22 matches found
EUVD-2024-29805
Malicious code in bioql PyPI...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations
Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected,...
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the...
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Summary The U.S. Federal Bureau of Investigation FBI and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea DPRK’s Reconnaissance General Bureau RGB 3rd Bureau based in Pyongyan...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
StoneFly Storage Concentrator Security Vulnerability
StoneFly Storage Concentrator is a storage concentrator virtual machine from StoneFly. A security vulnerability exists in StoneFly Storage Concentrator versions prior to 8.0.4.26 that stems from the presence of directory traversal, which could expose sensitive system information...
StoneFly Storage Concentrator Security Vulnerability
StoneFly Storage Concentrator is a storage concentrator virtual machine from StoneFly. A security vulnerability exists in StoneFly Storage Concentrator versions prior to 8.0.4.26, which originates from allowing remote authenticated users to achieve command injection via a Ping URL, which can lead...
PT-2024-24311 · Stonefly · Stonefly Storage Concentrator
Name of the Vulnerable Software and Affected Versions: StoneFly Storage Concentrator SC and SCVM versions prior to 8.0.4.26 Description: The issue allows directory traversal by authenticated users, potentially exposing sensitive system information. This can be achieved by using a crafted path...
PT-2024-23258 · Stonefly · Stonefly Storage Concentrator
Name of the Vulnerable Software and Affected Versions: StoneFly Storage Concentrator SC and SCVM versions prior to 8.0.4.26 Description: The issue allows remote authenticated users to achieve command injection via a Ping URL, leading to remote code execution. Recommendations: For versions prior t...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
CVE-2024-31947
CVE-2024-31947 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The vulnerability is a directory traversal flaw triggered by a crafted path parameter used with the Online Help facility, exploitable by authenticated users and potentially exposing sensitive system info...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
CVE-2024-30213
CVE-2024-30213 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The issue allows remote authenticated users to perform command injection via a Ping URL, leading to remote code execution. Affected versions: SC/SCVM before 8.0.4.26. Mitigation: update to 8.0.4.26 or la...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in phishing attacks, adding another piece to the group's wide-ranging toolset. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from...