Debian Security Advisory DSA 284-1 (kdegraphics)
The remote host is missing an update to kdegraphics announced via advisory DSA...
6.4AI Score
0.082EPSS
Debian Security Advisory DSA 105-1 (enscript)
The remote host is missing an update to enscript announced via advisory DSA...
6.7AI Score
0.0004EPSS
Takeaways From The Take Command Summit: Unprecedented Threat Landscape
The Rapid7 Take Command summit unveiled crucial findings from the 2024 Attack Intelligence Report, offering invaluable insights for cybersecurity professionals navigating today's complex threat landscape. Key takeaways from the 30 minute panel: Rise of Zero-Day Exploits: 53% of mass compromise...
7.6AI Score
Debian Security Advisory DSA 279-1 (metrics)
The remote host is missing an update to metrics announced via advisory DSA...
6.6AI Score
0.0004EPSS
Debian Security Advisory DSA 296-1 (kdebase)
The remote host is missing an update to kdebase announced via advisory DSA...
6.4AI Score
0.082EPSS
This plugin attempts to determine the presence of various common dirs on the remote web...
9.9CVSS
8.1AI Score
0.975EPSS
Debian Security Advisory DSA 090-1 (xtel)
The remote host is missing an update to xtel announced via advisory DSA...
7.4AI Score
Debian Security Advisory DSA 063-1 (xinetd)
The remote host is missing an update to xinetd announced via advisory DSA...
6.6AI Score
0.319EPSS
Advance Auto Parts customer data posted for sale
A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email...
7.4AI Score
Debian Security Advisory DSA 293-1 (kdelibs)
The remote host is missing an update to kdelibs announced via advisory DSA...
6.4AI Score
0.082EPSS
Debian Security Advisory DSA 026-1 (bind)
The remote host is missing an update to bind announced via advisory DSA...
6.5AI Score
0.189EPSS
Debian Security Advisory DSA 231-1 (dhcp3)
The remote host is missing an update to dhcp3 announced via advisory DSA...
6.5AI Score
0.135EPSS
The remote host appears to be a network printer, multi-function device, or other fragile device. Such devices often react very poorly when scanned. To avoid problems, Nessus has marked the remote host as 'Dead' and will not scan...
7.5AI Score
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
Why Regulated Industries are Turning to Military-Grade Cyber Defenses
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated.....
7.2AI Score
chromium -- multiple security fixes
Chrome Releases reports: This update includes 23 security fixes: [331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on...
8.8CVSS
7.8AI Score
0.001EPSS
Fortinet FortiOS Trust Management Issues Vulnerability (CNVD-2024-13096)
Fortinet FortiOS is a set of U.S. Fita (Fortinet) dedicated to FortiGate network security platform on the security operating system. A trust management issue vulnerability exists in Fortinet FortiOS that stems from the presence of incorrect certificate validation, which can be exploited by an...
4.8CVSS
6.9AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that....
6.4AI Score
0.0004EPSS
Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS...
5.9CVSS
7.4AI Score
0.963EPSS
Top 7 Key Network Security Trends to Watch in 2011
Network security is on everyone's mind as 2010 comes to an end. Adam Powers, CTO of Atlanta-based Lancope, offers insights into expected trends for 2011. IT Consumerization and Internal Threats The introduction of consumer devices into corporate networks is reshaping security strategies....
7AI Score
JVN#37818611: "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly
"ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly (CWE-939) which may be exploited to direct the App to access any sites. ## Impact A remote attacker may lead a user to.....
7AI Score
0.0004EPSS
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS.....
7.4CVSS
7.2AI Score
0.0004EPSS
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is...
6.3CVSS
7AI Score
0.001EPSS
INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data
By Waqas As seen by Hackread.com, the INC ransomware gang claims to have obtained patient records as part of their cyberattack. This is a post from HackRead.com Read the original post: INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient...
7.2AI Score
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append...
9.9CVSS
9.5AI Score
0.001EPSS
Rounding up some of the major headlines from RSA
While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...
7.8CVSS
7.6AI Score
0.001EPSS
In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential.....
7.6AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-048)
The version of kernel installed on the remote host is prior to 5.10.209-198.812. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-048 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-06-06: CVE-2023-52464 was added to this...
7.8CVSS
7.9AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: gnutls-3.8.4-1.fc38
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and....
5.3CVSS
7.3AI Score
0.0005EPSS
IKEv1 Main Mode vulnerable to brute force attacks
Overview Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is...
5.9CVSS
5.8AI Score
0.003EPSS
memory corruption in modem due to improper check while calculating size of serialized CoAP...
9.8CVSS
9.5AI Score
0.001EPSS
About the security content of iOS 17.5 and iPadOS 17.5
About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.5AI Score
0.001EPSS
Texas Man Indicted for Hacking Eden Prairie Business, Stealing $274,000
A federal indictment unsealed earlier today alleges that a 35-year-old Texas man hacked into the computer network of an Eden Prairie business, stealing approximately $274,000. The indictment, filed in Minneapolis on October 13, 2010, charges Jeremy Parker of Houston, Texas, with one count of...
7.2AI Score
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
7.3AI Score
7.5CVSS
7.5AI Score
0.0005EPSS
Apple iOS and Apple iPadOS Buffer Overflow Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A buffer overflow vulnerability exists in Apple iOS and iPadOS, which can be exploited by an attacker to...
7.8CVSS
7.2AI Score
0.0004EPSS
Oracle Linux 7 : jss (ELSA-2019-3067)
From Red Hat Security Advisory 2019:3067 : An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is....
7.4CVSS
7.3AI Score
0.002EPSS
The Dreaded Network Pivot: An Attack Intelligence Story
Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability and attacker landscape. The spiritual successor to our annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with our detection and response...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
6.9AI Score
0.0004EPSS
Texting Secrets: How Messenger Apps Guard Your Chats
By Uzair Amir Worried about prying eyes? We explain how messenger apps keep your chats confidential with features like encryption & multi-factor authentication. Learn about security risks & emerging technologies for a safer digital future. This is a post from HackRead.com Read the original post:...
7.4AI Score
Allaire/Macromedia JRun Sample Files (HTTP) - Active Check
This host is running the Allaire JRun web server and has sample files...
6.7AI Score
0.005EPSS
The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated attackers, with....
7.5CVSS
9.3AI Score
0.0004EPSS
Fedora: Security Advisory for suricata (FEDORA-2024-99337cc4a1)
The remote host is missing an update for...
7.5AI Score
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the...
9.8CVSS
9.6AI Score
0.001EPSS
Fedora: Security Advisory for gnutls (FEDORA-2024-0459dcd356)
The remote host is missing an update for...
5.3CVSS
5.4AI Score
0.0005EPSS
[SECURITY] Fedora 38 Update: suricata-6.0.17-1.fc38
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score
[SECURITY] Fedora 39 Update: suricata-6.0.17-1.fc39
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-519)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-519 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-04-25: CVE-2023-52462 was added to this advisory. 2024-04-25: CVE-2024-26591 was added to this advisory. 2024-04-25: CVE-2023-52467...
7.8CVSS
7.7AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: suricata-7.0.4-1.fc40
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score