CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. [...]
February 7th, 2025 (5 months ago)
|
|
|
Description: Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway.
The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET
February 7th, 2025 (5 months ago)
|
|
|
Description: Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. [...]
February 7th, 2025 (5 months ago)
|
|
|
Description: Microsoft Threat Intelligence has identified a security risk involving publicly available ASP.NET machine keys, which have been exploited in code injection attacks. Microsoft’s security researchers observed limited malicious activity in December 2024, when a threat actor leveraged a publicly disclosed ASP.NET machine key to perform a ViewState code injection attack. During the investigation, Microsoft found …
The post Microsoft Warns of Code Injection via Exposed ASP.NET Keys appeared first on CyberInsider.
February 7th, 2025 (5 months ago)
|
|
|
Description: Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]
February 6th, 2025 (5 months ago)
|
|
|
Description: CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...]
February 6th, 2025 (5 months ago)
|
CVE-2025-0994 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.6
ATTENTION: Exploitable remotely/low attack complexity/known public exploitation
Vendor: Trimble
Equipment: Cityworks
Vulnerability: Deserialization of Untrusted Data
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Trimble Cityworks, an asset and work management system, are affected:
Cityworks: All versions prior to 23.10
3.2 VULNERABILITY OVERVIEW
3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502
Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.
CVE-2025-0994 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-0994. A base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Water and Wastewater Systems
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER
Trimble reported this vulnerability to CISA.
4. MITIGATIONS
Cityworks has released the following update guidance...
EPSS Score: 1.32%
February 6th, 2025 (5 months ago)
|
|
|
Description: Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]
February 5th, 2025 (5 months ago)
|
|
|
Description: A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. [...]
February 5th, 2025 (5 months ago)
|
|
|
Description: The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible. [...]
February 5th, 2025 (5 months ago)
|