This Week in Spring - October 10th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! Last week I was in Antwerp, Belgium, for the amazing Devoxx Belgium event, and this week I've been in Amsterdam for the SpringOne Tour Amsterdam stop and - in the middle of the SpringOne Tour Amsterdam event - I dipped out to.....
6.7AI Score
‘Snatch’ Ransom Group Exposes Visitor IP Addresses
The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid...
6.9AI Score
Who’s Behind the 8Base Ransomware Website?
The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of.....
6.7AI Score
ThemeBleed exploit is another reason to patch Windows quickly
Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept (PoC) exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures....
8.8CVSS
7.4AI Score
0.905EPSS
Fedora: Security Advisory for rubygem-rails (FEDORA-2023-4f0bb4ff5e)
The remote host is missing an update for...
7.5AI Score
[SECURITY] Fedora 39 Update: rubygem-rails-7.0.7.2-1.fc39
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over...
7.6AI Score
Last March, just two weeks after GPT-4 was released, researchers at Microsoft quietly announced a plan to compile millions of APIs--tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room--into a compendium that would be made...
6.6AI Score
Zoom clarifies user consent requirement when training its AI
Changes in the terms of service (TOS) of the Zoom video-conferencing software have caused some turmoil. Since the pandemic, Zoom (Video Conferencing) has become a household name. Zoom came up as the big winner in the video conferencing struggle that enabled us to work from home. Now that things...
7AI Score
Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’
WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be...
7.1AI Score
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and...
7.8CVSS
7.9AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and...
7.8CVSS
7.8AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and...
7.8CVSS
7.9AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
7.8CVSS
7.8AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
7.8CVSS
7.8AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
7.8CVSS
7.9AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
7.8CVSS
7.9AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
7.8CVSS
7.9AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
7.8CVSS
7.9AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and...
8.2AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
8.2AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and...
8.2AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
8AI Score
0.001EPSS
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.8AI Score
0.001EPSS
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.9AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.8AI Score
0.001EPSS
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.8AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.8AI Score
0.001EPSS
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.6AI Score
0.001EPSS
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.5AI Score
0.001EPSS
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8CVSS
7.5AI Score
0.001EPSS
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
8.1AI Score
0.001EPSS
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
8.1AI Score
0.001EPSS
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may...
7.8AI Score
0.001EPSS
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of...
7AI Score
Service Rents Email Addresses for Account Signups
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying...
7.2AI Score
Fedora: Security Advisory for libssh (FEDORA-2023-5fa5ca2043)
The remote host is missing an update for...
6.5CVSS
8AI Score
0.001EPSS
[SECURITY] Fedora 37 Update: libssh-0.10.5-1.fc37
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...
6.5CVSS
7.3AI Score
0.001EPSS
Interview With a Crypto Scam Investment Spammer
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several...
6.8AI Score
ChatGPT: Cybersecurity friend or foe?
If you haven't heard about ChatGPT yet, perhaps you've just been thawed from cryogenic slumber or returned from six months off the grid. ChatGPT--the much-hyped, artificial intelligence (AI) chatbot that provides human-like responses from an enormous knowledge base--has been embraced practically...
7.1AI Score
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Plaintext Storage of a Password (CVE-2022-31205)
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. This plugin only works with Tenable.ot. Please visit...
8.7AI Score
0.002EPSS
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for...
9.1AI Score
0.002EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CXP...
7.8CVSS
6.8AI Score
0.002EPSS
Fedora: Security Advisory for libssh (FEDORA-2023-741d5f1fd3)
The remote host is missing an update for...
6.5CVSS
8AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: libssh-0.10.5-1.fc38
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...
6.5CVSS
7.3AI Score
0.001EPSS
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f8e8766974e7d3b55cae6c994c5db1430a00b75418500b55ce6336492915c633) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Research by computer scientists associated with the Universite du Quebec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou...
6.9AI Score
Fedora: Security Advisory for rubygem-rails (FEDORA-2023-7002afbbb8)
The remote host is missing an update for...
7.7AI Score
EPSS
[SECURITY] Fedora 37 Update: rubygem-rails-7.0.4.3-1.fc37
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over...
7.8AI Score
EPSS
Fedora: Security Advisory for rubygem-rails (FEDORA-2023-d6157bb1e2)
The remote host is missing an update for...
7.7AI Score
EPSS
[SECURITY] Fedora 38 Update: rubygem-rails-7.0.4.3-1.fc38
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over...
7.8AI Score
EPSS