Found 66 bookmarks
Custom sorting
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is a stack-based buffer overflow that allows local authenticated attackers to escalate privileges on the device.
#rapid7#EN#2025#CVE-2025-0282#zero-day#Ivanti#CVE-2025-0283#ZTA#gateways
·rapid7.com·
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
2023 Top Routinely Exploited Vulnerabilities | CISA
2023 Top Routinely Exploited Vulnerabilities | CISA
In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day. Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.
#cisa#EN#2024#zero-day#vulnerabilities#2023#Routinely-Exploited
·cisa.gov·
2023 Top Routinely Exploited Vulnerabilities | CISA
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function [CWE-306] in the FortiManager fgfmd daemon that allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability carries a CVSS v3 score of 9.8.
#rapid7#EN#2024#Fortinet#FortiManager#CVE-2024-47575#Zero-Day
·rapid7.com·
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
Ivanti warns of three more CSA zero-days exploited in attacks
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
#bleepingcomputer#EN#2024#Bypass#Ivanti#Code#Command#Actively#Remote#Services#Exploited#Injection#Execution#Security#Zero-Day#CSA#Cloud#Appliance#CVE-2024-9379#CVE-2024-9380#CVE-2024-9381
·bleepingcomputer.com·
Ivanti warns of three more CSA zero-days exploited in attacks
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft on Tuesday raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system.
#securityweek#EN#2024#CVE-2024-43491#Downdate#Zero-Day#in-the-wild#Undo#exploitation#Windows#Update#Windows-Update
·securityweek.com·
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
  • The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT. CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE). Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020. * We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.
#akamai#EN#2024#botnet#Mirai#AVTECH#zero-day#vulnerability#CCTV#CVE-2024-7029
·akamai.com·
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
#bleepingcomputer#EN#2024#Your#Lazarus#Own#BYOVD#Driver#Zero-Day#Vulnerability#Bring#CVE-2024-38193#Group#Microsoft
·bleepingcomputer.com·
Windows driver zero-day exploited by Lazarus hackers to install rootkit
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
#bleepingcomputer#EN#2024#Authentication-Bypass#D-Link#Exploit#Proof-of-Concept#Remote-Command-Execution#Router#Vulnerability#Zero-Day#Security#InfoSec#Computer-Security
·bleepingcomputer.com·
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. Volexity received alerts regarding suspect network traffic emanating from the customer’s firewall. A subsequent investigation determined the device had been compromised. The following day, April 11, 2024, Volexity observed further, identical exploitation at another one of its NSM customers by the same threat actor.
#volexity#EN#2024#Zero-Day#Exploitation#RCE#GlobalProtect#CVE-2024-3400
·volexity.com·
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Volexity regularly prioritizes memory forensics when responding to incidents. This strategy improves investigative capabilities in many ways across Windows, Linux, and macOS. This blog post highlights some specific ways memory forensics played a key role in determining how two zero-day vulnerabilities were being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices.
#volexity#EN#2024#Ivanti#Connect#Secure#VPN#Zero-Day#Vulnerabilities
·volexity.com·
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities