Lucene search

K

Yan&Co Security Vulnerabilities

cve
cve

CVE-2023-52535

In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges...

6.6AI Score

0.0004EPSS

2024-04-08 03:15 AM
28
cve
cve

CVE-2023-52351

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
25
cve
cve

CVE-2023-52534

In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges...

6.9AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-52533

In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...

6.5AI Score

0.0004EPSS

2024-04-08 03:15 AM
26
cnvd
cnvd

SQL Injection Vulnerability in Water Information Management Platform of Shandong Weimicro Technology Co. Ltd (CNVD-2024-14236)

Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. The water information management platform of...

7.5AI Score

2024-02-15 12:00 AM
9
cnvd
cnvd

Arbitrary File Read Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co.

Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has an arbitrary file reading vulnerability, which can be exploited.....

7.1AI Score

2024-02-06 12:00 AM
6
krebs
krebs

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack....

6.8AI Score

2024-05-07 05:36 PM
7
thn
thn

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group...

7.4AI Score

2024-05-02 12:26 PM
7
thn
thn

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an...

7.5CVSS

8AI Score

0.955EPSS

2024-06-04 03:25 AM
3
cve
cve

CVE-2023-52342

In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...

6.5AI Score

0.0004EPSS

2024-04-08 03:15 AM
28
malwarebytes
malwarebytes

Watch out for tech support scams lurking in sponsored search results

This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored"....

7.2AI Score

2024-05-02 03:14 PM
7
thn
thn

Microsoft to Support ARM Chips in Upcoming Windows Version

Microsoft Corp., feeling pressure from popular products like Apple Inc.'s iPad, is developing a new operating system that marks a departure from the company's traditional reliance on Intel Corp.'s chip technology. This information comes from sources familiar with Microsoft's plans. Next month,...

6.7AI Score

2010-12-23 12:04 AM
8
thn
thn

How to Build Your Autonomous SOC Strategy

Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from.....

7.2AI Score

2024-05-30 11:44 AM
1
openbugbounty
openbugbounty

co-optimus.com Cross Site Scripting vulnerability OBB-3809950

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2023-12-11 10:20 AM
3
thn
thn

U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global...

7.5AI Score

2024-05-30 08:55 AM
1
thn
thn

U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams

The U.S. Department of Justice (DoJ) has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in...

7.2AI Score

2024-05-29 11:50 AM
1
cnvd
cnvd

Unauthorized Access Vulnerability in SCM One Card Platform System of Shandong Weir Data Co.

Shandong Weir Data Co., Ltd. is a whole industry chain enterprise integrating independent software development, embedded development, hardware development, production and sales service. An unauthorized access vulnerability exists in the SCM one-card platform system of Shandong Weir Data Company...

6.8AI Score

2023-03-18 12:00 AM
3
thn
thn

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...

7.8CVSS

8.5AI Score

0.002EPSS

2022-10-07 06:52 AM
273
cnvd
cnvd

SQL Injection Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-13698)

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...

7.8AI Score

2024-02-10 12:00 AM
9
thn
thn

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected...

7.3AI Score

2024-02-08 06:53 AM
17
cnvd
cnvd

SQL Injection Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-13697)

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...

7.8AI Score

2024-02-10 12:00 AM
15
redhatcve
redhatcve

CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

7.1AI Score

0.0004EPSS

2024-02-28 02:39 PM
10
nessus
nessus

EulerOS Virtualization for ARM 64 3.0.5.0 : openssl (EulerOS-SA-2020-1063)

According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : In situations where an attacker receives automated notification of the success or failure of a decryption ...

5.3CVSS

6AI Score

0.015EPSS

2020-01-13 12:00 AM
23
thn
thn

Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...

7.5AI Score

2024-05-28 12:50 PM
3
thn
thn

FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under....

6.9AI Score

2024-05-15 05:52 PM
2
cnvd
cnvd

SQL Injection Vulnerability in Kirin Fortress of Beijing COSCO Kirin Technology Co. Ltd (CNVD-2022-86537)

KyLinFortress is an all-in-one Fortress, SSL VPN, Dynamic Password and CA Certificate. COSCO KyLin Technology Company Limited KyLin Barrier Machine suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the...

7.4AI Score

2022-10-29 12:00 AM
6
thn
thn

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and....

9.8CVSS

8.3AI Score

0.973EPSS

2024-06-06 01:14 PM
7
thn
thn

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles....

7.4AI Score

2024-05-19 09:46 AM
1
securelist
securelist

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....

7.6AI Score

2024-04-24 10:10 AM
15
cve
cve

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...

7.8AI Score

0.0004EPSS

2024-03-21 03:16 PM
26
nvd
nvd

CVE-2024-29244

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...

7.5AI Score

0.0004EPSS

2024-03-21 03:16 PM
cvelist
cvelist

CVE-2024-29244

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...

7.7AI Score

0.0004EPSS

2024-03-21 12:00 AM
1
cvelist
cvelist

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...

7.7AI Score

0.0004EPSS

2024-03-21 12:00 AM
krebs
krebs

Fake Lawsuit Threat Exposes Privnote Phishing Sites

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and...

6.7AI Score

2024-04-04 02:12 PM
8
nvd
nvd

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...

7.5AI Score

0.0004EPSS

2024-03-21 03:16 PM
cve
cve

CVE-2024-29244

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...

7.8AI Score

0.0004EPSS

2024-03-21 03:16 PM
28
cnvd
cnvd

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-13551)

Beijing Yisaitong Technology Development Co., Ltd. is a company whose business scope includes technical services, technology development, technology consulting, technology exchange, technology transfer, technology promotion and so on. There is a SQL injection vulnerability in the electronic...

7.5AI Score

2024-01-31 12:00 AM
8
openbugbounty
openbugbounty

co-opcreditunions.org Cross Site Scripting vulnerability OBB-3805352

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2023-12-07 01:03 PM
4
redhatcve
redhatcve

CVE-2019-18808

A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. Mitigation In order to mitigate this issue it is possible...

5.5CVSS

1.1AI Score

0.0004EPSS

2019-12-28 10:00 AM
6
jvn
jvn

JVN#62737544: Multiple vulnerabilities in RoamWiFi R10

RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code (CWE-489) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-31406 Insertion of sensitive information into log file (CWE-532)...

7.2AI Score

0.0004EPSS

2024-04-24 12:00 AM
8
cnvd
cnvd

Command Execution Vulnerability in the Operation and Maintenance Audit System of Beijing COSCO Kirin Technology Co. Ltd (CNVD-2022-53245)

COSCO KyLin Technology Co., Ltd. is a R&D-oriented software development company, the company's main products are COSCO KyLin Barrier Machine, KyLin SSL VPN, KyLin Dynamic Password System, KyLin Cloud Desktop and so on. Our main products are COSCO Kirin SSL VPN, Kirin Dynamic Password System, Kirin....

7.5AI Score

2022-06-13 12:00 AM
6
nessus
nessus

Fedora 40 : kernel (2024-010fe8772a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.5AI Score

0.0004EPSS

2024-05-02 12:00 AM
11
thn
thn

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet...

6.9AI Score

2024-05-01 02:25 PM
3
nvd
nvd

CVE-2024-28446

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at...

7.5AI Score

0.0004EPSS

2024-03-19 06:15 AM
nvd
nvd

CVE-2024-28447

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at...

7.5AI Score

0.0004EPSS

2024-03-19 06:15 AM
2
cve
cve

CVE-2024-28446

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at...

7.8AI Score

0.0004EPSS

2024-03-19 06:15 AM
33
cve
cve

CVE-2024-28447

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at...

7.8AI Score

0.0004EPSS

2024-03-19 06:15 AM
29
cvelist
cvelist

CVE-2024-28446

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at...

7.7AI Score

0.0004EPSS

2024-03-19 12:00 AM
1
cvelist
cvelist

CVE-2024-28447

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at...

7.7AI Score

0.0004EPSS

2024-03-19 12:00 AM
1
thn
thn

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples....

7.1AI Score

0.0004EPSS

2024-05-28 10:15 AM
6
Total number of security vulnerabilities10969