89 matches found
CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid
The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...
CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid
The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...
Meta4 HR security breach
Cegid Meta4 HR is a human resource management software HRM platform from Cegid Corporation. A security vulnerability exists in Meta4 HR version 819.001.022 and prior versions, which stems from a configuration page being placed on an Internet-facing web server, resulting in a file path being expos...
Known Indicators of Compromise Associated with Androxgh0st Malware
Actions to take today to mitigate malicious cyber activity: 1. Prioritize patching known exploited vulnerabilities in internet-facing systems. 2. Review and ensure only necessary servers and services are exposed to the internet. 3. Review platforms or services that have credentials listed in .env...
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. "As part of their multi-extortion strategy,...
Adobe Coldfusion vulnerability used in attacks on government servers
The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Cisco Talos recently discovered a new malware family were calling "HTTPSnoop" being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to liste...
OpenSSH trojan campaign targets Linux systems and IoT devices
Poorly configured Linux and Internet of Things IoT devices are at risk of compromise from a cryptojacking campaign, according to researchers at Microsoft. The attacks, which involve brute forcing a way into a system, are designed to profit from mining in illicit fashion for cryptocurrency. Once t...
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...
New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government
An unnamed government entity associated with the United Arab Emirates U.A.E. was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the...
Abuse of the Service Location Protocol May Lead to DoS Attacks
The Service Location Protocol SLP, RFC 2608link is external allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service DoS attack with a significant amplification factor. Researchers from Bitsigh...
A Financially Motivated Threat Group UNC961 Targeting North American Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary UNC961 is a financially motivated cyber threat group that targets organizations in North America, with a focus on exploiting vulnerable Internet-facing servers during periods of vulnerability and exploit...
KillNet hits healthcare sector with DDoS attacks
At the end of January, the Health Sector Cybersecurity Coordination Center warned that the KillNet group is actively targeting the US healthcare sector with distributed denial-of-service DDoS attacks. The Cybersecurity and Infrastructure Security Agency CISA says it helped dozens of hospitals...
Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
Thousands of Citrix Application Delivery Controller ADC and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 CVSS scores: 9.8, which were addressed by the virtualizati...
Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack
An Iranian advanced persistent threat APT actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, referred to as Fantasy by ESET, is believed to have been delivered via a supply-chain attack...
Automated Tank Gauge (ATG) Remote Configuration Disclosure Exploit
In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges ATGs which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators wh...
CVE-2022-3181
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network LAN-only and internet facing systems are affected...
Input validation
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network LAN-only and internet facing systems are affected...
CVE-2022-3181
Trihedral VTScada is affected by CVE-2022-3181 (CVE assignment tied to VTScada 12.0.38 and earlier). The vulnerability stems from improper input validation, where a specially malformed HTTP request could cause the VTScada server to crash, impacting both LAN-only and internet-facing deployments. T...
Why Ransomware in Education on the Rise and What That Means for 2023
The breach of LA Unified School District LAUSD highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant districtwide disruptio...