Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-49093
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Description: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-49092
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Description: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.8)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-49091
Windows Domain Name Service Remote Code Execution Vulnerability
Description: Windows Domain Name Service Remote Code Execution Vulnerability

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)
Researchers Crack Microsoft Azure MFA in an Hour
Description: A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
Source: Dark Reading
December 11th, 2024 (4 months ago)
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
Description: The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically
Source: TheHackerNews
December 11th, 2024 (4 months ago)
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Description: Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
Source: TheHackerNews
December 11th, 2024 (4 months ago)
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
Description: Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
Source: TheHackerNews
December 11th, 2024 (4 months ago)

CVE-2024-49118
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVSS: HIGH (8.1)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-49115
Windows Remote Desktop Services Remote Code Execution Vulnerability
Description: Windows Remote Desktop Services Remote Code Execution Vulnerability

CVSS: HIGH (8.1)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-49113
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Description: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)