Month: December 2023

CISA

CISA: CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

December 24, 2023

CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords Today, CISA published guidance on How Manufacturers Can Protect...

CISA

CISA: FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware

December 24, 2023

FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure...

CISA

CISA: CISA Releases Seven Industrial Control Systems Advisories

December 24, 2023

CISA Releases Seven Industrial Control Systems Advisories CISA released seven Industrial Control Systems (ICS) advisories on December 19, 2023. These...

CISA

CISA: CISA Releases Advisory on Cyber Resilience for the HPH Sector

December 24, 2023

CISA Releases Advisory on Cyber Resilience for the HPH Sector Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights...

CISA

CISA: CISA and FBI Release Advisory on ALPHV Blackcat Affiliates

December 24, 2023

CISA and FBI Release Advisory on ALPHV Blackcat Affiliates Today, CISA and the Federal Bureau of Investigation (FBI) released a...

CISA

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

December 24, 2023

CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...

CISA

CISA: Apple Releases Security Updates for Multiple Products

December 24, 2023

Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and...

CISA

CISA: Mozilla Releases Security Updates for Firefox and Thunderbird

December 24, 2023

Mozilla Releases Security Updates for Firefox and Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird....

CISA

CISA: CISA Releases Two Industrial Control Systems Advisories

December 24, 2023

CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on December 21, 2023. These...

CISA

CISA: CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

December 24, 2023

CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool CISA has published the finalized Microsoft 365 Secure Configuration Baselines,...

BlackCat/ALPHV Ransomware Victim: PriceSmart (Update)

December 23, 2023

BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...

Black Basta Ransomware Victim: whafh[.]com

December 23, 2023

Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Resque cross-site scripting | CVE-2023-50725

December 23, 2023

NAME__________Resque cross-site scriptingPlatforms Affected:Resque Resque 2.2.0Risk Level:6.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Resque is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Resque cross-site scripting | CVE-2023-50727

December 23, 2023

NAME__________Resque cross-site scriptingPlatforms Affected:Resque Resque 2.5.0Risk Level:6.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Resque is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

ClickHouse buffer overflow | CVE-2023-47118

December 23, 2023

NAME__________ClickHouse buffer overflowPlatforms Affected:Risk Level:7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ClickHouse is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by...

Resque cross-site scripting | CVE-2023-50724

December 23, 2023

NAME__________Resque cross-site scriptingPlatforms Affected:Resque Resque 2.0.0Risk Level:6.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Resque is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Xiaomi Redmi Note 10S denial of service |

December 23, 2023

NAME__________Xiaomi Redmi Note 10S denial of servicePlatforms Affected:Xiaomi Redmi Note 10SRisk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Xiaomi Redmi Note 10S is vulnerable...

Linux Kernel denial of service | CVE-2023-7042

December 23, 2023

NAME__________Linux Kernel denial of servicePlatforms Affected:Linux KernelRisk Level:4.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Linux Kernel is vulnerable to a denial of service, caused...

Devolutions Remote Desktop Manager Windows security bypass | CVE-2023-7047

December 23, 2023

NAME__________Devolutions Remote Desktop Manager Windows security bypassPlatforms Affected:Devolutions Remote Desktop Manager Windows 2023.3.31.0Risk Level:3.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Devolutions Remote Desktop Manager Windows...

Xiaomi Redmi Note 10S information disclosure | CVE-2023-36629

December 23, 2023

NAME__________Xiaomi Redmi Note 10S information disclosurePlatforms Affected:Xiaomi Redmi Note 10SRisk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Xiaomi Redmi Note 10S could allow a local...

Xiaomi Redmi Note 10S privilege escalation |

December 23, 2023

NAME__________Xiaomi Redmi Note 10S privilege escalationPlatforms Affected:Xiaomi Redmi Note 10SRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Xiaomi Redmi Note 10S could allow a local...

Multiple ESET products information disclosure | CVE-2023-5594

December 23, 2023

NAME__________Multiple ESET products information disclosurePlatforms Affected:ESET NOD32 Antivirus ESET Smart Security ESET Internet Security ESET Endpoint Security ESET Endpoint Antivirus...

Xiaomi Redmi Note 10S security bypass |

December 23, 2023

NAME__________Xiaomi Redmi Note 10S security bypassPlatforms Affected:Xiaomi Redmi Note 10SRisk Level:7.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Xiaomi Redmi Note 10S could allow a local...

Ivanti Wavelink Avalanche Premise denial of service | CVE-2023-46804

December 23, 2023

NAME__________Ivanti Wavelink Avalanche Premise denial of servicePlatforms Affected:Ivanti Wavelink Avalanche Premise 6.4.1Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Ivanti Wavelink Avalanche Premise is...

Month: December 2023

CISA: CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

CISA: FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware

CISA: CISA Releases Seven Industrial Control Systems Advisories

CISA: CISA Releases Advisory on Cyber Resilience for the HPH Sector

CISA: CISA and FBI Release Advisory on ALPHV Blackcat Affiliates

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA: Apple Releases Security Updates for Multiple Products

CISA: Mozilla Releases Security Updates for Firefox and Thunderbird

CISA: CISA Releases Two Industrial Control Systems Advisories

CISA: CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

BlackCat/ALPHV Ransomware Victim: PriceSmart (Update)

Black Basta Ransomware Victim: whafh[.]com

Resque cross-site scripting | CVE-2023-50725

Resque cross-site scripting | CVE-2023-50727

ClickHouse buffer overflow | CVE-2023-47118

Resque cross-site scripting | CVE-2023-50724

Xiaomi Redmi Note 10S denial of service |

Linux Kernel denial of service | CVE-2023-7042

Devolutions Remote Desktop Manager Windows security bypass | CVE-2023-7047

Xiaomi Redmi Note 10S information disclosure | CVE-2023-36629

Xiaomi Redmi Note 10S privilege escalation |

Multiple ESET products information disclosure | CVE-2023-5594

Xiaomi Redmi Note 10S security bypass |

Ivanti Wavelink Avalanche Premise denial of service | CVE-2023-46804

DDoS Attacks Unveiled: Understanding the Digital Avalanche

CVE Alert: CVE-2024-52867

CVE Alert: CVE-2020-25720

CVE Alert: CVE-2023-4639

CVE Alert: CVE-2023-1419

You may have missed