Lucene search
K

6246 matches found

Malwarebytes
Malwarebytes
added 2018/04/04 3:0 p.m.50 views

LockCrypt ransomware: weakness in code can lead to recovery

At the start of the year, it seemed that 2018 was going to be all about cryptominers. They so overwhelmingly dominated the landscape that it looked like no other threat had a chance. However, ransomware is not giving up the field so fast. There have been new variants popping up every couple of...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/04/03 9:19 a.m.30 views

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.8CVSS2.9AI score0.06705EPSS
Exploits0References2
OSV
OSV
added 2018/04/03 6:29 a.m.3 views

CVE-2018-4115

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access...

9.8CVSS7.3AI score0.02299EPSS
Exploits0References6
NVD
NVD
added 2018/04/03 6:29 a.m.18 views

CVE-2018-4110

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence...

9.8CVSS7.9AI score0.03927EPSS
Exploits0References3
Prion
Prion
added 2018/04/03 6:29 a.m.16 views

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence...

7.5CVSS7.6AI score0.03927EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/04/03 6:29 a.m.14 views

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access...

7.5CVSS7.2AI score0.02299EPSS
Exploits0References6Affected Software4
CVE
CVE
added 2018/04/03 6:0 a.m.61 views

CVE-2018-4110

CVE-2018-4110 affects iOS Web App in Apple devices prior to iOS 11.3. The vulnerability allows a remote attacker to bypass cookie persistence restrictions in the Web App component, leading to cookies potentially persisting contrary to intended limits. The CVE entry credits Ben Compton and Jason C...

9.8CVSS7.2AI score0.03927EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/04/03 6:0 a.m.22 views

CVE-2018-4110

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence...

7.9AI score0.03927EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/04/03 6:0 a.m.19 views

CVE-2018-4115

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access...

7.6AI score0.02299EPSS
Exploits0References6
NVD
NVD
added 2018/04/02 5:29 p.m.37 views

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.8CVSS9.5AI score0.06705EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/04/02 5:0 p.m.42 views

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.6AI score0.06705EPSS
Exploits0References3
Kitploit
Kitploit
added 2018/04/02 1:35 p.m.21 views

CHAOS Framework v2.0 - Generate Payloads And Control Remote Windows Systems

CHAOS allow generate payloads and control remote Windows systems. Disclaimer This project was created only for learning purpose. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/03/27 5:28 p.m.13 views

Alleged Mastermind Behind Carbanak Crime Gang Arrested

The suspected mastermind behind the Carbanak criminal gang, which is notorious for stealing as much as $1 billion from more than 100 financial institutions in a string of attacks, has been apprehended, according to the Spanish National Police. According to the European Union Agency for Law...

1.4AI score
Exploits0References16
ThreatPost
ThreatPost
added 2018/03/15 12:37 p.m.14 views

Iran-Linked Group ‘TEMP.Zagros’ Updates Tactics, Techniques In Latest Campaign

Researchers say a massive phishing campaign targeting Asia and Middle East regions is linked to an Iranian-based threat actor TEMP.Zagros, also known as MuddyWater. This latest attack illustrates an evolution by the threat actor, which has now adopted new tactics, techniques and procedures. “We...

0.3AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.32 views

F5 Networks BIG-IP : Apache Tomcat 6.x vulnerabilities (K58084500)

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS8.3AI score0.13075EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2018/02/23 9:40 a.m.66 views

Threat Round Up for Feb 16 - 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 16 and February 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

6.5AI score
Exploits0
Kitploit
Kitploit
added 2018/02/17 1:30 p.m.113 views

ezsploit - Linux Bash Script Automation For Metasploit

Command line script for automatingmetasploit functions: Checks for metasploit service and starts if not present Easily craft meterpreter reversetcp payloads for Windows, Linux, Android and Mac Start multiple meterpreter reversetcp listners Assistance with building basic persistence options and...

7.4AI score
Exploits0References1
The Hacker News
The Hacker News
added 2018/01/25 1:29 a.m.37 views

Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems

Are you using Linux or Mac OS? If you think your system is not prone to viruses, then you should read this. Wide-range of cybercriminals are now using a new piece of 'undetectable' spying malware that targets Windows, macOS, Solaris and Linux systems. Just last week we published a detailed articl...

7.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2018/01/24 2:0 p.m.373 views

Now you see me: Exposing fileless malware

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks Petya and WannaCry used fileless techniques as part of their kill chains. The...

7.3AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2018/01/24 2:0 p.m.37 views

Now you see me: Exposing fileless malware

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks Petya and WannaCry used fileless techniques as part of their kill chains. The...

7.3AI score
Exploits0
Rows per page
Query Builder