(RHSA-2024:3566) Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 7
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.9 on RHEL 7 serves as a replacement for Red Hat Single Sign-On.....
6.3AI Score
0.0004EPSS
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated...
6.8AI Score
EPSS
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated...
7.4AI Score
EPSS
PCI DSS 4.0: Get Audit-Ready for the New Requirements
The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...
7.6AI Score
Summary Vulnerabilities contained within OpenSSL (a 3rd party component) were addressed in the IBM MaaS360 VPN Module. Vulnerabilities contained within Netty, Spring Framework and Eclipse Jetty (3rd party components) were addressed in the IBM MaaS360 Mobile Enterprise Gateway (MEG) Module. ...
8.1CVSS
7.3AI Score
0.002EPSS
WhatsApp cryptocurrency scam goes for the cash prize
This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has...
7.3AI Score
CVE-2024-24919-PoC ![Screenshot of the exploit...
8.6CVSS
8.8AI Score
0.945EPSS
CVE-2024-24919-Exploit Overview This repository contains...
8.6CVSS
6.1AI Score
0.945EPSS
Active Exploits target Check Point Security Gateway Zero-Day Information Disclosure flaw Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On...
8.6CVSS
6.3AI Score
0.945EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU...
8.4CVSS
7.3AI Score
0.001EPSS
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management...
7.5CVSS
6.9AI Score
0.0005EPSS
transient DOS when setting up a fence callback to free a KGSL memory entry object during...
6.2CVSS
7.2AI Score
0.0004EPSS
8.2CVSS
7.1AI Score
0.001EPSS
9.3CVSS
6.8AI Score
0.001EPSS
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode...
9.1CVSS
7AI Score
0.001EPSS
Memory corruption when IPC callback handle is used after it has been released during register callback by another...
6.7CVSS
7.5AI Score
0.0004EPSS
Memory corruption while copying a keyblobs material when the key materials size is not accurately...
7.8CVSS
7.1AI Score
0.0004EPSS
Memory corruption when more scan frequency list or channels are sent from the user...
6.7CVSS
7.5AI Score
0.0004EPSS
Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph...
6.7CVSS
7.3AI Score
0.0004EPSS
9.3CVSS
7AI Score
0.001EPSS
6.5CVSS
7.1AI Score
0.0005EPSS
IT threat evolution in Q1 2024. Mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most...
7.9AI Score
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...
7.8CVSS
6AI Score
0.003EPSS
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
RHEL 7 : Red Hat Single Sign-On 7.6.9 security update on RHEL 7 (Low) (RHSA-2024:3566)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3566 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
6.8AI Score
0.0004EPSS
RHEL 8 : Red Hat Single Sign-On 7.6.9 security update on RHEL 8 (Low) (RHSA-2024:3567)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3567 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
7.1AI Score
0.0004EPSS
RHEL 9 : Red Hat Single Sign-On 7.6.9 security update on RHEL 9 (Low) (RHSA-2024:3568)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3568 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
RHEL 7 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
6.8CVSS
7.5AI Score
0.009EPSS
RHEL 6 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
6.8CVSS
8.7AI Score
0.009EPSS
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
8.5AI Score
0.945EPSS
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
6AI Score
0.945EPSS
Online Payment Hub System 1.0 SQL Injection Vulnerability
Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
6AI Score
0.0004EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
5.9AI Score
0.0004EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
5.9AI Score
0.0004EPSS
Check Point Security Gateway Arbitrary File Read
This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...
8.6CVSS
7.4AI Score
0.945EPSS
Popup Builder < 4.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS
Description The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.7AI Score
0.0004EPSS
7.4AI Score
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
9.8CVSS
7.4AI Score
0.001EPSS
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to....
8.6CVSS
8.8AI Score
0.945EPSS
CVE-2024-24919: Check Point Security Gateway Information Disclosure
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a...
8.6CVSS
6.9AI Score
0.945EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.8CVSS
10AI Score
0.035EPSS
The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied...
7.2CVSS
7.1AI Score
0.001EPSS
Check Point Quantum Gateway - Information Disclosure
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...
8.6CVSS
8.3AI Score
0.945EPSS
Check Point Quantum Security Gateways Information Disclosure Vulnerability
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several...
8.6CVSS
8.2AI Score
0.945EPSS
Check Point Quantum Gateway Directory Traversal (Direct Check)
A directory traversal vulnerability exists in Checkpoint Security Gateways with the IPsec VPN or Mobile Access software blades enabled. An unauthenticated attacker can exploit this issue to read certain information on Internet-connected Gateways with remote access VPN or mobile access...
8.6CVSS
6.8AI Score
0.945EPSS
How to turn off location tracking on iOS and iPadOS
On iOS and iPadOS, location services are typically turned on when you first set up your device. However, there may be reasons why you don’t want your device to be located, perhaps because you don’t want to be found but need to keep the device with you. There are a few options to hide your location....
7AI Score
2024 Cybersecurity Trends: What’s Observable Already?
2024 has already witnessed a staggering number of cyber incidents, with over 29.5 billion records breached across 4,645 publicly disclosed incidents in January alone, according to the IT Governance Security Spotlight. Moreover, CVEs are growing significantly year over year, with 13% growth from...
7.4AI Score