CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2024-23725 via ghost (>=0.11.14 <=1.26.2)

ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2024-23725 Source advisory: OSV:GHSA-FH38-9FGR-454W...

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...

Info-stealers can steal cookies for permanent access to your Google account

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication MFA the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password...

Code injection

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

Malware Leveraging Google OAuth for Persistent Account Access

Summary: Information-stealing malware is actively exploiting an undisclosed Google OAuth endpoint called MultiLogin. This technique was initially disclosed by a threat actor named PRISMA on their Telegram channel and has subsequently been integrated into various malware-as-a-service MaaS stealer...

Malicious code in discord.js-self-v22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 672d9ccd18153a9163f1f9a63ec5d765f412cf86a198d526fb04ecc5aa6eab3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Bandook a 2007 Legacy Still Thriving in the Threat Landscape

Summary: The Bandook malware is a persistent remote access trojan RAT that surfaced in 2007. Programmed in Delphi and C++, it has evolved through various iterations over the years and has historical associations with Dark Caracal. It featured prominently in a campaign dubbed ‘Operation Manul’...

OilRig Group Unleashes Three New Malware Strains

Summary: The Iranian state-sponsored threat actor, commonly referred to as OilRig, implemented three distinct downloader malware variants throughout the year 2022. The primary objective was to sustain persistent access to targeted organizations located in Israel. OilRig demonstrated active...

Malicious code in arrays-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 058ca280756e331336b85903607b74f86355c7e7d889a956dc9a904f6e2c5485 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in 2e6d5f64604be31 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac5657b36ff4ea9f051859c1d7f0d6c56e2f56a183ac03f41a104cbc8a629f42 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.10 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

SUSE CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

GHSA-3M87-5598-2V4F Withdrawn Advisory: Prometheus XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. Original Description A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version...