CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.
January 7th, 2025 (6 months ago)
|
|
|
Description: It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to
January 7th, 2025 (6 months ago)
|
|
|
Description: Washington Attorney General Bob Ferguson filed a lawsuit against T-Mobile, alleging severe failures in protecting consumer data that resulted in a 2021 breach impacting over 79 million individuals nationwide, including more than 2 million Washingtonians. The breach exposed sensitive data such as Social Security numbers, driver’s license details, and phone numbers, putting millions at risk …
The post Washington Sues T-Mobile Over 2021 Data Breach Impacting 79 Million appeared first on CyberInsider.
January 7th, 2025 (6 months ago)
|
|
|
Description: Telegram, the popular yet controversial messaging app, has significantly increased its compliance with law enforcement data requests, fulfilling 900 requests from U.S. authorities in 2024. This marks a massive spike in cooperation compared to earlier periods, with data provided affecting 2,253 users, according to newly released transparency figures accessed via Telegram's Transparency Reports bot. The …
The post Telegram Shared Data on 2,253 Users with U.S. Authorities in 2024 appeared first on CyberInsider.
January 7th, 2025 (6 months ago)
|
|
|
Description: Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework.
The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution.
"The key
January 7th, 2025 (6 months ago)
|
CVE-2024-8474 |
Description: OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic
EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
|
CVE-2024-56828 |
Description: File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the base64-encoded image is parsed. For example, given a string like: data:image/html;base64,PGh0bWw+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPjwvaHRtbD4= the content after the comma is extracted and decoded using Base64.getDecoder().decode(). The substring from the 11th character up to the first occurrence of a semicolon (;) is assigned to the suffix variable (representing the file extension). The decoded content is then written to a file. However, the file extension is not validated, and since this functionality is exposed to the frontend, it poses significant security risks.
EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|
|
CVE-2024-56769 |
Description: In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
Syzbot reports [1] an uninitialized value issue found by KMSAN in
dib3000_read_reg().
Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case
that call fails, the buffer may end up with some undefined values.
Since no elaborate error handling is expected in dib3000_write_reg(),
simply zero out rb buffer to mitigate the problem.
[1] Syzkaller report
dvb-usb: bulk message failed: -22 (6/0)
=====================================================
BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758
dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758
dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31
dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290
dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline]
dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline]
dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310
dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110
...
Local variable rb created at:
dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54
dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758
...
EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
|
CVE-2024-56768 |
Description: In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP
disabled can trigger the following bug, as pcpu_hot is unavailable:
[ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c
[ 8.471849] #PF: supervisor read access in kernel mode
[ 8.471881] #PF: error_code(0x0000) - not-present page
Fix by inlining a return 0 in the !CONFIG_SMP case.
EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
|
CVE-2024-56767 |
Description: In the Linux kernel, the following vulnerability has been resolved:
dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
The at_xdmac_memset_create_desc may return NULL, which will lead to a
null pointer dereference. For example, the len input is error, or the
atchan->free_descs_list is empty and memory is exhausted. Therefore, add
check to avoid this.
EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|