Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Description: ​​Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. [...]
Source: BleepingComputer
December 18th, 2024 (4 months ago)
GHNA is Allegedly Selling Access to an Unidentified Indian Technology Company
Description: GHNA is Allegedly Selling Access to an Unidentified Indian Technology Company
Source: DarkWebInformer
December 18th, 2024 (4 months ago)
US considers banning TP-Link routers over cybersecurity risks
Description: The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [...]
Source: BleepingComputer
December 18th, 2024 (4 months ago)
Counter is Claiming to Sell Admin Access of Agrosys and Copagril
Description: Counter is Claiming to Sell Admin Access of Agrosys and Copagril
Source: DarkWebInformer
December 18th, 2024 (4 months ago)
Recorded Future: Russia's 'Undesirable' Designation Is a Compliment
Description: The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime.
Source: Dark Reading
December 18th, 2024 (4 months ago)
A Threat Actor is Allegedly Selling Data of Box in Box Out
Description: A Threat Actor is Allegedly Selling Data of Box in Box Out
Source: DarkWebInformer
December 18th, 2024 (4 months ago)

CVE-2024-56128
[org.apache.kafka:kafka] Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Description: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. Impact: This vulnerability is exploitable only when an attacker has plaintext access to the SCRAM authentication exchange. However, the usage of SCRAM over plaintext is strongly discouraged as it is considered an insecure practice [2]. Apache Kafka recommends deploying SCRAM exclusively with TLS encryption to protect SCRAM exchanges from interception [3]. Deployments using SCRAM with TLS are not affected by this issue. How to Detect If You Are Impacted: If your deployment uses SCRAM authentication over plaintext communication channels (without TLS encryption), you are likely impacted. To check if TLS is enabled, review your server.properties configuration file for listeners property. If you have SASL_PLAINTEXT in the listeners, then you are likely impacted. Fix Details: The issue has been addressed by introducing nonce verification in the final message of the SCRAM authentication exchange to ensure compliance with RFC 5802. Affected Versions: Apache Kafka versions 0.10.2.0 through...

EPSS Score: 0.05%

Source: Github Advisory Database (Maven)
December 18th, 2024 (4 months ago)
[craftcms/cms] Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Description: Impact You are affected if your php.ini configuration has register_argc_argv enabled. Patches Update to 4.13.2 or 5.5.2. Workarounds If you can't upgrade yet, and register_argc_argv is enabled, you can disable it to mitigate the issue. References https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3 https://github.com/advisories/GHSA-2p6p-9rc9-62j9
Source: Github Advisory Database (Composer)
December 18th, 2024 (4 months ago)
A Threat Actor Claims to be Selling Access to an Unidentified Technological Defense Company in USA
Description: A Threat Actor Claims to be Selling Access to an Unidentified Technological Defense Company in USA
Source: DarkWebInformer
December 18th, 2024 (4 months ago)
[filippo.io/age] age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Description: A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. On UNIX systems, a directory matching ${TMPDIR:-/tmp}/age-plugin-* needs to exist for the attack to succeed. The binary is executed with a single flag, either --age-plugin=recipient-v1 or --age-plugin=identity-v1. The standard input includes the recipient or identity string, and the random file key (if encrypting) or the header of the file (if decrypting). The format is constrained by the age-plugin protocol. An equivalent issue was fixed by the rage project, see advisory GHSA-4fg7-vxc8-qx5w. Thanks to ⬡-49016 for reporting this. References https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201 https://github.com/advisories/GHSA-32gq-x56h-299c
Source: Github Advisory Database (Go)
December 18th, 2024 (4 months ago)