Lucene search

K

Yan&Co Security Vulnerabilities

thn
thn

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected...

7.3AI Score

2024-02-08 06:53 AM
17
securelist
securelist

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....

7.6AI Score

2024-04-24 10:10 AM
15
thn
thn

U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global...

7.5AI Score

2024-05-30 08:55 AM
1
openvas
openvas

RedHat Update for kernel RHSA-2016:0185-01

The remote host is missing an update for...

6.2AI Score

0.002EPSS

2016-02-17 12:00 AM
14
debiancve
debiancve

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

7AI Score

0.0004EPSS

2024-03-25 10:15 AM
5
redhatcve
redhatcve

CVE-2019-18808

A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. Mitigation In order to mitigate this issue it is possible...

5.5CVSS

1.1AI Score

0.0004EPSS

2019-12-28 10:00 AM
5
ubuntucve
ubuntucve

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

6.5AI Score

0.0004EPSS

2024-03-25 12:00 AM
6
thn
thn

U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams

The U.S. Department of Justice (DoJ) has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in...

7.2AI Score

2024-05-29 11:50 AM
1
thn
thn

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...

7.8CVSS

8.5AI Score

0.002EPSS

2022-10-07 06:52 AM
271
jvn
jvn

JVN#62737544: Multiple vulnerabilities in RoamWiFi R10

RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code (CWE-489) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-31406 Insertion of sensitive information into log file (CWE-532)...

7.2AI Score

0.0004EPSS

2024-04-24 12:00 AM
8
thn
thn

FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under....

6.9AI Score

2024-05-15 05:52 PM
1
thn
thn

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles....

7.4AI Score

2024-05-19 09:46 AM
1
thn
thn

Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...

7.5AI Score

2024-05-28 12:50 PM
1
thn
thn

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet...

6.9AI Score

2024-05-01 02:25 PM
1
prion
prion

Heap overflow

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF...

8AI Score

0.0004EPSS

2024-02-29 01:44 AM
24
thn
thn

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and....

9.8CVSS

8.3AI Score

0.972EPSS

2024-06-06 01:14 PM
1
oraclelinux
oraclelinux

systemd security update

[252-32.0.2] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Removed the following,.....

5.9CVSS

7.7AI Score

0.001EPSS

2024-05-03 12:00 AM
2
cnvd
cnvd

SQL Injection Vulnerability in DedeCMS of Shanghai Zhuozhuo Network Technology Company Limited (CNVD-2024-13237)

DedeCMS is the most well-known PHP open source website management system, but also the use of the most users of the PHP class CMS system. Shanghai Zhuozhuo Network Technology Co., Ltd. DedeCMS SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive...

7.9AI Score

2024-02-05 12:00 AM
28
prion
prion

Default configuration

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...

7.4AI Score

0.0004EPSS

2024-03-01 10:15 AM
2
prion
prion

Design/Logic Flaw

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

9.8CVSS

7AI Score

0.001EPSS

2023-11-13 04:15 PM
10
openvas
openvas

RedHat Update for gtk-vnc RHSA-2017:2258-01

The remote host is missing an update for...

9.8CVSS

8.8AI Score

0.005EPSS

2017-08-04 12:00 AM
11
openvas
openvas

RedHat Update for nettle RHSA-2016:2582-02

The remote host is missing an update for...

7.5CVSS

8.8AI Score

0.009EPSS

2016-11-04 12:00 AM
9
nessus
nessus

Fedora 39 : kernel (2024-bc0db39a14)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
7
nessus
nessus

Fedora 40 : kernel (2024-010fe8772a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.5AI Score

0.0004EPSS

2024-05-02 12:00 AM
11
nessus
nessus

Fedora 38 : kernel (2024-f35f9525d6)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
6
krebs
krebs

The Not-so-True People-Search Network from China

It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it's not every day you run across a....

6.4AI Score

2024-03-21 03:18 AM
14
thn
thn

Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022. Vinnik.....

7AI Score

2024-05-07 09:32 AM
1
redhatcve
redhatcve

CVE-2024-26984

In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...

6.9AI Score

0.0004EPSS

2024-05-01 07:34 PM
1
thn
thn

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples....

7.1AI Score

0.0004EPSS

2024-05-28 10:15 AM
1
trellix
trellix

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

7.4AI Score

2024-04-29 12:00 AM
9
openvas
openvas

RedHat Update for samba3x RHSA-2011:1220-01

The remote host is missing an update for...

5.6AI Score

0.008EPSS

2011-09-07 12:00 AM
10
cnvd
cnvd

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-11433)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

7.5AI Score

2024-01-29 12:00 AM
4
openvas
openvas

RedHat Update for samba and cifs-utils RHSA-2011:1221-01

The remote host is missing an update for...

5.6AI Score

0.008EPSS

2012-07-09 12:00 AM
27
redhatcve
redhatcve

CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

7.3AI Score

0.0004EPSS

2024-05-01 08:24 PM
4
cnvd
cnvd

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-11424)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

7.5AI Score

2024-01-29 12:00 AM
5
alpinelinux
alpinelinux

CVE-2023-51767

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

7CVSS

7AI Score

0.001EPSS

2023-12-24 07:15 AM
35
prion
prion

Design/Logic Flaw

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

7CVSS

7AI Score

0.001EPSS

2023-12-24 07:15 AM
82
krebs
krebs

Who Stole 3.6M Tax Records from South Carolina?

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a...

7.1AI Score

2024-04-16 11:26 AM
8
prion
prion

Cross site scripting

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....

6.1CVSS

6.5AI Score

0.001EPSS

2022-12-31 04:15 PM
4
openvas
openvas

RedHat Update for samba RHSA-2011:1219-01

The remote host is missing an update for...

5.6AI Score

0.008EPSS

2011-09-07 12:00 AM
7
prion
prion

Privilege escalation

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

6AI Score

0.0004EPSS

2024-02-28 03:15 PM
6
openvas
openvas

Directory Scanner

This plugin attempts to determine the presence of various common dirs on the remote web...

9.9CVSS

8.1AI Score

0.975EPSS

2005-11-03 12:00 AM
1624
cnvd
cnvd

Command Execution Vulnerability in EG3210 of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-11054)

The EG3210 is a multi-service security gateway. A command execution vulnerability exists in the EG3210, which can be exploited by an attacker to gain control of a...

7.6AI Score

2024-01-18 12:00 AM
6
openvas
openvas

RedHat Update for java-1.7.0-openjdk RHSA-2015:1230-01

The remote host is missing an update for...

3.7CVSS

5.7AI Score

0.974EPSS

2015-07-16 12:00 AM
20
openvas
openvas

VMware ESXi Multiple Vulnerabilities (VMSA-2016-0010) - Active Check

ESXi contains an HTTP header injection vulnerability due to lack of input validation. An attacker can exploit this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect...

6.1CVSS

6.3AI Score

0.004EPSS

2016-08-08 12:00 AM
25
debiancve
debiancve

CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

7.3AI Score

0.0004EPSS

2024-02-28 03:15 PM
6
ubuntucve
ubuntucve

CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

7.3AI Score

0.0004EPSS

2024-02-28 12:00 AM
6
cnvd
cnvd

Command Execution Vulnerability in Ivanti Connect Secure at Inventec Software Technology (Beijing) Co.

Ivanti Connect Secure is a seamless, cost-effective SSL VPN solution for remote and mobile users. A command execution vulnerability exists in Ivanti Connect Secure by Inwanzi Software Technology (Beijing) Co. that can be exploited by an attacker to execute arbitrary...

9.1CVSS

7.8AI Score

0.971EPSS

2024-01-22 12:00 AM
10
thn
thn

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware...

9.8CVSS

7.3AI Score

0.003EPSS

2024-05-15 10:56 AM
cve
cve

CVE-2024-21805

Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is.....

7.1AI Score

0.0004EPSS

2024-03-12 08:15 AM
35
Total number of security vulnerabilities10933