Found 32 bookmarks
Custom sorting
Security Advisory YSA-2024-01
Security Advisory YSA-2024-01
A security issue has been identified in YubiKey Manager GUI which could lead to unexpected privilege escalation on Windows. If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by YubiKey Manager GUI may be opened as Administrator which could be exploited by a local attacker to perform actions as Administrator. Under this circumstance, some browsers like Edge for example, have additional mitigations to prevent opening as Administrator.
#yubico#EN#2024#Advisory#YubiKey-Manager#privilege-escalation#YSA-2024-01
·yubico.com·
Security Advisory YSA-2024-01
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.
#CISA#EN#2024#Compromised#Account#Former-Employee#advisory
·cisa.gov·
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
As part of our ongoing investigation into the vulnerabilities impacting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered a new vulnerability. This vulnerability only affects a limited number of supported versions – Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1), Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. A patch is available now for Ivanti Connect Secure (versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3 and 22.6R2.2), Ivanti Policy Secure (versions 9.1R17.3, 9.1R18.4 and 22.5R1.2) and ZTA gateways (versions 22.5R1.6, 22.6R1.5 and 22.6R1.7).
#ivanti#EN#advisory#CVE-2024-22024
·forums.ivanti.com·
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
Zyxel VPN Series Pre-auth Remote Command Execution
Zyxel VPN Series Pre-auth Remote Command Execution
Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described below broke and become unusable – we have decided to disclose this even though it is no longer exploitable. Credit … SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution Read More »
#ssd-disclosure#EN#2024#Advisory#Zyxel#VPN#Series#Pre-auth#RCE
·ssd-disclosure.com·
Zyxel VPN Series Pre-auth Remote Command Execution
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.
#cisa#US#EN#2023#FBI#IRGC#Iran#PLC#CyberAv3ngers#Advisory#Critical-infrastructure
·cisa.gov·
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023.
#cisa#EN#2023#PaperCut#CVE-2023-27350#advisory
·cisa.gov·
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
Today, CISA released a Cybersecurity Advisory, CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks. This advisory describes a red team assessment of a large critical infrastructure organization with a mature cyber posture. CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders proactive steps to reduce the threat of similar activity from malicious cyber actors.
#cisa#US#2023#Advisory#Improve#Monitoring#Hardening
·cisa.gov·
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
CVE-2023-27532
CVE-2023-27532
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
#veeam#EN#2023#advisory#vulnerability#Backup
·veeam.com·
CVE-2023-27532
Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
Le 03 février 2023, le CERT-FR a pris connaissance de campagnes d'attaque ciblant les hyperviseurs VMware ESXi dans le but d'y déployer un rançongiciel. Dans l'état actuel des investigations, ces campagnes d'attaque semblent exploiter la vulnérabilité CVE-2021-21974, pour laquelle un correctif est disponible depuis le 23 février 2021. Cette vulnérabilité affecte le service Service Location Protocol (SLP) et permet à un attaquant de réaliser une exploitation de code arbitraire à distance. Les systèmes actuellement visés seraient des hyperviseurs ESXi en version 6.x et antérieures à 6.7.
#CERT-FR#FR#2023#VMware#ESXi#ESXiArgs#Advisory
·cert.ssi.gouv.fr·
Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…
#nccgroup#EN#2023#Samsung#Galaxy#App#Store#Android#Advisory#CVE-2023-21433#CVE-2023-21434
·research.nccgroup.com·
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
Today, CISA released a Cybersecurity Advisory, CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks. This advisory describes a red team assessment of a large critical infrastructure organization with a mature cyber posture. CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders proactive steps to reduce the threat of similar activity from malicious cyber actors.
#cisa#US#2023#Advisory#Improve#Monitoring#Hardening
·cisa.gov·
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
CVE-2023-27532
CVE-2023-27532
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
#veeam#EN#2023#advisory#vulnerability#Backup
·veeam.com·
CVE-2023-27532
Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
Le 03 février 2023, le CERT-FR a pris connaissance de campagnes d'attaque ciblant les hyperviseurs VMware ESXi dans le but d'y déployer un rançongiciel. Dans l'état actuel des investigations, ces campagnes d'attaque semblent exploiter la vulnérabilité CVE-2021-21974, pour laquelle un correctif est disponible depuis le 23 février 2021. Cette vulnérabilité affecte le service Service Location Protocol (SLP) et permet à un attaquant de réaliser une exploitation de code arbitraire à distance. Les systèmes actuellement visés seraient des hyperviseurs ESXi en version 6.x et antérieures à 6.7.
#CERT-FR#FR#2023#VMware#ESXi#ESXiArgs#Advisory
·cert.ssi.gouv.fr·
Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…
#nccgroup#EN#2023#Samsung#Galaxy#App#Store#Android#Advisory#CVE-2023-21433#CVE-2023-21434
·research.nccgroup.com·
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)