SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is
DigiEver Fix That IoT Thing!
- A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. The Akamai Security Intelligence Research Team (SIRT) noticed this activity in their honeypots on November 18, 2024. The vulnerability was originally discovered by Ta-Lun Yen and a CVE identifier has been requested by the Akamai SIRT. The malware is a Mirai variant that has been modified to use improved encryption algorithms. We have included a list of indicators of compromise (IoCs) in this blog post to assist in defense against this threat.
Citrix Denial of Service: Analysis of CVE-2024-8534
An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.
zizmor would have caught the Ultralytics workflow vulnerability
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs
CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.
Windows Server 2012 Mark of the Web Vulnerability (0day) - and Free Micropatches for it
Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a ...
7-Zip flaw enables code smuggling with manipulated archives
Attackers can use manipulated archives to try to inject malicious code into 7-Zip users. An update is available.
Exploit attempts for unpatched Citrix vulnerability
Exploit attempts for unpatched Citrix vulnerability, Author: Johannes Ullrich
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
- Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor used public IP lookup services and various system commands to gather details about the compromised machine. The attack involved downloading and executing multiple shell scripts to install Titan binaries and connect to the Titan Network with the attacker’s identity. * The malicious actor connects compromised machines to the Cassini Testnet, which allows them to participate in the delegated proof of stake system for reward tokens.
Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do.
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
Critical flaw in NVIDIA Container Toolkit allows full host takeover
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments | Wiz Blog
Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.
D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.
Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild
SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
- The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT. CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE). Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020. * We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S.…
The gift that keeps on giving: A new opportunistic Log4j campaign
In this post, we analyze a new opportunistic exploitation campaign based on the Log4j vulnerability.
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
Data Exfiltration from Slack AI via indirect prompt injection
This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.
Critical SAP flaw allows remote attackers to bypass authentication
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.