CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “Indexed Search Module” allows attackers to delete items of the component.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-008
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545
https://github.com/TYPO3-CMS/indexed_search/commit/cfda3f1edeea3c50034...
January 14th, 2025 (6 months ago)
|
|
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “Scheduler Module” allows attackers to trigger pre-defined command classes - which can lead to unauthorized import or export of data in the worst case.
Solution
Update to TYPO3 versions 11.5.42 ELTS that fixes the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-009
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-7835-fcv3-g256
https://typo3.or...
January 14th, 2025 (6 months ago)
|
|
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “DB Check Module” allows attackers to manipulate data through unauthorized actions.
Solution
Update to TYPO3 versions 11.5.42 ELTS that fixes the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-010
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-8mv3-37rc-pvxj
https://typo3.org/security/advisory/typo3-core-sa-2025-010
https://github.com/adviso...
January 14th, 2025 (6 months ago)
|
|
|
Description: Impact
NOTE: The Realtime WYSIWYG Editor extension was experimental, and thus not recommended, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0.
A user with only edit right can join a realtime editing session where others, that where already there or that may join later, have script or programming access rights. This user can then insert script rendering macros that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights.
Here's an example that works with XWiki 15.10.9+ and 16.2.0+:
the attacker starts editing a wiki page in realtime (for which they have edit right)
another user, with script or programming access right joins the editing session (e.g. by clicking on a link / URL provided by the attacker)
the attacker inserts a script rendering macro, say {{velocity}}I can run scripts{{/velocity}}, in the edited content, using the WYSIWYG editor UI
the edited content is reloaded for both the attacker and the other user, in order to render the inserted macro
the attacker gets a rendering error message
the other user sees "I can run scripts"
The attacker can obviously use more advanced scripts to gain access rights.
Before XWiki 15.10.9 and 16.2.0 the edited content was not re-rendered for all the users in the editing sesesion, but only for the user that inserted the macro. This means that in orde...
January 14th, 2025 (6 months ago)
|
|
|
Description: RipperSec Targeted the Website of NISHTHA
January 14th, 2025 (6 months ago)
|
|
|
Description: Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...]
January 14th, 2025 (6 months ago)
|
|
|
Description: Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging AI threats.
Specifically, the playbook:
Facilitates collaboration between federal agencies, private industry, international partners, and other stakeholders to raise awareness of AI cybersecurity risks and improve the resilience of AI systems.
Guides JCDC partners on how to voluntarily share information related to cybersecurity incidents and vulnerabilities associated with AI systems.
Delineates information-sharing protections and mechanisms.
Outlines CISA’s actions upon receiving shared information.
CISA urges JCDC partners to integrate the playbook into their incident response and information-sharing processes, make iterative improvements as needed, and provide feedback to CISA through [email protected].
Not a partner? Join JCDC to engage in synchronized cybersecurity planning, cyber defense, and response. Learn more by visiting CISA’s JCDC webpage and emailing [email protected].
January 14th, 2025 (6 months ago)
|
|
|
Description: Written by: Josh Triplett
Executive Summary
Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in many modern families. This complements dynamic analysis, providing faster threat identification and high-confidence malware family attribution. Google SecOps reverse engineers ensure precise indicators of compromise (IOC) extraction, empowering security teams with actionable threat intelligence to proactively neutralize attacks.
Overview
The ability to quickly detect and respond to threats has a significant impact on potential outcomes. Indicators of compromise (IOCs) serve as crucial breadcrumbs, allowing cybersecurity teams to identify and mitigate potential attacks while expanding their search for related activity. VirusTotal's existing suite of tools to analyze and understand malware IOCs, and thus the Google Threat Intelligence platform by extension, is further enhanced with Backscatter.
VirusTotal has traditionally utilized dynamic analysis methods, like sandboxes, to observe malware behavior and capture IOCs. However, these methods can be time-consuming and may not yield actionable data if the malware employs anti-analysis techniques. Backscatter, a service developed by the Mandiant FLARE team, complements these methods by offering a static analysis capability that di...
January 14th, 2025 (6 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling Access to a Bot with an Unidentified RAT that has Compromised a Schwab Trading Account with $1.5M USD
January 14th, 2025 (6 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling VPN Access to an Unidentified Spanish Company
January 14th, 2025 (6 months ago)
|