January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
| 30.9.23 | CVE-2023-42114 |
CVE |
(CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability | |
| 30.9.23 | CVE-2023-42115 |
CVE |
(CVSS score: 9.8) - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability | |
| 30.9.23 | CVE-2023-42116 |
CVE |
(CVSS score: 8.1) - Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 30.9.23 | CVE-2023-42117 |
CVE |
(CVSS score: 8.1) - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability | |
| 30.9.23 | CVE-2023-42118 |
CVE |
(CVSS score: 7.5) - Exim libspf2 Integer Underflow Remote Code Execution Vulnerability | |
| 30.9.23 | CVE-2023-42119 |
CVE |
(CVSS score: 3.1) - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability | |
| 30.9.23 | CVE-2023-40049 |
CVE |
(CVSS score: 5.3) - An authentication bypass vulnerability that allows users to enumerate files under the 'WebServiceHost' directory listing. | |
| 30.9.23 | CVE-2022-27665 |
CVE |
(CVSS score: 6.1) - A reflected cross-site scripting (XSS) vulnerability in Progress Ipswitch WS_FTP Server 8.6.0 that can lead to execution of malicious code and commands on the client. | |
| 30.9.23 | CVE-2023-40048 |
CVE |
(CVSS score: 6.8) - A cross-site request forgery (CSRF) vulnerability in the WS_FTP Server Manager interface. | |
| 30.9.23 | CVE-2023-40046 |
CVE |
(CVSS score: 8.2) - An SQL injection vulnerability in the WS_FTP Server manager interface that could be exploited to infer information stored in the database and execute SQL statements that alter or delete its contents. | |
| 30.9.23 | CVE-2023-40047 |
CVE |
(CVSS score: 8.3) - A stored cross-site scripting (XSS) vulnerability exists in the WS_FTP Server's Management module that could be exploited by an attacker with admin privileges to import an SSL certificate with malicious attributes containing XSS payloads that could then be triggered in victim's browser. | |
| 30.9.23 | CVE-2023-40045 |
CVE |
(CVSS score: 8.3) - A reflected cross-site scripting (XSS) vulnerability in the WS_FTP Server's Ad Hoc Transfer module that could be exploited to execute arbitrary JavaScript within the context of the victim's browser. | |
| 30.9.23 | CVE-2023-42657 |
CVE |
(CVSS score: 9.9) - A directory traversal vulnerability that could be exploited to perform file operations. | |
| 30.9.23 | CVE-2023-40044 |
CVE |
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | |
| 30.9.23 | CVE-2023-2033 |
CVE |
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| 30.9.23 | CVE-2023-4863 |
CVE |
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |
| 30.9.23 | CVE-2023-3079 |
CVE |
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| 30.9.23 | CVE-2023-2136 |
CVE |
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| 30.9.23 | AtlasAgent | Malware | Trojan | AtlasAgent used in this attack activity is Trojan horse program developed by AtlasCross. |
| 30.9.23 | DangerAds | Malware | Trojan | This is a loader Trojan used by AtlasCross in this activity. |
| 30.9.23 | GPU.zip |
CVE |
GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression | |
| 30.9.23 | ZenRAT | Malware | RAT | Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden. |
| 30.9.23 | CVE-2022-22706 |
CVE |
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. | |
| 30.9.23 | CVE-2022-3038 |
CVE |
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| 30.9.23 | CVE-2022-4262 |
CVE |
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| 30.9.23 | CVE-2023-26083 |
CVE |
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0 | |
| 30.9.23 | CVE-2023-0266 |
CVE |
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. | |
| 30.9.23 | CVE-2023-5129 |
CVE |
||
| 30.9.23 | Xenomorph | Malware | Android RAT | Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor. |
| 30.9.23 | CVE-2023-42793 |
CVE |
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |
| 30.9.23 | STARK#VORTEX | Operation | Operation | Securonix Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads. |
| 30.9.23 | AndroRAT | Malware | Android RAT | Androrat is a remote administration tool developed in Java Android for the client side and in Java/Swing for the Server. |
| 30.9.23 | Gh0stCringe | Malware | RAT | Gh0stCringe RAT Being Distributed to Vulnerable Database Servers |
| 30.9.23 | China Chopper | Malware | RAT | China Chopper is a Web Shell hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server. It has been used by several threat groups. |
| 30.9.23 | Impacket | Malware | Tool | Impacket is an open source collection of modules written in Python for programmatically constructing and manipulating network protocols |
| 30.9.23 | Mimikatz | Malware | Tool | What if we were to tell you that there was a magical tool that could greatly simplify the discovery and pillaging of credentials from Windows-based hosts. |
| 30.9.23 | AdFind | Malware | Tool | AdFind is a free command-line query tool that can be used for gathering information from Active Directory. |
| 30.9.23 | TONESHELL | Malware | Backdoor | My Tea’s not cold. An overview of China’s cyber threat |
|
24.9.23 |
Deadglyph | Malware | Backdoor | Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics |
|
23.9.23 |
Predator | Malware | Apple Spyware | Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. |
|
23.9.23 |
BBtok | Malware | Banking | 360 Security Center describes BBtok as a banking trojan targeting Mexico. |
|
22.9.23 |
CVE-2023-4236 |
CVE |
(CVSS score: 7.5) - The named service may terminate unexpectedly under high DNS-over-TLS query load (fixed in versions 9.18.19 and 9.18.19-S1) | |
|
22.9.23 |
CVE-2023-3341 |
CVE |
(CVSS score: 7.5) - A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (fixed in versions 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1) | |
|
22.9.23 |
CVE-2023-28709 |
CVE |
(CVSS score: 7.5) - A DoS flaw in Apache Tomcat server impacting Bamboo Data Center and Server | |
|
22.9.23 |
CVE-2023-22513 |
CVE |
(CVSS score: 8.5) - A RCE flaw in Bitbucket Data Center and Server | |
|
22.9.23 |
CVE-2023-22512 |
CVE |
(CVSS score: 7.5) - A DoS flaw in Confluence Data Center and Server | |
|
22.9.23 |
CVE-2022-25647 |
CVE |
(CVSS score: 7.5) - A deserialization flaw in the Google Gson package impacting Patch Management in Jira Service Management Data Center and Server | |
|
22.9.23 |
CVE-2023-41993 |
CVE |
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Processing web content may lead to arbitrary code execution. | |
|
22.9.23 |
CVE-2023-41992 |
CVE |
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. | |
|
22.9.23 |
CVE-2023-41991 |
CVE |
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. | |
|
22.9.23 |
P2PInfect | Malware | P2P Worm | "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware's developers are operating at an extremely high development cadence," |
|
22.9.23 |
Venom RAT | Malware | RAT | Attack Activities by Quasar Family |
|
22.9.23 |
CVE-2023-38831 |
CVE |
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | |
|
22.9.23 |
CVE-2023-25157 |
CVE |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | |
|
20.9.23 |
ValleyRAT | Malware | RAT | In March 2023, Proofpoint identified a new malware we dubbed ValleyRAT. |
|
20.9.23 |
CVE-2023-3932 |
CVE |
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. | |
|
20.9.23 |
CVE-2023-5009 |
CVE |
(CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. | |
|
20.9.23 |
CVE-2023-28434 |
CVE |
(CVSS score: 8.8) - MinIO Security Feature Bypass Vulnerability | |
|
20.9.23 |
CVE-2022-31463 |
CVE |
(CVSS score: 7.1) - Owl Labs Meeting Owl Improper Authentication Vulnerability | |
|
20.9.23 |
CVE-2022-31462 |
CVE |
(CVSS score: 8.8) - Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability | |
|
20.9.23 |
CVE-2022-31461 |
CVE |
(CVSS score: 6.5) - Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability | |
|
20.9.23 |
CVE-2022-31459 |
CVE |
(CVSS score: 6.5) - Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability | |
|
20.9.23 |
CVE-2022-22265 |
CVE |
(CVSS score: 7.8) - Samsung Mobile Devices Use-After-Free Vulnerability | |
|
20.9.23 |
CVE-2021-3129 |
CVE |
(CVSS score: 9.8) - Laravel Ignition File Upload Vulnerability | |
|
20.9.23 |
CVE-2017-6884 |
CVE |
(CVSS score: 8.8) - Zyxel EMG2926 Routers Command Injection Vulnerability | |
|
20.9.23 |
CVE |
Realtek SDK Improper Input Validation Vulnerability | ||
|
20.9.23 |
CVE-2023-41179 |
CVE |
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. | |
|
19.9.23 |
ShroudedSnooper | Malware | Backdoor | Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. |
|
19.9.23 |
Operation Rusty Flag | Operation | Operation | Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets |
|
19.9.23 |
XWorm | Malware | RAT | Malware with wide range of capabilities ranging from RAT to ransomware. |
|
19.9.23 |
SprySOCKS | Malware | Linux | Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement |
|
19.9.23 |
CVE-2023-36847 |
CVE |
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. | |
|
19.9.23 |
CVE-2023-36846 |
CVE |
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. | |
|
19.9.23 |
CVE-2023-36845 |
CVE |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. | |
|
19.9.23 |
CVE-2023-36844 |
CVE |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. | |
|
19.9.23 |
CapraRAT | Malware | RAT | According to PCrisk, CapraRAT is the name of an Android remote access trojan (RAT), possibly a modified version of another (open-source) RAT called AndroRAT. |
|
19.9.23 |
AMBERSQUID | Operation | Operation | The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they’ve named AMBERSQUID. |
|
19.9.23 |
Hook | Malware | Android | According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. It provides WebSocket communication and has RAT capabilities. |
|
19.9.23 |
RECORDSTEALER | Malware | Stealer | New Info-stealer Disguised as Crack Being Distributed |
|
17.9.23 |
MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CERT | CERT | CISA received 4 files for analysis from an incident response engagement conducted at an Aeronautical Sector organization. |
|
16.9.23 |
NodeStealer | Malware | Stealer | New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials |
|
16.9.23 |
RedLine/Vidar | Malware | Stealer | In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. |
|
16.9.23 |
SHAPESHIFT | Malware | Wiper | Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware |
|
16.9.23 |
CVE-2023-29491 |
CVE |
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | |
|
16.9.23 |
Bash stealer | Malware | Stealer | Free Download Manager backdoored – a possible supply chain attack on Linux machines |
|
16.9.23 |
The Week in Ransomware - September 15th 2023 - Russian Roulette | Ransom | Ransom | This week’s big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions. |
|
14.9.23 |
CVE |
This is the git repository for our research on command injections in the subpath feature of kubernetes. |
||
|
14.9.23 |
CVE |
(CVSS score: 4.5) - Azure Apache Hadoop Spoofing Vulnerability |
||
|
14.9.23 |
CVE |
(CVSS score: 4.5) - Azure Apache Ambari Spoofing Vulnerability |
||
|
14.9.23 |
CVE |
(CVSS score: 4.5) - Azure Apache Oozie Spoofing Vulnerability |
||
|
14.9.23 |
CVE |
(CVSS score: 4.6) - Azure HDInsight Jupyter Notebook Spoofing Vulnerability |
||
|
14.9.23 |
CVE |
(CVSS score: 4.5) - Azure Apache Hive Spoofing Vulnerability |
||
|
14.9.23 |
Malware |
According to Elastic, BUGHATCH is an in-memory implant loaded by an obfuscated PowerShell script that decodes and executes an embedded shellcode blob in its allocated memory space using common Windows APIs (VirtualAlloc, CreateThread, WaitForSingleObject). |
||
|
14.9.23 |
Loader |
Malware distributor Storm-0324 facilitates ransomware access |
||
|
14.9.23 |
CVE |
(CVSS score: 7.8) - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
||
|
14.9.23 |
CVE |
(CVSS score: 6.2) - Microsoft Word Information Disclosure Vulnerability |
||
|
14.9.23 |
Hacking |
Repo Jacking: Exploiting the Dependency Supply Chain |
||
|
14.9.23 |
CVE |
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |
||
|
13.9.23 |
MetaStealer | Malware | MacOS | On March 7, 2022, KELA observed a threat actor named _META_ announcing the launch of META – a new information-stealing malware, available for sale for USD125 per month or USD1000 for unlimited use. |
|
13.9.23 |
CVE-2023-3079 |
CVE |
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
|
13.9.23 |
CVE-2023-2136 |
CVE |
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
|
13.9.23 |
CVE-2023-2033 |
CVE |
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
|
13.9.23 |
CVE-2023-4863 |
CVE |
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |
|
13.9.23 |
MrTonyScam | Malware | Python | Hackers Deploy Python-Based Stealer via Facebook Messenger |
|
13.9.23 |
Merlin | Malware | Stealer | Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. |
|
13.9.23 |
RisePro | Malware | Stealer | New RisePro Stealer distributed by the prominent PrivateLoader |
|
10.9.23 |
Loader |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
||
|
10.9.23 |
CVE |
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. |
||
|
9.9.23 |
MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors |
CERT |
CISA obtained five malware samples - including artifacts related to SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER backdoors. |
|
|
9.9.23 |
CVE-2023-38606 | Vulnerebility | CVE | This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. |
|
9.9.23 |
CVE-2023-41064 | Vulnerebility | CVE | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. |
|
9.9.23 |
CVE-2023-41061 | Vulnerebility | CVE | A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. |
|
9.9.23 |
CVE-2023-4498 | Vulnerebility | CVE | Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only |
|
9.9.23 |
CVE-2023-38283 | Vulnerebility | CVE | In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. |
|
9.9.23 |
CVE-2023-38802 | Vulnerebility | CVE | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). |
|
9.9.23 |
CVE-2023-4481 | Vulnerebility | CVE | An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). |
|
9.9.23 |
CVE-2023-20243 | Vulnerebility | CVE | A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets |
|
9.9.23 |
CVE-2023-20238 | Vulnerebility | CVE | A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. |
|
9.9.23 |
CVE-2022-21881 | Vulnerebility | CVE | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879. |
|
9.9.23 |
CVE-2021-34514 | Vulnerebility | CVE | Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-33771. |
|
9.9.23 |
CVE-2021-44228 | Vulnerebility | CVE | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. |
|
9.9.23 |
CVE-2022-42475 | Vulnerebility | CVE | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier |
|
9.9.23 |
CVE-2022-47966 | Vulnerebility | CVE | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4. |
|
9.9.23 |
NetSupport RAT | Malware | MacOS | Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. |
|
9.9.23 |
Atomic Stealer | Malware | MacOS | Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram |
|
7.9.23 |
CVE-2023-27524 | Vulnerebility | CVE | Session Validation attacks in Apache Superset versions up to and including 2.0.1. |
|
7.9.23 |
CVE-2023-30776 | Vulnerebility | CVE | An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. |
|
7.9.23 |
CVE-2023-36388 | Vulnerebility | CVE | Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. |
|
7.9.23 |
CVE-2023-37941 | Vulnerebility | CVE | If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. |
|
7.9.23 |
CVE-2023-39265 | Vulnerebility | CVE | Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. |
|
7.9.23 |
CVE-2023-35674 | Vulnerebility | CVE | Android Zero-Day CVE-2023-35674 Exploited in Attacks, Now Fixed |
|
7.9.23 |
SideTwist | Malware | Trojan | APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan |
|
6.9.23 |
Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router |
Alert |
An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. |
|
|
6.9.23 |
Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account |
Alert |
Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. |
|
|
6.9.23 |
||||
|
6.9.23 |
||||
|
6.9.23 |
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated) |
|||
|
6.9.23 |
||||
|
6.9.23 |
||||
|
6.9.23 |
||||
|
6.9.23 |
||||
|
6.9.23 |
||||
|
6.9.23 |
AdminLTE PiHole 5.18 - Broken Access Control | WebApps | PHP | |
|
6.9.23 |
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery') | WebApps | PHP | |
|
6.9.23 |
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' ) | WebApps | PHP | |
|
6.9.23 |
Academy LMS 6.1 - Arbitrary File Upload | WebApps | PHP | |
|
6.9.23 |
Credit Lite 1.5.4 - SQL Injection | WebApps | PHP | |
|
6.9.23 |
NVClient v5.0 - Stack Buffer Overflow (DoS) | Exploit | Local | Windows |
|
6.9.23 |
Ivanti Avalanche <v6.4.0.0 - Remote Code Execution | Remote | Windows | |
|
6.9.23 |
Hyip Rio 2.1 - Arbitrary File Upload | WebApps | PHP | |
|
6.9.23 |
Blood Donor Management System v1.0 - Stored XSS | WebApps | PHP | |
|
6.9.23 |
Uvdesk 1.1.4 - Stored XSS (Authenticated) | Exploit | WebApps | PHP |
|
6.9.23 |
User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated) | WebApps | PHP | |
|
6.9.23 |
User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS) | Exploit | WebApps | PHP |
|
6.9.23 |
|
Elastic observed this loader coming with valid code signatures, being used to deploy secondary payloads in-memory. |
||
|
6.9.23 |
Banking |
Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers |
||
|
6.9.23 |
Backdoor |
Analysis of Andariel’s New Attack Activities |
||
|
6.9.23 |
Backdoor |
Analysis of Andariel’s New Attack Activities |
||
|
6.9.23 |
RAT |
Analysis of Andariel’s New Attack Activities |
||
|
6.9.23 |
RAT |
GoatRAT Attacks Automated Payment Systems |
||
|
6.9.23 |
CVE |
Minio is a Multi-Cloud Object Storage framework. |
||
|
6.9.23 |
CVE |
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE. |
||
|
6.9.23 |
Malware |
According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature. |
||
|
6.9.23 |
Operation |
"Smishing Triad" Targeted USPS And US Citizens For Data Theft |
||
|
3.9.23 |
Backdoor |
Elasticsearch is no stranger to cybercriminal abuse given its popularity. |
||
|
3.9.23 |
CVE-2023-20890 | Vulnerebility |
CVE |
Aria Operations for Networks contains an arbitrary file write vulnerability. |
|
3.9.23 |
CVE-2023-34039 | Vulnerebility |
CVE |
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. |
|
2.9.23 |
GRU Malware |
A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones. |
||
|
2.9.23 |
RAT |
ANALYSIS OF NOVEL RAT DISCOVERED DUBBED “SUPERBEAR”. THE RAT HAS BEEN FOUND TARGETING JOURNALIST AND DEPLOYED USING OPEN-SOURCE AUTOIT SCRIPTS. |
||
| 2.9.23 | SapphireStealer | Malware | Stealer | Open-source information stealer enables credential and data theft |
| 2.9.23 | QRLog | Malware | QR trojan | There is little information about how initial compromise was achieved in the known compromises, but analysis of the known components provide a strong link to a trojanized QR code generator discovered in the wild in February 2023. |
| 2.9.23 | JokerSpy | Malware | MacOS | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware |
| 2.9.23 | SnatchCrypto | Malware | Crypto | Malware observed in the SnatchCrypto campaign, attributed by Kaspersky Labs to BlueNoroff with high confidence. |
| 2.9.23 | HemiGate | Malware | Loader | HemiGate is a backdoor used by Earth Estries. Like most of the tools used by this threat actor, this backdoor is also executed via DLL sideloading using one of the loaders that support interchangeable payloads. |
| 2.9.23 | TrillClient | Malware | Tool | TrillClient toolset is an information stealer designed to steal browser data, and is packed in a single cabinet file (.cab) and extracted through the utility application expand.exe. |
| 2.9.23 | Zingdoor | Malware | Backdoor | Zingdoor is a new HTTP backdoor written in Go. While we first encountered Zingdoor in April 2023, some logs indicate that the earliest developments of this backdoor took place in June 2022. |
| 2.9.23 | Earth Estries | Operation | Operation | We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector. |