Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
BlackCat Ransomware Raises Ante After FBI Disruption
The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released a decryption tool that hundreds of victim.....
7.3AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....
5.9CVSS
6.5AI Score
0.963EPSS
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....
5.9CVSS
5.7AI Score
0.963EPSS
Summary AsyncSSH v2.14.1 and earlier is vulnerable to a novel prefix truncation attack (a.k.a. Terrapin attack), which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation (RFC8308) in the process and.....
7.4AI Score
Summary AsyncSSH v2.14.1 and earlier is vulnerable to a novel prefix truncation attack (a.k.a. Terrapin attack), which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation (RFC8308) in the process and.....
7.4AI Score
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure...
5.9CVSS
6.3AI Score
0.963EPSS
QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry
A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume...
7.2AI Score
Chrome starts the countdown to the end of tracking cookies
Google has announced that it will start rolling its Chrome web browser's new Tracking Protection feature from January of 2024. Tracking Protection is part of Google’s Privacy Sandbox initiative to phase out third-party cookies. The Tracking Protection feature aims to disable third-party cookies...
7.1AI Score
Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft
Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a...
8AI Score
ALPHV ransomware gang returns, sorta
The ALPHV ransomware gang, arguably the second most dangerous "big game" ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHV's dark web leak site may be back but it is only showing a single.....
7.4AI Score
Imperva Detects Undocumented 8220 Gang Activities
Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux web servers with cryptojacking malware. In...
10CVSS
10AI Score
0.976EPSS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.5AI Score
0.732EPSS
HackerOne: How the Arch Angel stole Live Events
Summary: I figured I'm well overdue for this. Looking forward to the 2024 LHE season! I <3 you Hackerone, & Community Team! Description: ``` Every hacker on Hackerone liked Live Hacking a lot… But ArchAngel who’d been to fifteen did NOT! The Angel hated hacking! The whole live event season! Now,...
7.2AI Score
Ransomware review: December 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
7.5CVSS
8.6AI Score
0.971EPSS
OpenNMS Horizon Authenticated RCE
This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions...
8.2CVSS
8.3AI Score
0.0004EPSS
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
6.5CVSS
6.4AI Score
0.0005EPSS
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
6.5CVSS
0.0005EPSS
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
6.5CVSS
6.8AI Score
0.0005EPSS
CVE-2023-6660 NFS client data corruption and kernel memory disclosure
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
6.6AI Score
0.0005EPSS
Unbreakable Enterprise kernel security update
[5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi:...
8.8CVSS
8.8AI Score
0.024EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8eefff69-997f-11ee-8e38-002590c1f29c advisory. In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the performance of...
6.5CVSS
6.5AI Score
0.0005EPSS
Non-Human Access is the Path of Least Resistance: A 2023 Recap
2023 has seen its fair share of cyber attacks, however there's one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ever-growing ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only...
7.1AI Score
Intercepting MFA. Phishing and Adversary in The Middle attacks
3 of my last 5 business email compromise investigations have involved an Adversary in The Middle (AiTM) attack. Even the more security-aware people with bolstered Microsoft 365 (M365) configurations are coming up blank as to how their comprehensive MFA policies have been bypassed. It’s a technique....
7.7AI Score
FreeBSD -- NFS client data corruption and kernel memory disclosure
Problem Description: In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the performance of IO_APPEND writes, that is, writes which add data to the end of a file and so extend its size. This uncovered an old bug in some routines which copy userspace data into the...
6.5CVSS
6.8AI Score
0.0005EPSS
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:18.nfsclient Security Advisory The FreeBSD Project Topic: NFS client data corruption and kernel memory disclosure Category: core Module: nfsclient Announced:.....
6.5CVSS
7.4AI Score
0.0005EPSS
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Cisco Talos recently discovered a new campaign conducted by the Lazarus Group we're calling "Operation Blacksmith," employing at least three new DLang-based malware families, two of which are remote access trojans (RATs), where one of these uses Telegram bots and channels as a medium of command...
10CVSS
10AI Score
0.976EPSS
Story of the year: the impact of AI on cybersecurity
In the whirlwind of technological advancements and societal transformations, the term "AI" has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly...
7.7AI Score
Popup Builder < 4.2.3 - Unauthenticated Stored XSS
Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. PoC 1) Create a popup using the plugin 2) Run the following curl command, switching $POPUPID with that popup's ID: ``` curl --url...
6.1CVSS
8.7AI Score
0.0005EPSS
Popup Builder < 4.2.3 - Unauthenticated Stored XSS
Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS...
6.1CVSS
9AI Score
0.0005EPSS
Multiple re-entrancy issues allowing stealing of funds and bypassing protocol mint limits
Lines of code https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L196-L254 Vulnerability details Impact Multiple re-entrancy issues exist in the codebase, that break core functionality and allow stealing of user funds. In.....
7AI Score
Unwrap Fee Rounding Down: Revenue Loss, User Unfairness, and Reduced Confidence
Lines of code Vulnerability details Impact The issue with the unwrap fee rounding down can have several detrimental impacts on the Ocean protocol: Revenue Loss: Due to rounding down, the contract loses out on potential unwrap fees, particularly for smaller unwrap amounts. This can significantly...
7.2AI Score
Security Analysis of a Thirteenth-Century Venetian Election Protocol
Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is.....
7.4AI Score
Cueing up a calculator: an introduction to exploit development on Linux
In this follow-up to my previous blog post, I'll explain how to exploit CVE-2023-43641 (a memory corruption vulnerability in libcue) to create a reliable 1-click RCE on Ubuntu 23.04 and Fedora 38. I have also published the source code of the proof of concept. To quickly recap the previous blog...
8.8CVSS
8.1AI Score
0.014EPSS
ICANN Launches Service to Help With WHOIS Lookups
More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and...
7.1AI Score
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare
As Russia's invasion of Ukraine entered its first winter in late 2022, nearly half of Ukraine's energy infrastructure had been destroyed, leaving millions without power. The resulting energy deficit has exacerbated something that hasn't had much media attention: The effects of electronic GPS...
6.9AI Score
Social media giants to testify over failing to protect kids
US senators have urgently invited the CEOs of five of the major social media giants to testify about their failure to protect children online. The Senate Judiciary Committee said it will hear from Meta CEO Mark Zuckerberg, X (formerly Twitter) CEO Linda Yaccarino, TikTok CEO Shou Zi Chew, Snap CEO....
7.2AI Score
Ruby: DoS in bigdecimal's sqrt function due to miscalculation of loop iterations
Vulnerability Affected Product: bigdecimal extension in https://github.com/ruby/ruby Affected Versions: At least version 3.2.2, I didn't test any previous versions The current implementation of BigDecimal#sqrt in ext/bigdecimal/bigdecimal.c erroneously checks its parameter and allows users of the.....
7AI Score
Amazon Linux 2 : glibc (ALAS-2023-2371)
The version of glibc installed on the remote host is prior to 2.26-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2371 advisory. The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the...
9.8CVSS
9.3AI Score
0.017EPSS
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Amazon Linux 2 : jettison (ALAS-2023-2363)
The version of jettison installed on the remote host is prior to 1.3.3-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2363 advisory. Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser...
7.5CVSS
8.4AI Score
0.002EPSS
Exploit for Command Injection in Dlink Go-Rt-Ac750 Firmware
CVE-2023-48842 Source : D-Link Go-RT-AC750 revA_v101b03...
9.8CVSS
10AI Score
0.007EPSS