Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Advice for Dixons Carphone customers following its data breach.
December 18th, 2024 (4 months ago)
|
|
|
Description: ShinyHunters Claims to Have Breached the Database of Airmeet
December 18th, 2024 (4 months ago)
|
|
|
Description: In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
December 18th, 2024 (4 months ago)
|
|
|
Description: In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
December 18th, 2024 (4 months ago)
|
|
|
Description: In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
December 18th, 2024 (4 months ago)
|
|
|
Description: In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
December 18th, 2024 (4 months ago)
|
CVE-2024-54139 |
Description: Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue.
CVSS: HIGH (7.9) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-45337 |
Description: A security issue was identified in the NanoProxy project related to the golang.org/x/crypto dependency. The project was using an outdated version of this dependency, which potentially exposed the system to security vulnerabilities that have been addressed in subsequent updates.
Impact:
The specific vulnerabilities in the outdated version of golang.org/x/crypto could include authorization bypasses, data breaches, or other security risks. These vulnerabilities can be exploited by attackers to compromise the integrity, confidentiality, or availability of the system.
Resolution:
The issue has been fixed in NanoProxy by upgrading the golang.org/x/crypto dependency to version 0.31.0. Users are strongly encouraged to update their instances of NanoProxy to include this fix and ensure they are using the latest secure version of all dependencies.
Fixed Version:
golang.org/x/crypto upgraded to version 0.31.0.
References
https://github.com/ryanbekhen/nanoproxy/security/advisories/GHSA-7prj-hgx4-2xc3
https://nvd.nist.gov/vuln/detail/CVE-2024-45337
https://github.com/advisories/GHSA-7prj-hgx4-2xc3
EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
|
Description: US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...]
December 12th, 2024 (4 months ago)
|
|
|
Description: Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.
December 11th, 2024 (4 months ago)
|