SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries
Any service using xml-crypto or a Node.js SAML implementation using it, should update immediately to the latest version. WorkOS customers are safe and were not impacted.
Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface
On 18 November 2024, Palo Alto Networks issued a security advisory for an authentication bypass vulnerability in the PAN-OS management web interface. The vulnerability is tracked under CVE-2024-0012 [1] and has a CVSS score for this is 9.3 [2]. The vulnerability allows an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges. As the Northwave CERT has already observed mass exploitation by multiple threat actors, we urge all recipients to implement mitigation measures and patch their systems.
Bypassing Veeam Authentication CVE-2024-29849
Veeam Backup Enterprise Manager Authentication Bypass
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog
On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
Multiple Organisations compromised by Critical Authentication Bypass Vulnerability in Fortinet Products (CVE-2022-40684)
Cyble Global Sensor Intelligence detects exploitation attempts of CVE-2022-40684, and CRIL observes Fortinet Access distribution in cybercrime forums.
Multiple Organisations compromised by Critical Authentication Bypass Vulnerability in Fortinet Products (CVE-2022-40684)
Cyble Global Sensor Intelligence detects exploitation attempts of CVE-2022-40684, and CRIL observes Fortinet Access distribution in cybercrime forums.