change without causing resource constraints. The performance and capabilities of a network device are entirely dependent upon its configuration settings.....
7.2AI Score
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when....
4.3CVSS
5.9AI Score
0.0004EPSS
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when....
4.3CVSS
4.5AI Score
0.0004EPSS
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when....
4.3CVSS
6.1AI Score
0.0004EPSS
CVE-2024-34061 Reflected cross site scripting in changedetection.io
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when....
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-34061 Reflected cross site scripting in changedetection.io
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when....
4.3CVSS
6.1AI Score
0.0004EPSS
Qualys Launches MSSP Portal to Empower Managed Security Service Providers
In the words of Sun Tzu, 'In the midst of chaos, there is also opportunity.' This aptly captures the essence of today's cybersecurity landscape. Managed Security Service Providers (MSSPs) stand at the forefront, turning chaos into opportunity by securing digital assets across the entire...
7.3AI Score
When is One Vulnerability Scanner Not Enough?
Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability.....
7.1AI Score
kernel security, bug fix, and enhancement update
[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...
9.8CVSS
7.5AI Score
0.003EPSS
[8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] -...
7CVSS
7.8AI Score
0.002EPSS
Man Who Mass-Extorted Psychotherapy Patients Gets Six Years
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...
7.4AI Score
FBI warns online daters to avoid “free” online verification schemes that prove costly
The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information.....
6.9AI Score
Considerations for Operational Technology Cybersecurity
Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT...
7.6AI Score
Pouring Acid Rain By Max Kersten · April 30, 2024 In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. Their ongoing shows that wipers have.....
7.7AI Score
Nessus Network Monitor < 6.4.0 Multiple Vulnerabilities (TNS-2024-07)
According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-07 advisory. Nessus Network Monitor leverages third-party software to help provide underlying...
6.5CVSS
7.4AI Score
0.001EPSS
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to...
6.7AI Score
0.0004EPSS
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to...
6.5AI Score
0.0004EPSS
[R1] Nessus Network Monitor 6.4.0 Fixes Multiple Vulnerabilities
[R1] Nessus Network Monitor 6.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 04/29/2024 - 11:40 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components (hyperscan, curl and c-ares) were found to contain...
7.6AI Score
China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox...
7AI Score
Kaiser health insurance leaked patient data to advertisers
Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications,....
7AI Score