Lucene search
K

71 matches found

CISA
CISA
added 2023/11/16 12:0 p.m.16 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36584 Microsoft Windows Mark of the Web MOTW Security Feature Bypass Vulnerability CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability...

9.8CVSS7.2AI score0.99999EPSS
In wildExploits28References8
Malwarebytes
Malwarebytes
added 2023/10/13 12:15 p.m.19 views

Explained: Quishing

Quishing is phishing using QR Quick Response codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns ...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/07 6:0 p.m.20 views

A secondhand account of the worst possible timing for a scammer to strike

Welcome to this weeks edition of the Threat Source newsletter. Up until last week, I had never considered the timing of a scam to be important. Im so used to just swiping away emails or text messages at random times during the day that Id never considered what would happen if an adversary happene...

6.7AI score
Exploits0
Wiz blog
Wiz blog
added 2023/04/13 7:20 p.m.74 views

Microsoft April 2023 Patch Tuesday Highlights: everything you need to know

Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently...

6.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2022/12/28 7:53 p.m.26 views

LastPass Data Breach: It’s Time to Ditch This Password Manager

The password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves...

3.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.16 views

Security Bulletin: IBM WebSphere Extended Deployment Compute Grid Vulnerability (CVE-2013-4039)

Abstract Potential security vulnerability fixed in IBM WebSphere Extended Deployment Compute Grid V8.0.0.3 Content VULNERABILITY DETAILS: CVE ID:CVE-2013-4039PM84760 DESCRIPTION: WebSphere Extended Deployment Compute Grid could allow a remote attacker to obtain sensitive information and exploit...

4CVSS9.3AI score0.01901EPSS
Exploits0Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/08/17 12:55 p.m.2297 views

Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite

Over the past few weeks, five different vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one of which is unpatched, and four of which are being actively and widely exploited in the wild by well-organized threat actors. We urge organizations who use Zimbra to patch ...

10CVSS0.2AI score0.99999EPSS
Exploits109
The Coalfire Blog
The Coalfire Blog
added 2022/05/04 5:7 p.m.14 views

CMMC – The smoke is clearing

The smoke is finally starting to clear on "CMMC 2.0." Hundreds of companies are already lining up for Cybersecurity Maturity Model Certification assessments. Everything is taking place faster and with far more urgency than most organizations have planned around or prepared for...

2.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/28 12:30 p.m.3504 views

Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report

Every year, our research team at Rapid7 analyzes thousands of vulnerabilities to understand root causes, dispel misconceptions, and explain why some flaws are more likely to be exploited than others. By continuously reviewing the vulnerability landscape and sharing our research team’s insights, w...

9.3CVSS0.3AI score0.99999EPSS
Exploits361
Malwarebytes
Malwarebytes
added 2022/03/18 11:5 p.m.17 views

Beware of this bogus (and phishy) “Instagram Support” email

Recently, a fake Instagram email successfully bypassed Googles email filters and made it into hundreds of employee inboxes used by a prominent US life insurance company based in New York. This was revealed in a report by Armorblox, a cybersecurity company specializing in stopping business email...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/01/18 8:0 p.m.185 views

Active Exploitation of VMware Horizon Servers

This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...

9.3CVSS0.3AI score0.99999EPSS
Exploits356
Rapid7 Blog
Rapid7 Blog
added 2021/11/30 5:38 p.m.512 views

Active Exploitation of Apache HTTP Server CVE-2021-40438

CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-40438 | Apache Advisory | AttackerKB | 09/16/2021 multiple | ASAP | December 1, 2021 14:00 ET On September 16, 2021, Apache released version 2.4.49 of HTTP Server, which included a f...

6.8CVSS0.4AI score0.99999EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2021/11/01 1:33 p.m.887 views

GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-22205 | GitLab Advisory | AttackerKB | Evaluating | ASAP | November 1, 2021 On April 14, 2021, GitLab published a security release to address CVE-2021-22205, a critical remote code...

6.8CVSS0.7AI score0.99981EPSS
Exploits57
The Hacker News
The Hacker News
added 2021/06/05 10:58 a.m.686 views

ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack

Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. The ongoing activity was detected by Bad Packets on June 3 and corroborated yesterday by...

10CVSS1AI score0.99999EPSS
Exploits58
ThreatPost
ThreatPost
added 2021/03/19 8:52 p.m.203 views

Critical F5 BIG-IP Flaw Now Under Active Attack

Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated. The unauthenticated remote command execution flaw CVE-2021-22986 exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full contro...

10CVSS10AI score0.99999EPSS
Exploits79References13
Akamai Blog
Akamai Blog
added 2020/04/10 5:28 p.m.58 views

COVID-19 Phishing: Exploiting a Global Pandemic

It's sad to think criminals are hard at work taking advantage of the extraordinary stress the world's population is currently experiencing. But they are. New phishing scams exploiting anxiety about COVID-19 are trending upward. Akamai's Carrier Data Science and Threat Research teams analyzing...

Exploits0
CNVD
CNVD
added 2020/04/07 12:0 a.m.2 views

TestLink urgenc parameter SQL injection vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink version 1.9.20. An attacker can exploit this vulnerability by executing arbitrary SQL commands in planUrgency.php with the...

9.8CVSS8.2AI score0.01698EPSS
Exploits1References1
OSV
OSV
added 2020/04/03 7:15 p.m.15 views

CVE-2020-8638

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...

9.8CVSS8.5AI score
Exploits0References2
Prion
Prion
added 2020/04/03 7:15 p.m.15 views

Sql injection

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...

7.5CVSS9.8AI score0.01698EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/03 6:36 p.m.14 views

CVE-2020-8638

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...

10AI score0.01698EPSS
Exploits1References2
Rows per page
Query Builder