Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.
The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as
December 11th, 2024 (5 months ago)
|
|
|
Description: Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild.
Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
December 11th, 2024 (5 months ago)
|
|
|
Description: Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.
December 11th, 2024 (5 months ago)
|
|
|
Description: The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020.
Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been
December 11th, 2024 (5 months ago)
|
CVE-2024-11639 |
Description: Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.
The list of vulnerabilities is as follows -
CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
EPSS Score: 0.09%
December 11th, 2024 (5 months ago)
|
|
|
Description: The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
December 10th, 2024 (5 months ago)
|
|
|
Description: There is a possible Cross Site Scripting (XSS) vulnerability in the content_security_policy helper in Action Pack.
Impact
Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.
Releases
The fixed releases are available at the normal locations.
Workarounds
Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
Credits
Thanks to ryotak for the report!
References
https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
https://github.com/advisories/GHSA-vfm5-rmrh-j26v
December 10th, 2024 (5 months ago)
|
|
|
Description: Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-55500
https://github.com/avwo/whistle/commit/d1b8ca275dc4e453bd2efed392c0fd4b92f73cdf
https://www.sonarsource.com/blog/never-underestimate-csrf-why-origin-reflection-is-a-bad-idea
https://github.com/advisories/GHSA-gg6x-448q-pqqm
December 10th, 2024 (5 months ago)
|
|
|
Description: Summary
pnpm seems to mishandle overrides and global cache:
Overrides from one workspace leak into npm metadata saved in global cache
npm metadata from global cache affects other workspaces
installs by default don't revalidate the data (including on first lockfile generation)
This can make workspace A (even running with ignore-scripts=true) posion global cache and execute scripts in workspace B
Users generally expect ignore-scripts to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it).
Here, that expectation is broken
Details
See PoC.
In it, overrides from a single run of A get leaked into e.g. ~/Library/Caches/pnpm/metadata/registry.npmjs.org/rimraf.json and persistently affect all other projects using the cache
PoC
Postinstall code used in PoC is benign and can be inspected in https://www.npmjs.com/package/ponyhooves?activeTab=code, it's just a console.log
Remove store and cache
On mac: rm -rf ~/Library/Caches/pnpm ~/Library/pnpm/store
This step is not required in general, but we'll be using a popular package for PoC that's likely cached
Create A/package.json:{
"name": "A",
"pnpm": { "overrides": { "rimraf>glob": "npm:ponyhooves@1" } },
"dependencies": { "rimraf": "6.0.1" }
}
Install it with pnpm i --ignore-scripts (the flag is not required, but the point of the demo is to show that it doesn't help)
Create B/package.json:{
"name": "B",
"dependencies": { "rimraf": "6.0.1" }
}
Insta...
December 10th, 2024 (5 months ago)
|
|
|
Description: U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. [...]
December 10th, 2024 (5 months ago)
|