Interview With a Crypto Scam Investment Spammer
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several...
6.8AI Score
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02...
4.8CVSS
4.8AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02...
5.9CVSS
4.8AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02...
4.8CVSS
5.4AI Score
0.0005EPSS
Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1)
Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service....
8.1CVSS
8.5AI Score
0.232EPSS
Ubuntu 10.04 LTS / 10.10 : linux-mvl-dove vulnerabilities (USN-1093-1)
Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service....
8.1CVSS
8.5AI Score
0.063EPSS
Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a.....
7.8CVSS
8AI Score
0.232EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02...
5.9CVSS
5.5AI Score
0.0005EPSS
Unbreakable Enterprise kernel security update
[5.15.0-101.103.2.1] - Revert 'attr: use consistent sgid stripping checks' (Sherry Yang) [Orabug: 35346968] - Revert 'iommu: Force iommu shutdown on panic' (Boris Ostrovsky) [Orabug: 35346963] [5.15.0-101.103.2] - uek-rpm: mod-extra: Remove mt7921e.ko from extras list (Harshit Mogalapalli) ...
6.5CVSS
7.7AI Score
0.0004EPSS
Security fix for the ALT Linux 10 package libmicrohttpd version 0.9.76-alt1
0.9.76-alt1 built April 6, 2023 Alexander Danilov in task #317701 March 29, 2023 Sergey Bolshakov - 0.9.76 released (fixes:...
5.9CVSS
5.8AI Score
0.001EPSS
Security fix for the ALT Linux 8 package clamav version 0.103.8-alt1
0.103.8-alt1 built March 27, 2023 Sergey Y. Afonin in task #316773 March 9, 2023 Sergey Y. Afonin - 0.103.8 (CVE-2023-20032,...
9.8CVSS
7.5AI Score
0.003EPSS
Security fix for the ALT Linux 9 package clamav version 0.103.8-alt1
0.103.8-alt1 built March 17, 2023 Sergey Y. Afonin in task #316772 March 9, 2023 Sergey Y. Afonin - 0.103.8 (CVE-2023-20032,...
9.8CVSS
7.5AI Score
0.003EPSS
Security fix for the ALT Linux 10 package clamav version 0.103.8-alt1
0.103.8-alt1 built March 15, 2023 Sergey Y. Afonin in task #316417 March 9, 2023 Sergey Y. Afonin - 0.103.8 (CVE-2023-20032,...
9.8CVSS
7.5AI Score
0.003EPSS
Unbreakable Enterprise kernel security update
[5.15.0-8.91.4.1] - uek-rpm: Add opbmc to core rpm (Somasundaram Krishnasamy) [Orabug: 35157130] [5.15.0-8.91.4] - selftests/vm: remove ARRAY_SIZE define from individual tests (Shuah Khan) [Orabug: 35088471] - selftests: Provide local define of __cpuid_count() (Reinette Chatre) [Orabug:...
7.8CVSS
8.4AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.522.3] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] - Revert 'RDS:...
8.8CVSS
8.5AI Score
0.002EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.522.3] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] - Revert 'RDS:...
8.8CVSS
8.5AI Score
0.002EPSS
U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating "Trickbot," a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S....
0.7AI Score
What your SOC will be facing in 2023
As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year's Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first...
0.3AI Score
According to a prominent Soviet science fiction writer, beauty is a fine line, a razor's edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching...
-0.1AI Score
Unbreakable Enterprise kernel security update
[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...
8.8CVSS
8.6AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...
8.8CVSS
8.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.315.5] - Revert 'xfs: Lower CIL flush limit for large logs' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: Throttle commits on delayed background CIL push' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug:...
7.8CVSS
-0.5AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.315.5] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug: 34917369] [5.4.17-2136.315.4] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888473] - uek-rpm: Add ptp_kvm.ko to nano rpm (Somasundaram Krishnasamy) [Orabug:...
7.8CVSS
-0.6AI Score
0.001EPSS
FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape
An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...
8.8CVSS
1AI Score
0.973EPSS
Security Bulletin: NVIDIA GPU Display Driver - November 2022
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. To protect your system, download and install this software update...
8.8CVSS
7.5AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.314.6.2] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1] - RDMA/uverbs: Move...
7.8CVSS
0.6AI Score
0.0005EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.314.6.2.el7] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el7] - RDMA/uverbs:...
7.8CVSS
0.6AI Score
0.0005EPSS
Unbreakable Enterprise kernel-container security update
[5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI...
5.5CVSS
-0.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI...
5.5CVSS
-0.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.519.2.1] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...
7.8CVSS
-0.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.519.2.1.el7] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...
7.8CVSS
-0.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.313.6] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c (Alok Tiwari) [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita...
7CVSS
-0.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.313.6] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c (Alok Tiwari) [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita...
7CVSS
-0.5AI Score
0.0004EPSS
WordPress Find and Replace All plugin <= 1.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Replacement discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin (versions <= 1.3). Solution No patched version...
2AI Score
0.001EPSS
WordPress Find and Replace All plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin (versions <= 1.2). Solution Update the WordPress Find and Replace All plugin to the latest available version (at least...
1.5AI Score
0.001EPSS
Server-side attacks, C&C in public clouds and other MDR cases we observed
Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you.....
AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...
7CVSS
-0.6AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...
7CVSS
-0.6AI Score
0.0004EPSS
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the...
6.8AI Score
0.002EPSS
Unbreakable Enterprise kernel-container security update
[5.15.0-2.52.3.el8] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using...
7.8CVSS
-0.3AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.15.0-2.52.3] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using...
7.8CVSS
-0.3AI Score
EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.517.3] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]...
6.2CVSS
0.2AI Score
EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.517.3.el7] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]...
6.2CVSS
0.2AI Score
EPSS
Unbreakable Enterprise kernel-container security update
r[ 5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) ...
6.5CVSS
0.1AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug:...
6.5CVSS
0.1AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...
-0.3AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug:...
-0.1AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...
-0.3AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug:...
-0.1AI Score
0.001EPSS
Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Student Result or Employee Database plugin (versions <= 1.7.4). Solution Update the WordPress Student Result or Employee...
5.4CVSS
2.1AI Score
0.001EPSS