Found 29 bookmarks
Custom sorting
Security Advisory YSA-2024-01
Security Advisory YSA-2024-01
A security issue has been identified in YubiKey Manager GUI which could lead to unexpected privilege escalation on Windows. If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by YubiKey Manager GUI may be opened as Administrator which could be exploited by a local attacker to perform actions as Administrator. Under this circumstance, some browsers like Edge for example, have additional mitigations to prevent opening as Administrator.
#yubico#EN#2024#Advisory#YubiKey-Manager#privilege-escalation#YSA-2024-01
·yubico.com·
Security Advisory YSA-2024-01
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.
#CISA#EN#2024#Compromised#Account#Former-Employee#advisory
·cisa.gov·
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
As part of our ongoing investigation into the vulnerabilities impacting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered a new vulnerability. This vulnerability only affects a limited number of supported versions – Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1), Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. A patch is available now for Ivanti Connect Secure (versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3 and 22.6R2.2), Ivanti Policy Secure (versions 9.1R17.3, 9.1R18.4 and 22.5R1.2) and ZTA gateways (versions 22.5R1.6, 22.6R1.5 and 22.6R1.7).
#ivanti#EN#advisory#CVE-2024-22024
·forums.ivanti.com·
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
Zyxel VPN Series Pre-auth Remote Command Execution
Zyxel VPN Series Pre-auth Remote Command Execution
Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described below broke and become unusable – we have decided to disclose this even though it is no longer exploitable. Credit … SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution Read More »
#ssd-disclosure#EN#2024#Advisory#Zyxel#VPN#Series#Pre-auth#RCE
·ssd-disclosure.com·
Zyxel VPN Series Pre-auth Remote Command Execution
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.
#cisa#US#EN#2023#FBI#IRGC#Iran#PLC#CyberAv3ngers#Advisory#Critical-infrastructure
·cisa.gov·
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023.
#cisa#EN#2023#PaperCut#CVE-2023-27350#advisory
·cisa.gov·
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
CVE-2023-27532
CVE-2023-27532
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
#veeam#EN#2023#advisory#vulnerability#Backup
·veeam.com·
CVE-2023-27532
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…
#nccgroup#EN#2023#Samsung#Galaxy#App#Store#Android#Advisory#CVE-2023-21433#CVE-2023-21434
·research.nccgroup.com·
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
CVE-2023-27532
CVE-2023-27532
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
#veeam#EN#2023#advisory#vulnerability#Backup
·veeam.com·
CVE-2023-27532
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…
#nccgroup#EN#2023#Samsung#Galaxy#App#Store#Android#Advisory#CVE-2023-21433#CVE-2023-21434
·research.nccgroup.com·
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)