Dashboard
Upcoming Events:
Event: Fal.Con 2024
Type: Conference
Dates: September 16-19, 2024
Location: Las Vegas, NV
Warning Card
Success Card
CVEs to Look For:
No Relevant CVE
Cyber Latest
| Source | Title | Description | Link |
|---|---|---|---|
| RecordedFuture | House sets up debate on Section 702 bill, along with votes on proposed changes | The House Rules Committee has paved the way for floor debate on revised legislation to reauthorize a controversial surveillance program, breaking a months-long stalemate among Republican lawmakers just days before the law is due to expire. The panel voted 9-2 on Tuesday night in favor of a rule for debate on a measure to... | Link |
| RecordedFuture | LG releases updates for vulnerabilities that could allow hackers to gain access to TVs | Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions. Researchers from cybersecurity firm Bitdefender said the bugs — three of which carry a 9.1 out 10 severity rating — center on LG WebOS, the... | Link |
| RecordedFuture | Congress prepares for FISA Round 3 | The U.S. House next week will try — for the third time — to renew powerful spying authorities that are slated to expire in a matter of days, though there’s nothing to indicate the latest push won’t end in failure like the first two attempts. The House Rules Committee announced on Friday that the... | Link |
| RecordedFuture | Ivanti pledges security overhaul after multiple government breaches | Ivanti announced wholesale changes to how it approaches cybersecurity after multiple governments sourced recent breaches back to vulnerabilities in the company’s products. Ivanti CEO Jeff Abbott published an open letter and 6-minute video to customers pledging overhaul how the technology-management company builds its products and how it communicates with customers about vulnerabilities. “Events in... | Link |
| RecordedFuture | Automakers and FCC square off over potential regulations for connected cars | Car manufacturers and the Federal Communications Commission (FCC) are gearing up for a potential fight over whether connected cars should be regulated as small pieces of telecom infrastructure — a decision that would have vast implications for how vehicles handle consumer data. In recent letters obtained by Recorded Future News, automotive companies pushed back... | Link |
| RecordedFuture | Romania-linked ‘Rubycarp’ hackers look for cryptomining, phishing DDoS opportunities | A suspected Romanian cybercrime group remains active after more than a decade of operation and currently specializes in cryptomining, phishing campaigns and DDoS attacks, according to cybersecurity researchers. The group, labeled Rubycarp, may be related to another alleged Romanian threat actor with similar activities called Outlaw, said analysts from the Sysdig Threat Research Team.... | Link |
| RecordedFuture | Prominent US senator sees new momentum for healthcare cybersecurity push | As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare sector. Sen. Mark Warner (D-VA) has introduced legislation that would require hospitals and their technology vendors to implement... | Link |
| RecordedFuture | LG releases updates for vulnerabilities that could allow hackers to gain access to TVs | Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions. Researchers from cybersecurity firm Bitdefender said the bugs — three of which carry a 9.1 out 10 severity rating — center on LG WebOS, the... | Link |
| RecordedFuture | German database company Genios confirms ransomware attack | GBI Genios, a database company used by numerous media organizations in Germany, announced on Tuesday its servers were unavailable “due to a massive hacker attack.” In a post on LinkedIn, Genios said the incident was a ransomware attack and cautioned, “unfortunately we have to assume an outage for several days.” “Our communication options are... | Link |
| RecordedFuture | Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses | A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group. The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since... | Link |
| RecordedFuture | Chinese hackers are using AI to inflame social tensions in US, Microsoft says | Beijing-linked influence operations have begun to use generative artificial intelligence to amplify controversial domestic issues in places like the U.S. and Taiwan, according to new research. The campaigns mainly used the technology to create visual content designed to spark conflict ahead of elections, a report published by Microsoft on Thursday found. AI-generated audio clips... | Link |
| RecordedFuture | ‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident | Government employees on the island of Palau came into work on March 14 and booted up their computers like any other day. But when the Windows screens wouldn’t load they called up IT. They quickly discovered two separate ransom notes: one on a sheet of paper in the printer from the LockBit ransomware gang... | Link |
| RecordedFuture | Ukraine gathers evidence to prosecute hackers behind Kyivstar attack in Hague | The Ukrainian state security service (SBU) has announced that it’s building a case to prosecute Russian hackers who attacked Ukraine’s biggest telecom operator, Kyivstar, at the International Criminal Court in The Hague. "War criminals should be tried at the international level," said Illia Vitiyuk, the head of the department’s cyber unit, in a recent... | Link |
| RecordedFuture | DHS blames ‘cascade of security failures at Microsoft’ for China hack on US government | Microsoft still does not have a full understanding of how alleged Chinese government hackers breached its systems and accessed the emails of senior U.S. government leaders, according to a review by the Department of Homeland Security. In a 34-page report conducted by the Cyber Safety Review Board (CSRB), U.S. officials concluded that Chinese hackers,... | Link |
| RecordedFuture | Wagner-linked influence operations remain active after leader’s death | Russian influence operations linked to the notorious leader of the Wagner Group mercenary troops, Yevgeniy Prigozhin, remain active months after his death, according to new research. Prigozhin’s media empire, best known for its disinformation campaigns during the 2016 U.S. presidential election, continues to target audiences in Europe, the U.S., Ukraine and inside Russia, according... | Link |
CVE News
| Discovered On | CVE | Description | CVSS |
|---|---|---|---|
| 2024-04-23 | CVE-2024-28130 | OFFIS DCMTK DVPSSoftcopyVOI_PList::createFromImage incorrect type conversion vulnerability | 7.5 |
| 2024-04-18 | CVE-2023-51391 | Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability | 7.5 |
| 2024-04-17 | CVE-2023-43491 | Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability | 5.3 |
| 2024-04-17 | CVE-2023-45209 | Peplink Smart Reader web interface /cgi-bin/download_config.cgi information disclosure vulnerability | 5.3 |
| 2024-04-17 | CVE-2023-40146 | Peplink Smart Reader /bin/login privilege escalation vulnerability | 6.8 |
| 2024-04-17 | CVE-2023-45744 | Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability | 8.3 |
| 2024-04-17 | CVE-2023-39367 | Peplink Smart Reader web interface mac2name OS command injection vulnerability | 9.1 |
| 2024-04-10 | CVE-2024-21979 | AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability | 5.3 |
| 2024-04-10 | CVE-2024-21972 | AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability | 5.3 |
| 2024-04-09 | CVE-2023-49907,CVE-2023-49910,CVE-2023-49911,CVE-2023-49908,CVE-2023-49912,CVE-2023-49909,CVE-2023-49906,CVE-2023-49913 | Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability | 7.2 |
| 2024-04-09 | CVE-2023-48724 | Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface memory corruption vulnerability | 7.5 |
| 2024-04-09 | CVE-2023-49074 | Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability | 7.4 |
| 2024-04-03 | CVE-2024-27201 | Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability | 4.9 |
| 2024-04-03 | CVE-2024-21870 | Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability | 4.9 |
| 2024-04-03 | CVE-2024-24976 | Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability | 4.9 |
| 2024-04-03 | CVE-2024-22178 | Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability | 4.9 |
| 2024-03-07 | CVE-2023-48725 | Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability | 7.2 |
| 2024-02-29 | CVE-2024-0071 | NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability | 7.8 |
| 2024-02-28 | None | Google Chrome Video Encoder Metrics denial of service vulnerability | 4.6 |
| 2024-02-26 | CVE-2024-23605 | llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability | 8.8 |
| 2024-02-26 | CVE-2024-23496 | llama.cpp GGUF library gguf_fread_str heap-based buffer overflow vulnerability | 8.8 |
| 2024-02-26 | CVE-2024-21825 | llama.cpp GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing heap-based buffer overflow vulnerability | 8.8 |
| 2024-02-26 | CVE-2024-21802 | llama.cpp GGUF library info->ne heap-based buffer overflow vulnerability | 8.8 |
| 2024-02-26 | CVE-2024-21836 | llama.cpp GGUF library header.n_tensors heap-based buffer overflow vulnerability | 8.8 |
| 2024-02-20 | CVE-2023-45318 | Weston Embedded uC-HTTP HTTP Server heap-based buffer overflow vulnerability | 10.0 |
| 2024-02-20 | CVE-2024-24793,CVE-2024-24794 | Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities | 8.1 |
| 2024-02-20 | CVE-2024-22097 | The Biosig Project libbiosig BrainVision Header Parsing double-free vulnerability | 9.8 |
| 2024-02-20 | CVE-2024-23305 | The Biosig Project libbiosig BrainVisionMarker Parsing Out-of-bounds Write vulnerability | 9.8 |
| 2024-02-20 | CVE-2024-23809 | The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability | 9.8 |
| 2024-02-20 | CVE-2024-21795 | The Biosig Project libbiosig .egi parsing heap-based buffer overflow vulnerability | 9.8 |
| 2024-02-20 | CVE-2024-21812 | The Biosig Project libbiosig sopen_FAMOS_read integer overflow to out-of-bounds write vulnerability | 9.8 |
| 2024-02-20 | CVE-2024-23313 | The Biosig Project libbiosig sopen_FAMOS_read integer underflow to out-of-bounds write vulnerability | 9.8 |
| 2024-02-20 | CVE-2024-23310 | The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability | 9.8 |
| 2024-02-20 | CVE-2024-23606 | The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability | 9.8 |
| 2024-02-20 | CVE-2023-38562 | Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability | 8.7 |
| 2024-02-15 | CVE-2024-20749 | Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability | 6.5 |
| 2024-02-15 | CVE-2024-20748 | Adobe Acrobat Reader Font avar SegmentMaps out-of-bounds read vulnerability | 6.5 |
| 2024-02-15 | CVE-2024-20730 | Adobe Acrobat Reader Font CPAL integer overflow vulnerability | 8.8 |
| 2024-02-15 | CVE-2024-20735 | Adobe Acrobat Reader Font CPAL numColorRecordsout-of-bounds read vulnerability | 6.5 |
| 2024-02-15 | CVE-2024-20731 | Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability | 8.8 |
| 2024-02-15 | CVE-2024-20729 | Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability | 8.8 |
| 2024-02-15 | CVE-2024-20747 | Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability | 6.5 |
| 2024-02-06 | CVE-2023-46683 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability | 7.2 |
| 2024-02-06 | CVE-2023-47618 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd web filtering Command injection Vulnerability | 7.2 |
| 2024-02-06 | CVE-2023-47209 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability | 7.2 |
| 2024-02-06 | CVE-2023-43482 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability | 7.2 |
| 2024-02-06 | CVE-2023-36498 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability | 7.2 |
| 2024-02-06 | CVE-2023-47167 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd GRE command injection vulnerability | 7.2 |
| 2024-02-06 | CVE-2023-42664 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP global config Command injection Vulnerability | 7.2 |
| 2024-02-06 | CVE-2023-47617 | TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability | 7.2 |