CyberAlerts

APT trends report Q3 2024

Description: The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Source: Unknown Source

November 28th, 2024 (5 months ago)

U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider

Description: U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts "originated from a wireline provider's network that was connected to ours," Jeff Simon, chief security officer at T-Mobile, said in a statement. "We see no instances of prior attempts like

Source: TheHackerNews

November 28th, 2024 (5 months ago)

Multiple vulnerabilities in FUJI ELECTRIC products

Description: FUJI ELECTRIC V-SFT, TELLUS, TELLUS Lite, V-Server, and V-Server Lite contain multiple vulnerabilities.

Source: Japan Vulnerability Notes (JVN)

November 28th, 2024 (5 months ago)

CVE-2024-9683

Quay: quay allows successful authentication with trucated version of the password

Description: A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.

EPSS Score: 0.05%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2024-9666

Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability

Description: A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.

EPSS Score: 0.04%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2024-9420

Description: A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

EPSS Score: 0.05%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2024-9413

Description: The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.

EPSS Score: 0.04%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2024-9369

Description: Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.06%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2024-7025

Description: Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.06%

Source: CVE

November 28th, 2024 (5 months ago)

CVE-2024-54004

Description: Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.

EPSS Score: 0.04%

Source: CVE

November 28th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	APT trends report Q3 2024 Description: The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns. Source: Unknown Source November 28th, 2024 (5 months ago)
	U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider Description: U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts "originated from a wireline provider's network that was connected to ours," Jeff Simon, chief security officer at T-Mobile, said in a statement. "We see no instances of prior attempts like Source: TheHackerNews November 28th, 2024 (5 months ago)
	Multiple vulnerabilities in FUJI ELECTRIC products Description: FUJI ELECTRIC V-SFT, TELLUS, TELLUS Lite, V-Server, and V-Server Lite contain multiple vulnerabilities. Source: Japan Vulnerability Notes (JVN) November 28th, 2024 (5 months ago)
CVE-2024-9683	Quay: quay allows successful authentication with trucated version of the password Description: A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future. EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-9666	Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability Description: A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-9420	Description: A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-9413	Description: The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-9369	Description: Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-7025	Description: Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-54004	Description: Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)