Lucene search
K

213 matches found

Kitploit
Kitploit
added 2023/09/18 11:30 a.m.21 views

Surf - Escalate Your SSRF Vulnerabilities On Modern Cloud Environments

surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by sending a HTTP request from your machine to each host, collecting all the hosts that did not respond, and then filtering them into a list of externally facing and internally facing hosts. You ca...

7AI score
Exploits0References2
Ubuntu
Ubuntu
added 2023/09/06 12:31 a.m.77 views

USN-6342-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...

7.8CVSS7.7AI score0.05794EPSS
Exploits1
Citrix
Citrix
added 2023/08/31 12:0 a.m.8 views

How to disable Receiver for HTML5 in Cloud?

How to disable Receiver for HTML5 in Cloud?...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2023/08/27 12:0 a.m.6 views

IBM Security Guardium Data Encryption 安全漏洞

IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...

7.5CVSS6.3AI score0.00475EPSS
Exploits0References4
Qualys Blog
Qualys Blog
added 2023/08/01 12:55 p.m.21 views

Risk Fact #1: Cloud Migration Exploitation Cloud Security Research Risk Fact

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2023/07/26 7:35 p.m.51 views

Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know

Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors...

5.5CVSS6.7AI score0.05794EPSS
Exploits1
hivepro
hivepro
added 2023/07/21 8:38 a.m.34 views

A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...

10CVSS6.8AI score0.9967EPSS
Exploits9
hivepro
hivepro
added 2023/07/13 1:24 p.m.19 views

New Python-Based Fileless Malware Named ‘PyLoose’ Targeting Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new fileless attack called PyLoose targets cloud workloads by loading an XMRig Miner directly into memory using Python code and the memfd technique. This evasive attack highlights the need for advanced...

7.3AI score
Exploits0
Talos
Talos
added 2023/07/13 12:0 a.m.29 views

VMware DCERPC call request uninitialized memory heap overflow vulnerability

Talos Vulnerability Report TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-20892 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in VMware vCenter Server...

9.8CVSS9.1AI score0.01849EPSS
Exploits0
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Apache Pulsar 安全漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...

9.6CVSS8.2AI score0.00733EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/07/11 9:58 a.m.27 views

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services AWS Fargate. "Cloud environments are still their primary target, but the tools and techniques used have adapted t...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/06/08 7:42 p.m.24 views

Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec

In modern cloud environments, roles and permissions are assigned not just to human users, but to machines, resources and services, as well. The massive scale of cloud environments leads to teams potentially managing millions of distinct identities. As a result, security teams often struggle to...

6.6AI score
Exploits0
Wiz blog
Wiz blog
added 2023/05/25 7:20 p.m.19 views

Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments

This blog post will discuss lateral movement risks from on-prem to the cloud. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/05/23 1:0 p.m.12 views

Casting a Light on Shadow IT in Cloud Environments

What is Shadow IT? The term “Shadow IT” refers to the use of systems, devices, software, applications, and services without explicit IT approval. This typically occurs when employees adopt consumer products to increase productivity or just make their lives easier. This type of Shadow IT can be...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/05/17 11:42 a.m.11 views

8220 Gang Exploiting Vulnerabilities in Cloud Environments for Cryptocurrency Mining

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The 8220 Gang is a cyber threat group that targets cloud and container environments, exploiting vulnerabilities in applications like Oracle WebLogic, Apache Log4j, and Atlassian Confluence. To receive...

6.8AI score
Exploits0
Ubuntu
Ubuntu
added 2023/04/26 1:39 p.m.167 views

USN-6043-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

7.8CVSS7AI score0.0788EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/04/26 11:46 a.m.2 views

Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks

The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks. In light of this significant challenge, how are CISOs responding?...

7.2AI score
Exploits0
Ubuntu
Ubuntu
added 2023/04/19 1:17 a.m.77 views

USN-6024-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 Lin Ma discovered a race condition in t...

7.8CVSS7.2AI score0.00964EPSS
Exploits4
Wiz blog
Wiz blog
added 2023/04/13 2:19 p.m.11 views

Five ways to bolster security as cloud environments and budgets come under attack

Security experts share their insights for securing cloud environments as the pace and scale of threats accelerates...

7AI score
Exploits0
Ubuntu
Ubuntu
added 2023/03/29 4:44 p.m.88 views

USN-5984-1: Linux kernel vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.03702EPSS
Exploits5
Rows per page
Query Builder