CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
How to Get the Most Out of Cyber Insurance
Description: Cyber insurance should augment your cybersecurity strategy — not replace it.
Source: Dark Reading
December 30th, 2024 (6 months ago)
What Security Lessons Did We Learn in 2024?
Description: Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.
Source: Dark Reading
December 30th, 2024 (6 months ago)
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
Description: Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in
Source: TheHackerNews
December 30th, 2024 (6 months ago)
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
Description: The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the
Source: TheHackerNews
December 30th, 2024 (6 months ago)
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
Description: News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in
Source: TheHackerNews
December 30th, 2024 (6 months ago)
AT&T and Verizon say networks secure after Salt Typhoon breach
Description: AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. [...]
Source: BleepingComputer
December 30th, 2024 (6 months ago)
Malware botnets exploit outdated D-Link routers in recent attacks
Description: Two botnets tracked as 'Ficora' and 'Capsaicin' have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. [...]
Source: BleepingComputer
December 30th, 2024 (6 months ago)

CVE-2024-56756
nvme-pci: fix freeing of the HMB descriptor table
Description: In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent. In practice this was not showing up because the number of descriptors tends to be low and the dma coherent allocator always allocates and frees at least a page.

EPSS Score: 0.04%

Source: CVE
December 30th, 2024 (6 months ago)

CVE-2024-56755
netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
Description: In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a wake-up, the bit-clearing operation hasn't been detected yet, leading to an indefinite wait. The triggering process is as follows: [cookie1] [cookie2] [volume_work] fscache_perform_lookup fscache_create_volume fscache_perform_lookup fscache_create_volume fscache_create_volume_work cachefiles_acquire_volume clear_and_wake_up_bit test_and_set_bit test_and_set_bit goto maybe_wait goto no_wait In the above process, cookie1 and cookie2 has the same volume. When cookie1 enters the -no_wait- process, it will clear the bit and wake up the waiting process. If a barrier is missing, it may cause cookie2 to remain in the -wait- process indefinitely. In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()"), barriers were added to similar operations in fscache_create_volume_work(), but fscache_create_volume() was missed. By combining the clear and wake operations into clear_...

EPSS Score: 0.04%

Source: CVE
December 30th, 2024 (6 months ago)

CVE-2024-56754
crypto: caam - Fix the pointer passed to caam_qi_shutdown()
Description: In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caam_qi_shutdown() The type of the last parameter given to devm_add_action_or_reset() is "struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to "struct device *". Pass the correct parameter to devm_add_action_or_reset() so that the resources are released as expected.

EPSS Score: 0.04%

Source: CVE
December 30th, 2024 (6 months ago)