Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 CVSS score: 7.8 - Memory corruption in DSP Services during a remote call fro...

IT threat evolution Q3 2023

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called...

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance ... where threat actors deployi...

CVE-2023-4769

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

CVE-2023-4769

CVE-2023-4769 describes a Server-Side Request Forgery (SSRF) vulnerability in ManageEngine Desktop Central v9.1.0, specifically the /smtpConfig.do component. The connected documents indicate an authenticated attacker could leverage this to perform targeted actions (e.g., cross-port access, servic...

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerability (USN-4020-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4020-1 advisory. A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by...

Lazarus Group’s Targeted Attacks on Korean Sectors

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus a state-sponsored threat group, has been employing sophisticated tactics like spear phishing and supply chain attacks, and utilizing various types of malware for control. To receive real-time...

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published...

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," addin...

CVE-2023-41332 Denial of service via Kubernetes annotations in specific Cilium configurations

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

CVE-2023-41332

CVE-2023-41332 affects Cilium’s eBPF dataplane. When the Layer 7 proxy is disabled, workloads annotated with policy.cilium.io/proxy-visibility (>= v1.13) or io.cilium.proxy-visibility (

Apple Addresses Two Zero-Day Flaws Exploited by Attackers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apples two zero-day vulnerabilities CVE-2023-41064 and CVE-2023-41061 enable arbitrary code execution and system crashes. As these vulnerabilities are actively exploited, they pose severe risks,...

CVE-2023-28010

In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks...

PT-2023-21477 · Ibm · Domino Server

Name of the Vulnerable Software and Affected Versions: Domino server affected versions not specified Description: In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. Recommendations: At the moment, there is no...

Oracle Linux 6 : thunderbird (ELSA-2020-0123)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0123 advisory. 68.4.1-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 68.4.1-2 - Update to 68.4.1 build1 Tenable has...

Oracle Linux 6 : firefox (ELSA-2020-0086)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0086 advisory. - Added fix for mozbz1348168/CVE-2017-5428 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

IT threat evolution in Q2 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program, w...

PT-2023-28274 · Arm · Arm Mali Gpu Kernel Driver

Name of the Vulnerable Software and Affected Versions: Arm Mali GPU Kernel Driver versions affected versions not specified Description: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. The issue is currently under active...