Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
huntress.com
Critical Vulnerability: Exploitation of Apache ActiveMQ CVE-2023-46604 | Huntress
A partner recently deployed Huntress agents on October 30, 2023, after experiencing a “HelloKitty” ransomware attack on October 27. This ransomware attack followed closely with what was described by R ... Read more
-
0patch.com
Micropatches Released For Microsoft Office Security Feature Bypass (CVE-2023-33150) - Plus a Small 0day
In July 2023, Microsoft released a patch for CVE-2023-33150, a vulnerability in Microsoft Office that allowed an attacker to create a malicious Word document which would not open in Protected View eve ... Read more
-
Google
Government-backed actors exploiting WinRAR vulnerability
K Kate Morgan Threat Analysis Group In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, i ... Read more
-
cert.pl
Vulnerability in SmodBIP software
CVE ID CVE-2023-4837 Publication date 10 October 2023 Vendor Jan Syski Product SmodBIP Vulnerable versions All Vulnerability type (CWE) Cross-Site Request Forgery (CWE-352) Report source Own research ... Read more
-
0patch.com
Micropatches Released For Two Windows CNG Key Isolation Service Vulnerabilities (CVE-2023-28229, CVE-2023-36906)
Last month, security researcher @k0shl of Cyber Kunlun published a proof-of-concept for CVE-2023-28229, an elevation of privilege vulnerability in CNG Key Isolation Service. The same POC also demonstr ... Read more
-
cert.pl
Vulnerability in UptimeDC software
CVE ID CVE-2023-4997 Publication date 04 October 2023 Vendor ProIntegra S.A Product UptimeDC Vulnerable versions All below 2.0.0.33940 Vulnerability type (CWE) Missing Authorization (CWE-862) Report s ... Read more
-
huntress.com
Critical Vulnerabilities: WS_FTP Exploitation | Huntress
On Thursday, September 28, 2023, software vendor Progress released a security advisory for numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module within their WS_FTP software.Thes ... Read more
-
huntress.com
Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) | Huntress
The Huntress team is currently investigating CVE-2023-4863, a heap buffer overflow in the WebP image encoding/decoding (codec) library (libwebp). Threat actors are exploiting this critical vulnerabili ... Read more
-
huntress.com
Netscaler Exploitation to Social Engineering: Mapping Convergence of Adversary Tradecraft Across Victims | Huntress
The following write-up and analysis is thanks to Matthew Brennan, Harlan Carvey, Anthony Smith, Craig Sweeney, and Joe Slowik. BackgroundHuntress periodically performs reviews of identified incidents ... Read more
-
0patch.com
Micropatches Released For Windows Error Reporting Service Elevation of Privilege (CVE-2023-36874)
With July 2023 Windows Updates, Microsoft brought a fix for CVE-2023-36874, a local privilege escalation vulnerability in Windows Error Reporting Service that was found both by Google TAG and CrowdStr ... Read more