Lucene search
K

184 matches found

Malwarebytes
Malwarebytes
added 2023/07/13 8:15 a.m.40 views

Ransomware review: July 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7.5CVSS7.2AI score0.99934EPSS
Exploits15
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.2 views

PT-2023-3830 · Microsoft · Windows Error Reporting Service +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Error Reporting Service affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Error Reporting Service, which allows attackers to affect the system. This...

7.8CVSS9.3AI score0.32309EPSS
Exploits5References81
The Hacker News
The Hacker News
added 2023/06/24 3:30 p.m.95 views

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439...

9.8CVSS7.8AI score0.98281EPSS
Exploits10
The Hacker News
The Hacker News
added 2023/06/08 1:56 p.m.62 views

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...

10.5AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/05/31 5:25 a.m.2 views

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway ESG appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-286...

9.8CVSS7.9AI score0.86956EPSS
Exploits3
hivepro
hivepro
added 2023/04/17 9:48 a.m.40 views

Google Chrome Emergency Update Fixes Zero-Day Exploit in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A potential vulnerability in Google Chrome versions before 112.0.5615.121, identified as CVE-2023-2033, involves Type confusion in V8, which could allow a remote attacker to potentially exploit he...

8.5AI score0.40798EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/02/13 3:31 p.m.2 views

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena MOBA video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 CVSS...

8.8CVSS9.3AI score0.36238EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/01/13 9:41 a.m.5 views

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting governments and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or...

9.8CVSS7.8AI score0.99474EPSS
Exploits11
The Hacker News
The Hacker News
added 2023/01/11 5:32 a.m.5 views

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities...

9.8CVSS8.6AI score0.99964EPSS
Exploits11
The Hacker News
The Hacker News
added 2023/01/11 5:32 a.m.131 views

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities...

9.8CVSS0.6AI score0.99964EPSS
Exploits11
The Hacker News
The Hacker News
added 2023/01/06 9:1 a.m.197 views

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted...

9.8CVSS1.2AI score0.99964EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.8 views

PT-2022-5513

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description The issue is related to insufficient access controls in Microsoft Exchange Server, allowing a remote attacker to elevate their privileges. This vulnerability has been...

9.8CVSS9AI score0.99964EPSS
Exploits11References31
The Hacker News
The Hacker News
added 2022/07/05 2:55 a.m.476 views

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and...

8.8CVSS0.8AI score0.70461EPSS
Exploits3
The Hacker News
The Hacker News
added 2022/06/24 12:58 p.m.139 views

Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack

A suspected ransomware intrusion attempt against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a...

10CVSS0.6AI score0.56967EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/06/09 11:54 a.m.30 views

Even the Most Advanced Threats Rely on Unpatched Systems

Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups suc...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/21 7:32 p.m.17 views

Pegasus spyware found on UK government office phone

“When we found the No. 10 case, my jaw dropped." John Scott-Railton recalled after finding out on July 7, 2020 that Pegasus, the highly sophisticated flagship spyware of Israels NSO Group, was used to infect a phone linked to the network at 10 Downing Street, the UK Prime Ministers home and offic...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/03 10:53 p.m.481 views

The Top 5 Russian Cyber Threat Actors to Watch

This post was updated on March 10, 2022 to include a section on the Conti Ransomware Group. As we continue to monitor the situation between Russia and Ukraine – and the potential for global cybersecurity impacts – we realize that our customers and other business and industry stakeholders may be...

9.3CVSS0.4AI score0.81628EPSS
Exploits22
Malwarebytes
Malwarebytes
added 2022/02/01 11:7 a.m.221 views

Apply those updates now: CVE bypass offers up admin privileges for Windows 10

If you’re running Windows 10, it’s time to stop delaying those patches and bring your systems up to date as soon as possible. Bleeping Computer reports that a researcher has come up with a bypass for an older bug, which could serve up some major headaches if left to fester. Those headaches will...

7.2CVSS0.4AI score0.78376EPSS
Exploits22
The Hacker News
The Hacker News
added 2021/12/14 4:13 a.m.127 views

Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. Tracked as CVE-2021-4102, the flaw relates to a use-after-free bug in...

9.6CVSS1.6AI score0.70435EPSS
Exploits16
GithubExploit
GithubExploit
added 2021/12/14 4:9 a.m.371 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228-Demo This project for prove and testing zero-d...

10CVSS9.6AI score0.99999EPSS
Exploits351
Rows per page
Query Builder