CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A Threat Actor Claims to be Selling the Data of H&M (UAE)
January 28th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling a FUD Browser Stealer
January 28th, 2025 (5 months ago)
|
|
|
Description: Signal is finally adding a new feature that allows users to synchronize their old message history from their primary iOS or Android devices to newly linked devices like desktops and iPads. [...]
January 28th, 2025 (5 months ago)
|
|
|
Description: Written by: Nino Isakovic
Introduction
Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC.
GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41.
GTIG currently tracks three known POISONPLUG variants:
POISONPLUG
POISONPLUG.DEED
POISONPLUG.SHADOW
POISONPLUG.SHADOW—often referred to as "Shadowpad," a malware family name first introduced by Kaspersky—stands out due to its use of a custom obfuscating compiler specifically designed to evade detection and analysis. Its complexity is compounded by not only the extensive obfuscation mechanisms employed but also by the attackers' highly sophisticated threat tactics. These elements collectively make analysis exceptionally challenging and complicate efforts to identify, understand, and mitigate the associate...
January 28th, 2025 (5 months ago)
|
|
|
Description: EnergyWeaponUser is Allegedly Selling Access to an Unidentified Bodycam Company
January 28th, 2025 (5 months ago)
|
CVE-2024-12703 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.5
ATTENTION: Low Attack Complexity
Vendor: Schneider Electric
Equipment: Electric RemoteConnect and SCADAPack x70 Utilities
Vulnerability: Deserialization of Untrusted Data
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports that the following products are affected:
RemoteConnect: All versions
SCADAPackTM x70 Utilities: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502
A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file.
CVE-2024-12703 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-12703. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Energy, Critical Manufacturing.
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER
Schneider Electr...
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-8603 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: B&R
Equipment: Automation Runtime
Vulnerability: Use of a Broken or Risky Cryptographic Algorithm
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
B&R reports that the following products are affected:
B&R Automation Runtime: versions prior to 6.1
B&R mapp View: versions prior to 6.1
3.2 VULNERABILITY OVERVIEW
3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327
A "Use of a Broken or Risky Cryptographic Algorithm" vulnerability in the SSL/TLS component used in B&R Automation Runtime versions <6.1 and B&R mapp View versions <6.1 may be abused by unauthenticated network-based attackers to masquerade as legitimate services on impacted devices.
CVE-2024-8603 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Austria
3.4 RESEARCHER
ABB PSIRT reported this vulnerability to CISA.
4. MITIGATIONS
B&R has identified the following specific workarounds and mitigations users can apply to reduce risk:
All affected products: The problem is corrected in the following product versions: B&...
CVSS: HIGH (8.2) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling Unauthorized VPN Access to an Electrical Manufacturing Organization in Taiwan
January 28th, 2025 (5 months ago)
|
|
|
Description: Cryptojacking may be stealthy, but its impact is anything but. From inflated cloud bills to sluggish performance, it's a threat that companies can't ignore. Learn more from Pentera about how automated security validation can protect your org from these threats. [...]
January 28th, 2025 (5 months ago)
|
|
|
Description: Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. [...]
January 28th, 2025 (5 months ago)
|