Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.
December 18th, 2024 (5 months ago)
|
|
|
Description: How to protect yourself from the impact of data breaches
December 18th, 2024 (5 months ago)
|
|
|
Description: Advice for customers of Marriott International following the reports of a data breach.
December 18th, 2024 (5 months ago)
|
|
|
Description: Advice for Dixons Carphone customers following its data breach.
December 18th, 2024 (5 months ago)
|
|
|
Description: ShinyHunters Claims to Have Breached the Database of Airmeet
December 18th, 2024 (5 months ago)
|
|
|
Description: In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
December 18th, 2024 (5 months ago)
|
|
|
Description: In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
December 18th, 2024 (5 months ago)
|
|
|
Description: In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
December 18th, 2024 (5 months ago)
|
|
|
Description: In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
December 18th, 2024 (5 months ago)
|
CVE-2024-45337 |
Description: A security issue was identified in the NanoProxy project related to the golang.org/x/crypto dependency. The project was using an outdated version of this dependency, which potentially exposed the system to security vulnerabilities that have been addressed in subsequent updates.
Impact:
The specific vulnerabilities in the outdated version of golang.org/x/crypto could include authorization bypasses, data breaches, or other security risks. These vulnerabilities can be exploited by attackers to compromise the integrity, confidentiality, or availability of the system.
Resolution:
The issue has been fixed in NanoProxy by upgrading the golang.org/x/crypto dependency to version 0.31.0. Users are strongly encouraged to update their instances of NanoProxy to include this fix and ensure they are using the latest secure version of all dependencies.
Fixed Version:
golang.org/x/crypto upgraded to version 0.31.0.
References
https://github.com/ryanbekhen/nanoproxy/security/advisories/GHSA-7prj-hgx4-2xc3
https://nvd.nist.gov/vuln/detail/CVE-2024-45337
https://github.com/advisories/GHSA-7prj-hgx4-2xc3
EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|