1896 matches found
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry...
TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution Vulnerability
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...
Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies
Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable th...
Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election
Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election By Anne An · February 13, 2024 Preface Cybersecurity has become an integral part of election security. Nation-state actors and other politically motivated groups are likely to try to...
Important: cri-tools
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics
A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system...
ICS and OT threat predictions for 2024
We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscap...
Important: amazon-cloudwatch-agent
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...
Important: amazon-cloudwatch-agent
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...
The vulnerability in the /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> component of the application for exchanging instant messages with Mattermost allows a hacker to perform a CSRF attack.
The vulnerability of the /plugins/playbooks/api/v0/telemetry/run/ component of the Mattermost instant messaging application is related to the manipulation of cross-site requests. Exploiting this vulnerability could allow a malicious actor to perform a CSRF attack remotely...
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
MQTT vs AMQP
The Initial Overview: Learning about MQTT & AMQP In the dynamic arenas of Internet of Things IoT" and cloud computing, communication protocols that are robust, reliable and capable of handling high traffic volumes have become essential. The two protocols that have recently gained significant grou...
New Rugmi Malware Loader Surges with Hundreds of Daily Detections
A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer aka LummaC2, Vidar, RecordBreaker aka Raccoon Stealer V2, and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware ...
CVE-2023-49772
creationtimestamp| type| source ---|---|--- 2023-12-20 17:23:52+00:00| seen| https://t.me/ctinow/157163 2024-01-13 15:21:51+00:00| seen| https://t.me/ctinow/167849...
New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
Path traversal
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316
Mattermost is affected by a path traversal CSRF vulnerability in the Playbooks telemetry endpoint. The issue arises from insufficient validation of a relative path passed to /plugins/playbooks/api/v0/telemetry/run/, enabling an attacker to craft a path traversal payload that points to a different...