Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining and deliver botnet malware.
The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver a malware strain dubbed Hadooken, according to cloud security firm Aqua.
"When Hadooken is executed, it drops a Tsunami malware and deploys
A vulnerability, which was classified as critical, has been found in Rockwell Automation Pavilion8. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to improper privilege management.
This vulnerability is handled as CVE-2024-7960. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability classified as critical has been found in Rockwell Automation Pavilion8. Affected is an unknown function. The manipulation leads to path traversal.
This vulnerability is traded as CVE-2024-7961. It is possible to launch the attack remotely. There is no exploit available.
A vulnerability was found in IBM Concert 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument cookie leads to sensitive cookie without secure attribute.
The identification of this vulnerability is CVE-2024-43180. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mehmet INCE (@mdisec) from PRODAFT.com' was reported to the affected vendor on: 2024-09-13, 61 days ago. The vendor is given until 2025-01-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'The_Kernel_Panic' was reported to the affected vendor on: 2024-09-13, 61 days ago. The vendor is given until 2025-01-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-09-13, 62 days ago. The vendor is given until 2025-01-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mehmet INCE (@mdisec) from PRODAFT.com' was reported to the affected vendor on: 2024-09-13, 63 days ago. The vendor is given until 2025-01-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-09-13, 63 days ago. The vendor is given until 2025-01-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.