Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account.
"The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
December 11th, 2024 (6 months ago)
|
|
|
Description: US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. [...]
December 11th, 2024 (6 months ago)
|
|
|
Description: A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023.
The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team
December 11th, 2024 (6 months ago)
|
|
|
Description: In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance.
Nudge Security is the world’s first and only solution to bring
December 11th, 2024 (6 months ago)
|
|
|
Description: Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.
The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as
December 11th, 2024 (6 months ago)
|
|
|
Description: Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild.
Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
December 11th, 2024 (6 months ago)
|
|
|
Description: Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.
December 11th, 2024 (6 months ago)
|
|
|
Description: The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020.
Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been
December 11th, 2024 (6 months ago)
|
CVE-2024-11639 |
Description: Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.
The list of vulnerabilities is as follows -
CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
EPSS Score: 0.09%
December 11th, 2024 (6 months ago)
|
|
|
Description: The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
December 10th, 2024 (6 months ago)
|