CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: [Darknetlive Archive] San Diego Man Gets Nine Years for Selling Fentanyl on the Darkweb
January 7th, 2025 (6 months ago)
|
|
|
Description: Impact
Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.
Patches
The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' built from the master branch also include the fix.
References
https://github.com/h44z/wg-portal/security/advisories/GHSA-2r2v-9pf8-6342
https://github.com/h44z/wg-portal/commit/62dbdfe0f96045d46e121d509fc181fbb7936895
https://github.com/advisories/GHSA-2r2v-9pf8-6342
January 7th, 2025 (6 months ago)
|
|
|
Description: The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.
January 7th, 2025 (6 months ago)
|
|
|
Description: DNI Claims to be Selling Access to an Unidentified Business Services Industry
January 7th, 2025 (6 months ago)
|
CVE-2024-6515 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: ABB
Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series
Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of Special Elements in Data Query Logic, Allocation of Resources Without Limits or Throttling, Weak Password Requirements, Cross-Site Request Forgery (CSRF), Use of Weak Hash, Code Injection, PHP Remote File Inclusion, External Control of System or Configuration Setting, Insufficiently Protected Credentials, Unrestricted Upload of File with Dangerous Type, Absolute Path Traversal, Use of Default Credentials, Off-by-one Error, Use of Default Password, Session Fixation
2. RISK EVALUATION
Multiple vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX series products have been reported, which could enable an attacker to disrupt operations or execute remote code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
ABB reports the following products are affected:
ABB NEXUS Series: NEXUS-3-x <=3.08.02 (CVE-2024-6515, CVE-2024-6516, CVE-2024-6784, CVE-2024-48843, CVE-2024-48844, CVE-2024-48846, CVE-2024-48839, CVE-2024-48840, CVE-2024-51541, CVE-2024-51542, CVE-2024-51543, CVE-2024-51544, CVE-2024-51545, CVE-2024-51546, CVE-2024-51548, CVE-2024-51549, CVE-2024-51550, CVE-202...
CVSS: HIGH (8.7) EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
|
|
Description: CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-25-007-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products
ICSA-25-007-02 Nedap Librix Ecoreader
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
January 7th, 2025 (6 months ago)
|
|
|
Description: On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." [...]
January 7th, 2025 (6 months ago)
|
|
|
Description: miyako is Allegedly Selling Access to an Unidentified City Government in Germany
January 7th, 2025 (6 months ago)
|
|
|
Description: Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
January 7th, 2025 (6 months ago)
|
|
|
Description: Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. [...]
January 7th, 2025 (6 months ago)
|