Summary IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable to CVE-2023-42282. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker...
9.8CVSS
8.1AI Score
0.001EPSS
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...
9CVSS
9AI Score
0.005EPSS
Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today....
9CVSS
10AI Score
EPSS
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft...
8.8CVSS
9.2AI Score
0.004EPSS
8.4CVSS
8.4AI Score
0.0004EPSS
8.4CVSS
9AI Score
0.0004EPSS
8.4CVSS
6.9AI Score
0.0004EPSS
8.4CVSS
8.6AI Score
0.0004EPSS
April 9, 2024—KB5036892 (OS Builds 19044.4291 and 19045.4291)
April 9, 2024—KB5036892 (OS Builds 19044.4291 and 19045.4291) 03/12/24 IMPORTANT The following editions of Windows 10, version 21H2 will reach end of service on June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that date, these....
8.8CVSS
7.3AI Score
0.004EPSS
8.4CVSS
7.3AI Score
0.0004EPSS
KLA65507 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...
9CVSS
9.2AI Score
0.001EPSS
Linux kernel on Intel systems is susceptible to Spectre v2 attacks
Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection (BHI) are likely affected. An unauthenticated.....
6.5CVSS
6.8AI Score
EPSS
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper when....
7.5AI Score
CISA Known Exploited Vulnerability Catalog March 2024
Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and...
7.5AI Score
CISA Known Exploited Vulnerability Catalog March 2024
For a detailed CISA's KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV...
7.5AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
What’s New in Rapid7 Products & Services: Q1 2024 in Review
We kicked off 2024 with a continued focus on bringing security professionals (which if you're reading this blog, is likely you!) the tools and functionality needed to anticipate risks, pinpoint threats, and respond faster with confidence. Below we’ve highlighted some key releases and updates from.....
9.8CVSS
8.3AI Score
0.972EPSS
Attack Surface Management vs. Vulnerability Management
Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they're not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while...
7.2AI Score
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-3226 Campcodes Online Patient Record Management System login.php sql injection
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.8AI Score
0.0004EPSS
Wizards of security, casting spells on themselves for ultimate digital security
Wiz practices what it preaches. Let’s look at how the security team at Wiz uses the power of the Wiz platform to monitor all its cloud-based infrastructure and...
7.3AI Score
Key Insights from the NCSC’s Vulnerability Management Guidance
In a world increasingly surrounded by cyber threats, the UK's National Cyber Security Centre (NCSC) offers vital guidance on Vulnerability Management, providing clear and actionable advice for tackling cyber threats. Their recommendations are essential for organizations to understand and mitigate.....
7.9AI Score
Harnessing the Power of CTEM for Cloud Security
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What's more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud...
7.2AI Score
Security Bulletin: Netcool Operations Insights 1.6.12 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.12 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-25883 DESCRIPTION: **Node.js semver package is vulnerable to a...
10CVSS
10AI Score
0.732EPSS
7.4AI Score
EPSS
7.2AI Score
EPSS
7.2AI Score
EPSS
[SECURITY] [DLA 3778-1] libvirt security update
Debian LTS Advisory DLA-3778-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 01, 2024 https://wiki.debian.org/LTS Package : libvirt Version : 5.0.0-4+deb10u2 CVE ID :...
6.7CVSS
8AI Score
0.004EPSS
Detecting Windows-based Malware Through Better Visibility
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national...
7AI Score
Debian dla-3778 : libnss-libvirt - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3778 advisory. A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage...
6.7CVSS
7.4AI Score
0.004EPSS
SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting
Description The SEO Backlink Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
7.1CVSS
6.5AI Score
0.0004EPSS
7.4AI Score
Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when...
6.6AI Score
0.0004EPSS
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message.....
4.3CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message.....
4.3CVSS
4.4AI Score
0.0004EPSS
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message.....
4.3CVSS
4.7AI Score
0.0004EPSS
MFA bombing taken to the next level
Simply put, MFA bombing (also known as “push bombing” or “MFA fatigue”) is a brute force attack on your patience. Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication (MFA). MFA normally requires a user to enter a six-digit code sent by SMS, or...
7.4AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through...
7.6CVSS
7.9AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through...
7.6CVSS
7.6AI Score
0.0004EPSS
CVE-2024-30501 WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
Behind the Scenes: The Art of Safeguarding Non-Human Identities
In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are....
7.4AI Score
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product (CVE-2023-42017). This vulnerability has been addressed. IBM Planning...
9.8CVSS
10AI Score
EPSS
INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data
By Waqas As seen by Hackread.com, the INC ransomware gang claims to have obtained patient records as part of their cyberattack. This is a post from HackRead.com Read the original post: INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient...
7.2AI Score
Meta to abandon social media tracking tool CrowdTangle
On 14 March, Meta announced it would abandon CrowdTangle, saying the tool will no longer be available after August 14, 2024. While most people have never heard of CrowdTangle, among journalists the tool is considered essential. Its popularity largely depends on the ability to monitor social media.....
7.2AI Score
Security Bulletin: Enterprise Content Manager System Monitor For March 2024 - Multiple CVE adressed
Summary Enterprise Content Manager System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
9.8CVSS
8AI Score
0.007EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through...
7.1CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
OpenNMS Horizon 31.0.7 Remote Command Execution Exploit
This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For...
8.2CVSS
8.3AI Score
0.0004EPSS