Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-5379 |
Description: A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
EPSS Score: 0.09%
December 3rd, 2024 (6 months ago)
|
|
Description: Howling Scorpius, active since 2023, uses Akira ransomware to target businesses globally, employing a double-extortion strategy and upgrading tools regularly.
The post Threat Assessment: Howling Scorpius (Akira Ransomware) appeared first on Unit 42.
December 2nd, 2024 (6 months ago)
|
|
|
Description: Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.
December 2nd, 2024 (6 months ago)
|
|
|
Description: South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request. [...]
December 2nd, 2024 (6 months ago)
|
|
|
Description: Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.
December 2nd, 2024 (6 months ago)
|
|
|
Description: Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. [...]
December 2nd, 2024 (6 months ago)
|
|
|
Description: Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
December 2nd, 2024 (6 months ago)
|
|
|
Description: The recently uncovered 'Bootkitty' UEFI bootkit, the first malware of its kind targeting Linux systems, exploits CVE-2023-40238, aka 'LogoFAIL,' to infect computers running on a vulnerable UEFI firmware. [...]
December 2nd, 2024 (6 months ago)
|
|
|
Description: With cybersecurity talent hard to come by and companies increasingly looking for guidance and best practices, virtual and fractional chief information security officers can make a lot of sense.
December 2nd, 2024 (6 months ago)
|
|
|
Description: Alder Hey Children's Hospital got hit with a ransomware attack, while the nature of an incident at Wirral University Teaching Hospital remains undisclosed.
December 2nd, 2024 (6 months ago)
|