Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia
Description: A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team
Source: TheHackerNews
December 11th, 2024 (4 months ago)
What is Nudge Security and How Does it Work?
Description: In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only solution to bring
Source: TheHackerNews
December 11th, 2024 (4 months ago)
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
Description: Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as
Source: TheHackerNews
December 11th, 2024 (4 months ago)
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
Description: Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
Source: TheHackerNews
December 11th, 2024 (4 months ago)
Governments, Telcos Ward Off China's Hacking Typhoons
Description: Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.
Source: Dark Reading
December 11th, 2024 (4 months ago)
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
Description: The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been
Source: TheHackerNews
December 11th, 2024 (4 months ago)

CVE-2024-11639
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Description: Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote

EPSS Score: 0.09%

Source: TheHackerNews
December 11th, 2024 (4 months ago)
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
Description: The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
Source: Dark Reading
December 10th, 2024 (4 months ago)
[actionpack] Possible Content Security Policy bypass in Action Dispatch
Description: There is a possible Cross Site Scripting (XSS) vulnerability in the content_security_policy helper in Action Pack. Impact Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Releases The fixed releases are available at the normal locations. Workarounds Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input. Credits Thanks to ryotak for the report! References https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v https://github.com/advisories/GHSA-vfm5-rmrh-j26v
Source: Github Advisory Database (RubyGems)
December 10th, 2024 (4 months ago)
[whistle] Avenwu Whistle Cross-Site Request Forgery (CSRF)
Description: Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine. References https://nvd.nist.gov/vuln/detail/CVE-2024-55500 https://github.com/avwo/whistle/commit/d1b8ca275dc4e453bd2efed392c0fd4b92f73cdf https://www.sonarsource.com/blog/never-underestimate-csrf-why-origin-reflection-is-a-bad-idea https://github.com/advisories/GHSA-gg6x-448q-pqqm
Source: Github Advisory Database (NPM)
December 10th, 2024 (4 months ago)