Russian Government Software Backdoored to Deploy Konni RAT Malware
An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog). The findings come from German cybersecurity company DCSO, which linked the activity as originating...
9.4AI Score
Security Advisory 0092 PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release CVSSv3.1 Base Score: 9.8 (CVSS:3.1AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ) Common Weakness Enumeration: CWE-1394 Use of default cryptographic key This vulnerability is...
6.7AI Score
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 122 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 122.0.6261.57 (Linux and Mac), 122.0.6261.57/.58( Windows) contains a number of fixes and improvements -- a list of changes...
7.4AI Score
EPSS
Security Advisory 0091 _._CSAF PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-6068 CVSSv3.1 Base Score: 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) Common Weakness Enumeration: CWE-283 Improper...
3.1CVSS
3.7AI Score
0.0004EPSS
nexus-mods.github.io Cross Site Scripting vulnerability OBB-3854635
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.7AI Score
0.0004EPSS
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege...
9.2AI Score
0.0004EPSS
AMD Embedded Processors Vulnerabilities – February 2024
Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization (PI) firmware packages....
9.8CVSS
9.8AI Score
0.013EPSS
Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...
8AI Score
EPSS
7.5CVSS
7AI Score
0.001EPSS
7.5CVSS
7.9AI Score
0.001EPSS
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
By Jungsoo An, Wayne Lee and Vanja Svajcer. Cisco Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named...
8.2AI Score
Dell Client BIOS DoS (DSA-2023-176)
The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a denial of service vulnerability. Due to a signed to unsigned conversion error, a local attacker with administrator privileges can cause a denial of service condition on an affected device. Note that...
6.7CVSS
4.8AI Score
0.0004EPSS
Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD) said in a...
9.8CVSS
9.9AI Score
0.321EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta...
9.8CVSS
7.7AI Score
EPSS
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of...
6.7CVSS
4.5AI Score
0.0004EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
9.8CVSS
8.3AI Score
0.001EPSS
Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was...
7.1AI Score
Arrests in $400M SIM-Swap Tied to Heist at FTX?
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just...
7.5AI Score
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK,...
9.1CVSS
9.6AI Score
0.969EPSS
Cisco Nexus 9000 Information Disclosure (CVE-2023-20185)
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers....
7.4CVSS
7AI Score
0.001EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 121.0.6167.139 for Mac and Linux and 121.0.6167.139/140 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards _Note: Access to bug details and links may be kept...
8.8CVSS
9.3AI Score
EPSS
Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang
Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it's being propagated by means of an infection that delivers a Microsoft Excel document...
7.2AI Score
Raven - CI/CD Security Analyzer
RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. Developed and maintained by the Cycode research team. With Raven, we were able to...
8AI Score
10 things to do to improve your online privacy
Set up two-factor authentication Do this for as many of your online accounts as you can, especially the major ones like your email and social media accounts. Two-factor authentication (2FA) adds an extra step of protection and makes it much harder for attackers to login as you. We recommend...
7.2AI Score
China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat...
7.5CVSS
5.9AI Score
0.976EPSS
Apple TV < 17.3 Multiple Vulnerabilities (HT214055)
According to its banner, the version of Apple TV on the remote device is prior to 17.3. It is therefore affected by multiple vulnerabilities as described in the...
8.8CVSS
6.7AI Score
0.001EPSS
Malicious code in wlwz-2312-7000 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ec7c122bafef17340b4a068ac7649a9485f9347aa4a9ccd5f58cb93c977928ee) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in wlwz-2312-6000 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e024acc224ca049779bc8db7392150e2403925f65a9b53f3a97c9cd315feb157) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in wlwz-2312-5000 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0434173cb65699bd45454f80e823d04cf650a8946ac127a143ffa8bed2832c0c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
changedetection.io API endpoint is not secured with API token
Summary API endpoint /api/v1/watch/<uuid>/history can be accessed by any unauthorized user. Details WatchHistory resource does not have @auth.check_token annotation, which means it can be accessed without providing x-api-key header....
3.7CVSS
7.1AI Score
0.0005EPSS
changedetection.io API endpoint is not secured with API token
Summary API endpoint /api/v1/watch/<uuid>/history can be accessed by any unauthorized user. Details WatchHistory resource does not have @auth.check_token annotation, which means it can be accessed without providing x-api-key header....
3.7CVSS
7.1AI Score
0.0005EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 121.0.6167.85 for Mac and Linux and 121.0.6167.85/.86 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
9.8CVSS
7.7AI Score
EPSS
Rockwell FactoryTalk Activation Manager < 5.01 RCE
The version of Rockwell FactoryTalk Activation Manager installed on the remote Windows host is prior to 5.01. It is, therefore, affected by a vulnerability. Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems' products which...
9.8CVSS
10AI Score
0.003EPSS
Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing...
9.8CVSS
6.2AI Score
0.068EPSS
Ivanti vulnerabilities now actively exploited in massive numbers
Last week we wrote about two vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways that were being actively exploited. The researchers that discovered the active exploitation are warning that these attacks are now very widespread. "Victims are...
9.1CVSS
7.4AI Score
0.969EPSS
Intel BIOS Firmware CVE-2022-21198 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege...
7.9CVSS
7.3AI Score
0.0004EPSS
Bulletin ID: AMD-SB-6010 Potential Impact: Data leakage Severity: Medium Summary Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel. CVE...
6.5CVSS
6.2AI Score
0.001EPSS
7.4AI Score
7.4AI Score
Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws in WordPress...
6.1CVSS
6.7AI Score
0.0005EPSS
DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023
The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare...
6.8AI Score
Exploit for Improper Authentication in Ivanti Connect Secure
CVE-2023-46805 Scanner CVE-2023-46805 Scanner for possible...
8.2CVSS
7.9AI Score
0.959EPSS
Deciphering the Danger: Decoding Mallox Ransomware. Mallox Ransomware embodies a harmful software element, contributing to an ever-expanding repertoire of digital extortion threats. This cyber menace executes its mission by snaking its way into your computer system, applying a cipher to your data,....
7.2AI Score
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted,...
5.5CVSS
5.5AI Score
0.0004EPSS
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted,...
5.5CVSS
5.5AI Score
0.0004EPSS
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted,...
5.5CVSS
7.1AI Score
0.0004EPSS
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted,...
5.5CVSS
5.8AI Score
0.0004EPSS
6.1CVSS
7.2AI Score
0.0005EPSS
7.6AI Score
0.0004EPSS