CVE-2024-23639

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

Design/Logic Flaw

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

Bad Rabbit ransomware

UPDATE 27.10.2017. Decryption opportunity assessment. File recovery possibility. Verdicts What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been report...

Expired domain names and malvertising

In Q1 and Q2 of 2017, we noticed a sharp decline in drive-by downloads coming from compromised websites. The campaigns of the past are either gone Pseudo Darkleech or have changed focus EITest using social engineering techniques. Malvertising - which has remained steady and is currently the main...

The “elegance”of Linux vulnerabilities: rare ways to bypass the ASLR and DEP protection mechanisms-vulnerability warning-the black bar safety net

! The recent foreign researchers published a exp code in the finished patch to the Fedora and other Linux system on the drive-by attacks, in order to install keyloggers, backdoors and other malicious software. This exp is for the GStreamer framework in a memory-corruption vulnerability that...

ALERT: This New Ransomware Steals Passwords Before Encrypting Files

You should be very careful while visiting websites on the Internet because you could be hit by a new upgrade to the World's worst Exploit Kit – Angler, which lets hackers develop and conduct their own drive-by attacks on visitors' computers with relative ease. Many poorly-secured websites are...

Cross-Site Scripting (XSS) in Revive Adserver

High-Tech Bridge Security Research Lab discovered an XSS vulnerability in Revive Adserver formerly known as OpenX Source, which can be exploited to perform Cross-Site Scripting attacks against authenticated users and administrators of the vulnerable application leading to total compromise of the...

Red Button Attack Could Compromise Smart TVs

A vulnerability in an emerging interactive television standard could expose smart TVs to untraceable drive-by hacking attacks that could steal personal information and wreak havoc on televisions and anything connected to them. The feature, HbbTV, Hybrid Broadcast Broadband Television was introduc...

FBI raids BlackShades RAT Malware Customers in Europe and Australia

When it comes to crime, whether it’s an online or offline, FBI doesn't spare anyone. According to the French media reports and various announcements on underground forums by hacking groups, the FBI has started a large-scale operation of International raids with the help of local law enforcement...

Internet Explorer zero-day vulnerability actively being exploited in the wild

Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few day...

Internet Explorer zero-day vulnerability actively being exploited in the wild

Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few day...

Microsoft's Patch Tuesday fully loaded with patch for 57 security flaws

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch...

New Linux Rootkit Emerges

A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for...

Window 8 will get its first critical patch this Friday

The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating...

Firefox 17 Beta Released with Click-to-Play Plugins for blocking vulnerable Plugins

Last week, Mozilla announced it will prompt Firefox users on Windows with old versions of Adobe Reader, Adobe Flash, and Microsoft Silverlight, but refused to detail how the system will work. Finally today Firefox 17 is now in beta and with it is a very cool feature, click-to-play plugins. When a...

Mozilla Adds Click-to-Play Plugin Security Feature to Firefox Beta

Attackers have been going after vulnerabilities in browser plugins and extensions for years now, as they know that users are slow about updating these components. Even if users have the browser set to update automatically, the third-party components are a separate issue and need to be patched on...

Detecting and Removing Vulnerable Java Versions

As attacks on the new Java zero-day vulnerability continue and researchers look for ways to mitigate the flaw, they are encouraging users to disable Java in their browsers. There is now a site that users can visit that will detect whether their browser is running a vulnerable version of Java...

Mozilla Weighing Opt-In Requirement for Web Plugins

Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security...

Google: Most Vulnerabilities Only Exploited For a Short Time

Google has a hugely privileged view of the Internet and it uses that position for all kinds of things, one of which is to collect data and intelligence on malicious Web site behavior and malware trends. In a new report based on four years’ worth of data on site and malware activity, the company...