An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...
6.8AI Score
0.0004EPSS
Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...
8.8CVSS
8.9AI Score
0.001EPSS
Beijing Yisetong Technology Development Co., Ltd. is a leading provider of data security business and network security business at home and abroad. A deserialization vulnerability exists in Yisetong's electronic document security management system, which can be exploited by an attacker to gain...
7.4AI Score
Using Legitimate GitHub URLs for Malware
Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property...
7.2AI Score
Qualys Is Proud to Sign CISA’s Secure by Design Pledge
Cybersecurity leaders in the U.S. are very familiar with the Cybersecurity and Infrastructure Security Agency (CISA) and their important work to keep the internet, our country, and its citizens safe from cyber threats. As part of their efforts, CISA has identified secure by design software as a...
8.3AI Score
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised.....
6.8AI Score
Legitimate-Looking Ads Used to Recruit Money Mules for Criminal Operations
Money mules have been aggressively recruited this year to help cybercriminals launder money, according to Fortinet. A recent example of this is the worldwide prosecution of a Zeus criminal operation, which included 37 charges against alleged money mules. Recent Zeus stories illustrate how...
6.9AI Score
Rounding up some of the major headlines from RSA
While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...
7.8CVSS
7.6AI Score
0.001EPSS
JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting (CWE-79) - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...
6.7AI Score
0.0004EPSS
Hackers Steal Customer Data from McDonald's Partner Database
McDonald's is collaborating with law enforcement after malicious hackers infiltrated another company's database and stole information about an unknown number of the fast-food chain's customers. McDonald's has alerted potentially affected customers via email and through a message on its website....
6.9AI Score
UnitedHealth Group has given an update on the February cyberattack on Change Healthcare, one of its subsidiaries. In the update, the company revealed the scale of the breach, saying: “Based on initial targeted data sampling to date, the company has found files containing protected health...
7.5AI Score
How AI will change your credit card behind the scenes
Many companies are starting to implement Artificial Intelligence (AI) within their services. Whenever there are large amounts of data involved, AI offers a way to turn that pile of data into actionable insights. And there's a big chance that our data are somewhere in that pile, whether they can be....
6.9AI Score
Microsoft AI “Recall” feature records everything, secures far less
Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it's one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology.....
6.8AI Score
W32.Yimfoca Worm Targets Facebook Users via Yahoo! Messenger
A new computer worm is denying Facebook users access to their accounts. The worm, named "W32.Yimfoca" by the security company Symantec, spreads through Yahoo! Messenger and specifically targets Facebook users. It forces them to complete surveys before they can log into their profiles. The worm...
7.1AI Score
Tenda W30E fromRouteStatic function buffer overflow vulnerability
The Tenda W30E is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda W30E version 1.0.1.25(633), which originates from the parameter page of the fromRouteStatic function in /goform/fromRouteStatic that fails to correctly validate the length of the input data,.....
8.8CVSS
8.4AI Score
0.0004EPSS
U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to....
7.2AI Score
Web Server Directory Enumeration
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...
9.6AI Score
0.002EPSS
The US Government Has a Microsoft Problem
Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free...
7.2AI Score
Australian Police Arrest Man for Hacking Nearly 100 Online Accounts
The Australian police have arrested a 33-year-old man accused of hacking into nearly 100 online accounts. The Australian Federal Police's high-tech crime unit has been monitoring the suspect since last September. This surveillance began when a local telecom company alerted the authorities to...
7AI Score
Google Maps Timeline Data to be Stored Locally on Your Device for Privacy
Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...
7.2AI Score
WikiLeaks Hit by Distributed Denial of Service (DDoS) Attack
WikiLeaks faced another distributed denial of service (DDoS) attack on Tuesday morning, as reported by Fast Company. This attack was more intense than the one on Sunday, but it still didn't come close to shutting down the site. A computer hacker known as "The Jester" shocked officials by claiming.....
6.9AI Score
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...
7.9AI Score
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
7.5AI Score
0.0004EPSS
U.S. Bans Kaspersky Software, Citing National Security Risks
The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....
6.9AI Score
Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2024-17977)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge (Chromium-based). An attacker could exploit this vulnerability to conduct spoofing...
3.3CVSS
6.4AI Score
0.001EPSS
Online Privacy and Overfishing
Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren't about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion.....
7AI Score
Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2024-17971)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge (Chromium-based) suffers from a spoofing vulnerability that can be exploited by attackers to override and spoof elements of the user...
4.3CVSS
6.8AI Score
0.001EPSS
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-17975)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge (Chromium-based) suffers from an information disclosure vulnerability that can be exploited by attackers to escape the browser sandbox and obtain sensitive...
8.2CVSS
6.5AI Score
0.001EPSS
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CNVD-2024-17976)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A remote code execution vulnerability exists in Microsoft Edge (Chromium-based), which can be exploited by an attacker to execute arbitrary code on a...
8.3CVSS
8.4AI Score
0.003EPSS
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android (Chromium-based) suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive...
4.3CVSS
6.1AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
6.9AI Score
0.0004EPSS
Buffer Overflow Vulnerability in Various Apple Products
Apple macOS Ventura is a desktop operating system from the American company Apple. A buffer overflow vulnerability exists in various Apple products that stems from incorrect validation of input. An attacker could exploit the vulnerability to execute arbitrary code with kernel...
8.6CVSS
7.9AI Score
0.004EPSS
Barracuda Networks Launches Bug Bounty Program for Security Products
Barracuda Networks announced on Tuesday that it will pay over $3,100 to anyone who can hack into its security products. This bug bounty program is the first of its kind from a pure-play security vendor. “This initiative reflects our commitment to our customers and the security community at large,”....
7.8AI Score
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
7.3AI Score
0.0004EPSS
Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the...
7AI Score
0.0004EPSS
Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...
6.7AI Score
0.0004EPSS
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security feature bypass vulnerability exists in Microsoft Edge (Chromium-based), which can be exploited by an attacker to add malicious scripts to obtain sensitive information from the...
4.7CVSS
6.4AI Score
0.001EPSS
Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers
Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake's platform," the company.....
7.2AI Score
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP...
9.8CVSS
8.2AI Score
0.973EPSS
Top 7 Key Network Security Trends to Watch in 2011
Network security is on everyone's mind as 2010 comes to an end. Adam Powers, CTO of Atlanta-based Lancope, offers insights into expected trends for 2011. IT Consumerization and Internal Threats The introduction of consumer devices into corporate networks is reshaping security strategies....
7AI Score
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.0004EPSS
8.4CVSS
7.9AI Score
0.0004EPSS
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...
7.5CVSS
7.5AI Score
0.0005EPSS
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...
7.8CVSS
7.5AI Score
0.0004EPSS
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...
7.8CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS