CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
NVISO Labs
Covert TLS n-day backdoors: SparkCockpit & SparkTar
In early 2024, Ivanti’s Pulse Secure appliances suffered from wide-spread exploitation through the then reported vulnerabilities CVE-2023-46805 & CVE-2024-21887. Amongst the many victims, a critical-s ... Read more
-
osintme.com
Examples of recent attacks against my website
“The Wordfence Web Application Firewall has blocked 467 attacks over the last 10 minutes. Wordfence is blocking these attacks, and we’re sending this notice to make you aware that there is a higher vo ... Read more
-
cert.pl
Vulnerability in Laragon software
CVE ID CVE-2024-0864 Publication date 29 February 2024 Vendor Leo Khoa Product Laragon Vulnerable versions All Vulnerability type (CWE) Improper Input Validation (CWE-20) Report source Own research De ... Read more
-
huntress.com
Attacking MSSQL Servers, Pt. II | Huntress
The AttackOn February 8, 2024, Huntress published the first Attacking MSSQL Servers blog post. On February 23, a Huntress SOC analyst observed similar activity associated with an entirely different en ... Read more
-
huntress.com
BlackCat Ransomware Affiliate TTPs | Huntress
BackgroundOn December 19, 2023, the Justice Department Office of Public Affairs issued a press release indicating that the FBI had “disrupted the ALPHV/BlackCat ransomware variant.” This variant of ra ... Read more
-
0patch.com
Micropatches Released for Microsoft Outlook Information Disclosure Vulnerability (CVE-2023-35636)
In December 2023, still-Supported Microsoft Outlook versions got an official patch for CVE-2023-35636, a vulnerability that allowed an attacker to coerce user's Outlook to authenticate to attacker's r ... Read more
-
huntress.com
SlashAndGrab: ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708) | Huntress
Table of Contents: Adversaries Deploying RansomwareAdversaries EnumeratingAdversary Cryptocurrency MinersAdversaries Installing Additional Remote AccessDownloading Tools and PayloadsAdversaries Droppi ... Read more
-
huntress.com
SlashAndGrab: ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708) | Huntress
Table of Contents: Adversaries Deploying Ransomware Adversaries Enumerating Adversary Cryptocurrency Miners Adversaries Installing Additional Remote Access Downloading Tools and Payloads Adversaries D ... Read more
-
huntress.com
Guide: How to Know if your ScreenConnect Server is Hacked | Huntress
You’ve probably seen it by now, but there was a major ConnectWise ScreenConnect vulnerability (CVE-2024-1708 and CVE-2024-1709) – which we’re calling “SlashAndGrab” – that’s been shared across the cyb ... Read more
-
huntress.com
Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress
On February 19, 2024, ConnectWise published a security advisory for ScreenConnect version 23.9.8, referencing two vulnerabilities and software weaknesses. The same day, Huntress researchers worked to ... Read more