EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2023-2724)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a...
7.8CVSS
8.8AI Score
EPSS
EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2023-2755)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a...
7.8CVSS
8.8AI Score
EPSS
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that....
6.4AI Score
Detect and Manage the Risk of Apache Struts (CVE-2023-50164) Comprehensively
Introduction In the vast landscape of cybersecurity, staying vigilant against potential threats is crucial. A critical vulnerability that surfaced recently is CVE-2023-50164, affecting Apache Struts 2, a widely used open-source framework for Java development. This path traversal vulnerability,...
9.8CVSS
10AI Score
0.09EPSS
Deciphering the Danger: Decoding Mallox Ransomware. Mallox Ransomware embodies a harmful software element, contributing to an ever-expanding repertoire of digital extortion threats. This cyber menace executes its mission by snaking its way into your computer system, applying a cipher to your data,....
7.2AI Score
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent...
9.1CVSS
9.2AI Score
0.969EPSS
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua...
9.1AI Score
Rocky Linux 8 : frr (RLSA-2024:0130)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0130 advisory. bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a flowspec overflow. (CVE-2023-38406) bgpd/bgp_label.c...
9.8CVSS
6.7AI Score
0.001EPSS
Oracle Linux 8 : frr (ELSA-2024-0130)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0130 advisory. bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. (CVE-2023-38407) An...
9.8CVSS
6.5AI Score
0.001EPSS
Impact What kind of vulnerability is it? Who is impacted? An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions (matching the pattern 0.x.0) at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function,...
2.8CVSS
6.5AI Score
0.0004EPSS
Impact What kind of vulnerability is it? Who is impacted? An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions (matching the pattern 0.x.0) at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function,...
2.8CVSS
6.5AI Score
0.0004EPSS
CentOS 8 : frr (CESA-2024:0130)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0130 advisory. bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a flowspec overflow. (CVE-2023-38406) ...
9.8CVSS
7.8AI Score
0.001EPSS
Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
Microsoft followed up one of the lightest recent Patch Tuesdays in December with another month of no zero-day vulnerabilities and only two critical issues. Many of the company's monthly security updates in 2023 included vulnerabilities that were actively being exploited in the wild or had publicly....
8.8CVSS
8.4AI Score
0.004EPSS
Apache InLong Code Issue Vulnerability (CNVD-2024-08088)
Apache InLong is the U.S. Apache (Apache) Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a code issue vulnerability that stems from the presence of a deserialization vulnerability. An attacker can...
7.5CVSS
7.1AI Score
0.003EPSS
Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an...
7.6AI Score
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their cybersecurity strategy has changed over the past two years." This stagnation in strategy adaptation can be traced back to several key...
7AI Score
Rapid7’s Data-Centric Approach to AI in Belfast
Authored by Stuart Millar and Ryan Wilson. Rapid7 has expanded significantly in Belfast since establishing a presence back in 2014, resulting in the company's largest R&D hub outside the US with over 350 people spread across eight floors in our Chichester Street office. There is a wide range of...
7AI Score
How to Protect Your Privacy Online
Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening...
7.4AI Score
How to comply with HIPAA requirements
Understanding the Grounds of HIPAA Let's take a deep dive into understanding the broad structure and intent behind the Act for the Secure Management and Duty of Patient Data (ASMDPD), a landmark piece of legislation that has deeply transformed the healthcare sector since its inception at the turn.....
7.6AI Score
Helping a mobile malware fraud victim
Back at the start of October, we had a call from the BBC asking if we could help unpick a fraud. The victim had been defrauded of ~£12,000 through a rogue bank transfer and mentioned that her Android mobile phone had been behaving oddly. Of course we would help; who wouldn’t be up for the...
6.6AI Score
The Initial Overview: Learning about MQTT & AMQP In the dynamic arenas of Internet of Things (IoT) and cloud computing, communication protocols that are robust, reliable and capable of handling high traffic volumes have become essential. The two protocols that have recently gained significant...
7.1AI Score
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 Vulnerability Detector ![CVE...
9.8CVSS
9.7AI Score
0.966EPSS
Exploit for Deserialization of Untrusted Data in Apache Kafka Connect
This tool is intended for security testing purposes only. Do...
8.8CVSS
9.7AI Score
0.97EPSS
There’s One Last Gift Under the Tree, It’s Hands-On IoT!
It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime. But first, a little background. Every year Rapid7 has a pretty solid presence at DefCon in Las Vegas. This year was.....
7.1AI Score
How Cache Purge Helps Keep Your Website Content Fresh and Responsive
Content Delivery Networks (CDNs) accelerate web traffic across the internet through servers residing in strategic locations (known as points of presence or PoPs) across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...
6.8AI Score
How ransomware operators try to stay under the radar
An often heard remark is that when your security solution notices a ransomware attack, it’s already too late. There's a lot of truth in that, if you consider the encryption process to be the ransomware attack. However, these days encryption is just a part of many ransomware attacks. Some of the...
7.8AI Score
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices
A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called...
7.4AI Score
Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164
Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results in....
9.8CVSS
8.1AI Score
0.09EPSS
Linux kernel denial of service vulnerability (CNVD-2024-1476840)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a denial of service vulnerability that originates from the presence of a null pointer dereference in the function...
5.5CVSS
6.5AI Score
0.0004EPSS
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with...
7AI Score
0.0004EPSS
Mallox Ransomware A Resurgent Threat Exploiting MS-SQL Flaws
Summary: Mallox is a resilient Ransomware-as-a-Service (RaaS) threat, utilizing tactics like exploiting MS-SQL vulnerabilities and employing brute force attacks. Operating with a prolonged presence, Mallox's recent variant, "Mallox.Resurrection," exhibits consistent functionalities, emphasizing...
7.4AI Score
Expired tokens can be renewed without validating the account password
Impact In versions of the proxy from 2022-09-05 onwards (since 8c874c2ff3d503ac20c7d32f46e08547fcb9e23f), expired OAuth 2.0 client credentials grant (CCG) flow authorisation tokens could be renewed automatically without checking their validity against the original account configuration (i.e., the.....
7.8AI Score
Expired tokens can be renewed without validating the account password
Impact In versions of the proxy from 2022-09-05 onwards (since 8c874c2ff3d503ac20c7d32f46e08547fcb9e23f), expired OAuth 2.0 client credentials grant (CCG) flow authorisation tokens could be renewed automatically without checking their validity against the original account configuration (i.e., the.....
7.8AI Score
Cloud environments differ in a number of ways from more traditional on-prem environments. From the immense scale and compounding complexity to the rate of change, the cloud creates a host of challenges for security teams to navigate and grapple with. By definition, anything running in the cloud...
7.3AI Score
Behind the scenes at the Wiz Booth: how to create a memorable expo experience
Discover how Wiz reinvents its presence at every cybersecurity event, surprising visitors with engaging themes and unique...
7.3AI Score
TotalCloud Insights: Hidden Risks of Amazon S3 Misconfigurations
Misconfiguring Amazon S3 Buckets Can Pose Major Risks Amazon Web Services (AWS) is the world’s largest cloud security provider, and it provides the ability to store massive amounts of cloud-resident data with the Amazon Simple Storage Service (S3) bucket. Amazon S3 is an object storage solution...
7.6AI Score
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
4.7AI Score
0.0004EPSS
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
0.0004EPSS
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
7.1AI Score
0.0004EPSS
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4),.....
4.3CVSS
5AI Score
0.0004EPSS
Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges
The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of...
8AI Score
Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam
Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and...
7.3AI Score
The scanner detected the presence of a web page protected by a 'NTLM'...
7.3AI Score
Bearer Token Authentication Detected
The scanner detected the presence of a web page protected by a 'Bearer'...
7.3AI Score
Digest Authentication Detected
The scanner detected the presence of a web page protected by a 'Digest'...
7.3AI Score
New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...
9.8CVSS
9.5AI Score
0.135EPSS
Ten Years Later, New Clues in the Target Breach
On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also.....
7.1AI Score
SAP Cloud Connector Resource Management Error Vulnerability
SAP Cloud Connector is a tool from SAP Germany to establish a secure connection between local systems and SAP Cloud Platform. A resource management error vulnerability exists in SAP Cloud Connector version 2.0, which stems from the presence of uncontrolled resource consumption in the application...
3.5CVSS
6.8AI Score
0.0004EPSS
Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm
Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...
8AI Score
Unveiling the Cyber Threats to Healthcare: Beyond the Myths
Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to...
4.3CVSS
7.4AI Score
0.0004EPSS