Found 5 bookmarks
Custom sorting
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. Volexity received alerts regarding suspect network traffic emanating from the customer’s firewall. A subsequent investigation determined the device had been compromised. The following day, April 11, 2024, Volexity observed further, identical exploitation at another one of its NSM customers by the same threat actor.
#volexity#EN#2024#Zero-Day#Exploitation#RCE#GlobalProtect#CVE-2024-3400
·volexity.com·
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Ivanti Connect Secure VPN Exploitation Goes Global
Ivanti Connect Secure VPN Exploitation Goes Global
On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by multiple organizations that saw signs of compromise by way of mismatched file detections. Volexity has been actively working multiple new cases of organizations with compromised ICS VPN appliances.
#volexity#EN#2024#CVE-2024-21887#CVE-2023-46805#Ivanti#Connect#Secure#Exploitation#mass-exploitation
·volexity.com·
Ivanti Connect Secure VPN Exploitation Goes Global
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk
#volexity#EN#2022#Zero-Day#Exploitation#Atlassian#Confluence#CVE-2022-26134
·volexity.com·
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk
#volexity#EN#2022#Zero-Day#Exploitation#Atlassian#Confluence#CVE-2022-26134
·volexity.com·
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Zero-Day Exploitation of Atlassian Confluence
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk
#volexity#EN#2022#Zero-Day#Exploitation#Atlassian#Confluence#CVE-2022-26134
·volexity.com·
Zero-Day Exploitation of Atlassian Confluence