CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Part predictive analysis, part intuition, risk and reputation services are imperfect instruments at best — and better than nothing for most organizations and insurers.
January 16th, 2025 (6 months ago)
|
|
|
Description: Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns.
"In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report
January 16th, 2025 (6 months ago)
|
|
|
Description: Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.
"A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a
January 16th, 2025 (6 months ago)
|
CVE-2024-7344 |
Description: Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems.
The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new
EPSS Score: 0.04%
January 16th, 2025 (6 months ago)
|
|
|
Description: You can tell the story of the current state of stolen credential-based attacks in three numbers:
Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon).
Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).
Stolen credentials on criminal forums cost as
January 16th, 2025 (6 months ago)
|
|
|
Description: Cybercriminals are running a large-scale phishing operation that exploits Google Ads itself to steal advertiser credentials. According to a new Malwarebytes report, the attackers create fraudulent ads that impersonate Google Ads, tricking businesses and individuals into entering their login details on fake Google pages. Stolen accounts are then resold on blackhat forums or used for …
The post Massive Google Ads Phishing Campaign Targets Advertisers appeared first on CyberInsider.
January 16th, 2025 (6 months ago)
|
|
|
Description: European privacy advocacy group noyb has filed six General Data Protection Regulation (GDPR) complaints against major Chinese tech companies, including TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for allegedly transferring Europeans' personal data to China in violation of EU law. The complaints, lodged in five different countries, argue that China's authoritarian surveillance state lacks adequate …
The post GDPR Complaints Filed Against TikTok, Xiaomi, Over Data Transfers appeared first on CyberInsider.
January 16th, 2025 (6 months ago)
|
|
|
Description: Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process.
January 16th, 2025 (6 months ago)
|
|
|
January 16th, 2025 (6 months ago)
|
|
|
Description: Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure.
All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern absolute path traversal flaws that allow a remote unauthenticated
January 16th, 2025 (6 months ago)
|