Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before...
7.1CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before...
5.4CVSS
0.0004EPSS
Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before...
7.1CVSS
6.9AI Score
0.0004EPSS
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April...
7.4AI Score
Exploring Weaknesses in Private 5G Networks
Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external...
7.5AI Score
Which DevOps Skills are the Hardest to Learn?
DevOps professionals face expansive challenges, from learning complex technologies to developing and honing interpersonal skills. Read on to discover some of the most difficult skills the role...
7.4AI Score
[slackware-security] Slackware 15.0 kernel
New kernel packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.139/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel...
9.1CVSS
7.6AI Score
EPSS
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host's resources to mine...
9.8CVSS
9.8AI Score
0.964EPSS
k-online.com Cross Site Scripting vulnerability OBB-3789501
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.3AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.325.5.el7] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...
7CVSS
8AI Score
0.0004EPSS
Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...
5.9CVSS
6.8AI Score
0.001EPSS
Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...
5.9CVSS
6AI Score
0.001EPSS
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency...
9.8CVSS
7.4AI Score
0.964EPSS
LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into...
8.1AI Score
json-web-token library is vulnerable to a JWT algorithm confusion attack
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To.....
7.5CVSS
7.6AI Score
0.0005EPSS
json-web-token library is vulnerable to a JWT algorithm confusion attack
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To.....
7.5CVSS
7.6AI Score
0.0005EPSS
Ransomware gang files SEC complaint about victim
In what seems to be a new twist on the ransomware theme, the notorious ALPHV/BlackCat ransomware group has filed a complaint with the US Securities and Exchange Commission (SEC) about the software company MeridianLink. ALPHV is one of the most active ransomware-as-a-service (RaaS) operators and...
7.5AI Score
ALPHV/BlackCat Take Extortion Public
Learn more about ALPHV filing a complaint with the Security and Exchange Commission (SEC) against their victim, which appears to be an attempt to influence MeridianLink to pay the ransom sooner than...
7.3AI Score
Email Security Best Practices for Phishing Prevention
Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber...
6.9AI Score
SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This...
9.8AI Score
Adobe Acrobat Reader Thermometer use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1794 Adobe Acrobat Reader Thermometer use-after-free vulnerability November 15, 2023 CVE Number CVE-2023-44336 SUMMARY A use-after-free vulnerability exists in the Thermometer Javascript object in Adobe Acrobat Reader 2023.001.20174. Specially crafted...
7.8CVSS
7.9AI Score
0.004EPSS
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...
7.5CVSS
7.8AI Score
0.001EPSS
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...
7.5CVSS
7AI Score
0.001EPSS
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI...
7.5AI Score
100 Quarters of Profitability: Insights from a Trender
Learn what 100 straight quarters of profitability means to a Trender who has been here for every one of...
7.3AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through...
6.1CVSS
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through...
7.1CVSS
6.2AI Score
0.0005EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through...
6.1CVSS
7AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through...
7.1CVSS
7AI Score
0.0005EPSS
New Ransomware Group Emerges with Hive's Source Code and Infrastructure
The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision.....
7.5AI Score
Hades-C2 - Hades Basic Command And Control Server
Hades is a basic Command & Control server built using Python. It is currently extremely bare bones, but I plan to add more features soon. Features are a work in progress currently. This is a project made (mostly) for me to learn Malware Development, Sockets, and C2 infrastructure setups....
7.5AI Score
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of...
7.5AI Score
Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)
In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these...
9.8CVSS
10AI Score
0.973EPSS
Nextcloud: RCE on Wordpress website
There is a trivial to exploit Remote Code Execution on nextcloud.com due to unserializing user input. Proof of concept The following command will execute the system('id') command on the host. As gadget chain I've used Monolog which is included in the PodLove WordPress plugin used on...
8.5AI Score
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its...
10CVSS
9.7AI Score
0.966EPSS
Vinchin Backup and Recovery Command Injection
This module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0., v6.0., v6.7., and v7.0.. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server...
8.4AI Score
Top 10 DevOps Blunders and How to Sidestep Them
Integrating the necessary DevOps practices, tools, and cultures in an organization is difficult, even for experts. Learn how to recognize these challenges and transform them into valuable lessons when navigating the world of...
7.3AI Score
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session...
7.2AI Score
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current sudo Multiple Vulnerabilities (SSA:2023-311-01)
The version of sudo installed on the remote host is prior to 1.9.15. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-311-01 advisory. Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo...
8.1CVSS
7.6AI Score
0.001EPSS
Enough Polynomials and Linear Algebra to Implement Kyber
I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...
6.6AI Score
Offensive and Defensive AI: Let's Chat(GPT) About It
ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date. The extremely popular...
7AI Score
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described....
7.8CVSS
7.5AI Score
0.214EPSS
Implementing Zero Trust: 5 Key Considerations
When implementing a Zero Trust strategy and selecting a solution to safeguard your company against cyber risk, there are many factors to consider. Five key areas include Visibility and Analytics, Automation and Orchestration, Central Management, Analyst Experience, and Pricing Flexibility and...
7.2AI Score
Zero Day Threat Protection for Your Network
Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and...
7.4AI Score
Securing Cloud Infrastructure Demands a New Mindset
Rising attacks on cloud infrastructure and services have created a ‘shared fate’ scenario for cloud providers and users, where a successful breach means everybody loses. Fresh thinking and closer collaboration can help avoid that outcome and better protect public cloud...
7.2AI Score
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Ansible Playbook to Mitigate CVE-2023-46747 K000137353:...
9.8CVSS
10AI Score
0.972EPSS
sudo-rs: Path Traversal vulnerability
Impact An issue was discovered where usernames containing the . and / characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example....
8.1CVSS
7.2AI Score
0.001EPSS
Cve-Collector - Simple Latest CVE Collector
Simple Latest CVE Collector Written in Python There are various methods for collecting the latest CVE (Common Vulnerabilities and Exposures) information. This code was created to provide guidance on how to collect, what information to include, and how to code when creating a CVE collector. The...
9.8CVSS
7.6AI Score
0.001EPSS
Malvertising via Dynamic Search Ads delivers malware bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating one. Today, we look at a different scenario where, as strange as that may sound, malvertising was entirely accidental. The reason this happened was due to the...
7AI Score
k-schuessler.de Improper Access Control vulnerability OBB-3767583
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.6AI Score