CyberAlerts

CVE-2025-1002

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to alter network traffic and perform a machine-in-the-middle (MITM) attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom DICOM Viewer are affected: MicroDicom DICOM Viewer: Version 2024.03 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 MicroDicom DICOM Viewer fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user. CVE-2025-1002 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). A CVSS v4 score has also been calculated for CVE-2025-1002. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Bulgaria 3.4 RESEARCHER Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA. 4. MITIGATIONS M...

EPSS Score: 0.05%

Source: All CISA Advisories

February 6th, 2025 (5 months ago)

CVE-2024-2658

Schneider Electric EcoStruxure

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability allows for local privilege escalation, which could lead to the execution of a malicious Dynamic-Link Library (DLL). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric EcoStruxure products and versions, which incorporate Revenera FlexNet Publisher, are affected: EcoStruxure Control Expert: Versions prior to V16.1 EcoStruxure Process Expert: All versions EcoStruxure OPC UA Server Expert: All versions EcoStruxure Control Expert Asset Link: Versions prior to V4.0 SP1 EcoStruxure Machine SCADA Expert Asset Link: All versions EcoStruxure Architecture Builder: Versions prior to V7.0.18 EcoStruxure Operator Terminal Expert: All versions Vijeo Designer: Version prior to V6.3SP1 HF1 EcoStruxure Machine Expert including EcoStruxure Machine Expert Safety: All versions EcoStruxure Machine Expert Twin: All versions Zelio Soft 2: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Uncontrolled Search Path Element CWE-427 A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf fi...

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: All CISA Advisories

February 6th, 2025 (5 months ago)

CVE-2025-1076

Vulnerabilidad Cross-Site Scripting almacenado (Stored XSS) en Holded

Description: Stored Cross-Site Scripting vulnerability in Holded Thu, 02/06/2025 - 13:45 Aviso Affected Resources Holded software. Description INCIBE has coordinated the publication of a medium severity vulnerability affecting Holded, a cloud invoicing software for small and medium-sized companies, which has been discovered by Jesús Alcalde Alcázar and Diego León Casas.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1076 : CVSS v3.1: 4.8 | CVSS AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | CWE-79 Identificador INCIBE-2025-0060 3 - Medium Solution The CSP (Content Security Policy) configuration implemented by Holded is designed to prevent the execution of inline scripts and restrict the loading of scripts only to domains specified in its whitelist. This effectively mitigates most attack vectors related to script injection, such as this vulnerability. Detail CVE-2025-1076: a Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality. References list Product web - Ho...

EPSS Score: 0.04%

Source: Incibe CERT

February 6th, 2025 (5 months ago)

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Description: A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,

Source: TheHackerNews

February 6th, 2025 (5 months ago)

Google Cloud Platform Data Destruction via Cloud Build

Description: A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family.

Source: Cisco Talos Blog

February 6th, 2025 (5 months ago)

Top 3 Ransomware Threats Active in 2025

Description: You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get

Source: TheHackerNews

February 6th, 2025 (5 months ago)

SVG Phishing Attacks Escalate, Now Using CAPTCHA for Evasion

Description: A new wave of large-scale phishing attacks is exploiting Scalable Vector Graphics (SVG) files to bypass security measures, evade detection, and automate credential theft. Sophos researcher Andrew Brandt reports that these attacks, which have escalated significantly since mid-January 2025, use embedded JavaScript, Cloudflare CAPTCHA gates, and even malware payloads—making them more sophisticated than previous SVG … The post SVG Phishing Attacks Escalate, Now Using CAPTCHA for Evasion appeared first on CyberInsider.

Source: CyberInsider

February 6th, 2025 (5 months ago)

Police Arrest Hacker Behind Attacks on U.S. and NATO Systems

Description: Spanish authorities have arrested an 18-year-old hacker known as “Natohub,” accused of breaching multiple high-profile government and military systems, including databases belonging to NATO, the U.S. Army, and Spain's Ministry of Defense. The hacker, who operated under multiple aliases on dark web forums, carried out at least 40 cyberattacks throughout 2024, targeting both public institutions … The post Police Arrest Hacker Behind Attacks on U.S. and NATO Systems appeared first on CyberInsider.

Source: CyberInsider

February 6th, 2025 (5 months ago)

Network security fundamentals

Description: How to design, use, and maintain secure networks.

Source: NCSC Alerts and Advisories

February 6th, 2025 (5 months ago)

CVE-2025-20124

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Description: Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: TheHackerNews

February 6th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-1002	MicroDicom DICOM Viewer Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to alter network traffic and perform a machine-in-the-middle (MITM) attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom DICOM Viewer are affected: MicroDicom DICOM Viewer: Version 2024.03 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 MicroDicom DICOM Viewer fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user. CVE-2025-1002 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). A CVSS v4 score has also been calculated for CVE-2025-1002. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Bulgaria 3.4 RESEARCHER Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA. 4. MITIGATIONS M... EPSS Score: 0.05% Source: All CISA Advisories February 6th, 2025 (5 months ago)
CVE-2024-2658	Schneider Electric EcoStruxure Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability allows for local privilege escalation, which could lead to the execution of a malicious Dynamic-Link Library (DLL). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric EcoStruxure products and versions, which incorporate Revenera FlexNet Publisher, are affected: EcoStruxure Control Expert: Versions prior to V16.1 EcoStruxure Process Expert: All versions EcoStruxure OPC UA Server Expert: All versions EcoStruxure Control Expert Asset Link: Versions prior to V4.0 SP1 EcoStruxure Machine SCADA Expert Asset Link: All versions EcoStruxure Architecture Builder: Versions prior to V7.0.18 EcoStruxure Operator Terminal Expert: All versions Vijeo Designer: Version prior to V6.3SP1 HF1 EcoStruxure Machine Expert including EcoStruxure Machine Expert Safety: All versions EcoStruxure Machine Expert Twin: All versions Zelio Soft 2: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Uncontrolled Search Path Element CWE-427 A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf fi... CVSS: HIGH (8.5) EPSS Score: 0.05% Source: All CISA Advisories February 6th, 2025 (5 months ago)
CVE-2025-1076	Vulnerabilidad Cross-Site Scripting almacenado (Stored XSS) en Holded Description: Stored Cross-Site Scripting vulnerability in Holded Thu, 02/06/2025 - 13:45 Aviso Affected Resources Holded software. Description INCIBE has coordinated the publication of a medium severity vulnerability affecting Holded, a cloud invoicing software for small and medium-sized companies, which has been discovered by Jesús Alcalde Alcázar and Diego León Casas.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1076 : CVSS v3.1: 4.8 \| CVSS AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N \| CWE-79 Identificador INCIBE-2025-0060 3 - Medium Solution The CSP (Content Security Policy) configuration implemented by Holded is designed to prevent the execution of inline scripts and restrict the loading of scripts only to domains specified in its whitelist. This effectively mitigates most attack vectors related to script injection, such as this vulnerability. Detail CVE-2025-1076: a Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality. References list Product web - Ho... EPSS Score: 0.04% Source: Incibe CERT February 6th, 2025 (5 months ago)
	SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images Description: A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server, Source: TheHackerNews February 6th, 2025 (5 months ago)
	Google Cloud Platform Data Destruction via Cloud Build Description: A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. Source: Cisco Talos Blog February 6th, 2025 (5 months ago)
	Top 3 Ransomware Threats Active in 2025 Description: You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get Source: TheHackerNews February 6th, 2025 (5 months ago)
	SVG Phishing Attacks Escalate, Now Using CAPTCHA for Evasion Description: A new wave of large-scale phishing attacks is exploiting Scalable Vector Graphics (SVG) files to bypass security measures, evade detection, and automate credential theft. Sophos researcher Andrew Brandt reports that these attacks, which have escalated significantly since mid-January 2025, use embedded JavaScript, Cloudflare CAPTCHA gates, and even malware payloads—making them more sophisticated than previous SVG … The post SVG Phishing Attacks Escalate, Now Using CAPTCHA for Evasion appeared first on CyberInsider. Source: CyberInsider February 6th, 2025 (5 months ago)
	Police Arrest Hacker Behind Attacks on U.S. and NATO Systems Description: Spanish authorities have arrested an 18-year-old hacker known as “Natohub,” accused of breaching multiple high-profile government and military systems, including databases belonging to NATO, the U.S. Army, and Spain's Ministry of Defense. The hacker, who operated under multiple aliases on dark web forums, carried out at least 40 cyberattacks throughout 2024, targeting both public institutions … The post Police Arrest Hacker Behind Attacks on U.S. and NATO Systems appeared first on CyberInsider. Source: CyberInsider February 6th, 2025 (5 months ago)
	Network security fundamentals Description: How to design, use, and maintain secure networks. Source: NCSC Alerts and Advisories February 6th, 2025 (5 months ago)
CVE-2025-20124	Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc Description: Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote CVSS: CRITICAL (9.9) EPSS Score: 0.05% Source: TheHackerNews February 6th, 2025 (5 months ago)