Found 6 bookmarks
Custom sorting
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
We recently performed research that started off "well-intentioned" (or as well-intentioned as we ever are) - to make vulnerabilities in WHOIS clients and how they parse responses from WHOIS servers exploitable in the real world (i.e. without needing to MITM etc). As part of our research, we discovered that a few years ago the WHOIS server for the .MOBI TLD migrated from whois.dotmobiregistry.net to whois.nic.mobi – and the dotmobiregistry.net domain had been left to expire seemingly in December 2023.
#watchtowr#EN#2024#DNS#WHOIS#domain#renes#.mobi
·labs.watchtowr.com·
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's no point deploying cryptolocker malware on a target unless you can also deny access to backups, and so, this class of attackers absolutely loves to break this particular software. With so many eyes focussed on it, then, it is no huge surprise that it has a rich history of CVEs. Today, we're going to look at the latest episode - CVE-2024-40711. Well, that was a complex vulnerability, requiring a lot of code-reading! We’ve successfully shown how multiple bugs can be chained together to gain RCE in a variety of versions of Veeam Backup & Replication.
#watchtowr#EN#2024#Veeam#CVE-2024-40711#analysis#PoC
·labs.watchtowr.com·
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
No Way, PHP Strikes Again! (CVE-2024-4577)
No Way, PHP Strikes Again! (CVE-2024-4577)
Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug
#watchtowr#EN#2024#CVE-2024-4577#PHP#windows
·labs.watchtowr.com·
No Way, PHP Strikes Again! (CVE-2024-4577)
Check Point - Wrong Check Point (CVE-2024-24919)
Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze. Check Point, for those unaware, is the vendor responsible for the 'CloudGuard Network Security' appliance, yet another device claiming to be secure and hardened. Their slogan - "you deserve the best security" - implies they are a company you can trust with the security of your network. A bold claim.
#watchtowr#EN#2024#CVE-2024-24919#checkpoint#analysis#patch-diff
·labs.watchtowr.com·
Check Point - Wrong Check Point (CVE-2024-24919)
QNAPping At The Wheel (CVE-2024-27130 and friends)
QNAPping At The Wheel (CVE-2024-27130 and friends)
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to manage - and safeguard - this precious resource.
#watchtowr#EN#2024#CVE-2024-27130#QNAPping#QNAP#NAS#IoT#vulnerability
·labs.watchtowr.com·
QNAPping At The Wheel (CVE-2024-27130 and friends)
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
Welcome to April 2024, again. We’re back, again. Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device. We’ve seen all the commentary around the certification process of these devices for certain .GOVs - we’re not here to comment on that, but sounds humorous.
#watchtowr#EN#2024#CVE-2024-3400#SSLVPN#Paloalto#GlobalProtect#analysis
·labs.watchtowr.com·
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)