Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Zero Day Initiative
The June 2024 Security Update Review
None ... Read more
-
Kaspersky
QR code SQL injection and other vulnerabilities in a popular biometric terminal
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that ... Read more
-
cert.pl
Vulnerabilities in medical clinics software
CVE ID CVE-2024-1228 Publication date 10 June 2024 Vendor EuroSoft Sp. z o. o. Product Eurosoft Przychodnia Vulnerable versions All to 20240417.001 Vulnerability type (CWE) Use of Hard-coded Credentia ... Read more
-
Google Cloud
Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools
Written by: Bavi Sadayappan, Zach Riddle, Jordan Nuce, Joshua Shilko, Jeremy Kennelly A version of this blog post was published to the Mandiant Advantage portal on April 18, 2024. Executive Summary In ... Read more
-
0patch.com
Micropatch Released for Windows Authentication Elevation of Privilege Vulnerability (CVE-2023-36047)
We have just released a micropatch for CVE-2023-36047, a local privilege escalation vulnerability found by Filip Dragović in the way Windows handle files when a user changes their account picture. Fil ... Read more
-
New Jetpack Site
Vulnerabilità su Checkpoint VPN sfruttata in the wild
05/30/2024 PROTO: N240530 CERT-Yoroi di Tinexta Cyber informa che è stata resa nota una vulnerabilità sul prodotto VPN di CheckPoint (comprensivo di IPsec VPN, Remote Access VPN e Mobile Access) ident ... Read more
-
Trend Micro
Decoding Water Sigbin's Latest Obfuscation Tricks
APT & Targeted Attacks Water Sigbin (aka the 8220 Gang) exploited Oracle WebLogic vulnerabilities to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniqu ... Read more
-
New Jetpack Site
Vulnerabilità critica in Zabbix
05/23/2024 PROTO: N240523 CERT-Yoroi informa che è stata resa nota una vulnerabilità critica su Zabbix che consente ad utenti malintenzionati di eseguire del codice da remoto arbitrario e privilege es ... Read more
-
Google Cloud
IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders
Written by: Michael Raggi Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ ... Read more
-
cert.pl
Vulnerability in Online Shopping System Advanced software
CVE ID CVE-2024-3579 Publication date 14 May 2024 Vendor Puneeth Reddy Product Online Shopping System Advanced Vulnerable versions All Vulnerability type (CWE) Improper Neutralization of Input During ... Read more