Found 14 bookmarks
Custom sorting
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. Volexity received alerts regarding suspect network traffic emanating from the customer’s firewall. A subsequent investigation determined the device had been compromised. The following day, April 11, 2024, Volexity observed further, identical exploitation at another one of its NSM customers by the same threat actor.
#volexity#EN#2024#Zero-Day#Exploitation#RCE#GlobalProtect#CVE-2024-3400
·volexity.com·
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
research!rsc: The xz attack shell script
research!rsc: The xz attack shell script
Andres Freund published the existence of the xz attack on 2024-03-29 to the public oss-security@openwall mailing list. The day before, he alerted Debian security and the (private) distros@openwall list. In his mail, he says that he dug into this after “observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors).” At a high level, the attack is split in two pieces: a shell script and an object file. There is an injection of shell code during configure, which injects the shell code into make. The shell code during make adds the object file to the build. This post examines the shell script. (See also my timeline post.)
#research.swtch.com#EN#2024#script#exploitation#xz#attack
·research.swtch.com·
research!rsc: The xz attack shell script
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.
#pwning#EN#2024#KernelCTF#Mitigation#nf_tables#Linux#exploitation#CVE-2024-1086
·pwning.tech·
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited in the wild. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.
#assetnote#EN#2024#exploitation#patch-diff#FortiGate#RCE#CVE-2024-21762
·assetnote.io·
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Ivanti Connect Secure VPN Exploitation Goes Global
Ivanti Connect Secure VPN Exploitation Goes Global
On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by multiple organizations that saw signs of compromise by way of mismatched file detections. Volexity has been actively working multiple new cases of organizations with compromised ICS VPN appliances.
#volexity#EN#2024#CVE-2024-21887#CVE-2023-46805#Ivanti#Connect#Secure#Exploitation#mass-exploitation
·volexity.com·
Ivanti Connect Secure VPN Exploitation Goes Global
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk
#volexity#EN#2022#Zero-Day#Exploitation#Atlassian#Confluence#CVE-2022-26134
·volexity.com·
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk
#volexity#EN#2022#Zero-Day#Exploitation#Atlassian#Confluence#CVE-2022-26134
·volexity.com·
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk
#volexity#EN#2022#Zero-Day#Exploitation#Atlassian#Confluence#CVE-2022-26134
·volexity.com·
Zero-Day Exploitation of Atlassian Confluence