Found 307 bookmarks
Custom sorting
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
  • Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor used public IP lookup services and various system commands to gather details about the compromised machine. The attack involved downloading and executing multiple shell scripts to install Titan binaries and connect to the Titan Network with the attacker’s identity. * The malicious actor connects compromised machines to the Cassini Testnet, which allows them to participate in the delegated proof of stake system for reward tokens.
#trendmicro#EN#2024#Titan#Network#Confluence#exploitation#Atlassian#vulnerability#CVE-2023-22527
·trendmicro.com·
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments | Wiz Blog
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments | Wiz Blog
Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.
#wiz#EN#2024#Nvidia#CVE-2024-0132#Container#AI-workloads#Toolkit#GPU-Operator#vulnerability#GPU
·wiz.io·
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments | Wiz Blog
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
#talosintelligence#EN#2024#vulnerability#report#OpenPLC#CVE-2024-34026
·talosintelligence.com·
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.
#mikko-kenttala#EN#2024#Critical#zero-click#macos#vulnerability
·mikko-kenttala.medium.com·
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
#bleepingcomputer#EN#2024#RCE#Remote-Code-Execution#Veeam#Veeam-Backup-&-Replication#Veeam-ONE#Vulnerability
·bleepingcomputer.com·
Veeam warns of critical RCE flaw in Backup & Replication software
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
  • The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT. CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE). Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020. * We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.
#akamai#EN#2024#botnet#Mirai#AVTECH#zero-day#vulnerability#CCTV#CVE-2024-7029
·akamai.com·
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
#securityweek#EN#2024#Microsoft#Copilot#Studio#Vulnerability#information#disclosure#bug#CVE-2024-38206
·securityweek.com·
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
Data Exfiltration from Slack AI via indirect prompt injection
Data Exfiltration from Slack AI via indirect prompt injection
This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).
#promptarmor#EN#2024#Slack#prompt-injection#LLM#vulnerability#steal#indirect-prompt#injection
·promptarmor.substack.com·
Data Exfiltration from Slack AI via indirect prompt injection
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
#bleepingcomputer#EN#2024#Your#Lazarus#Own#BYOVD#Driver#Zero-Day#Vulnerability#Bring#CVE-2024-38193#Group#Microsoft
·bleepingcomputer.com·
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Patch or Peril: A Veeam vulnerability incident
Patch or Peril: A Veeam vulnerability incident
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.
#group-ib#EN#2024#Veeam#vulnerability#incident#ransomware#FortiGate#NirSoft
·group-ib.com·
Patch or Peril: A Veeam vulnerability incident
BLAST RADIUS
BLAST RADIUS
Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.
#blastradius#EN#2024#RADIUS#vulnerability#protocol
·blastradius.fail·
BLAST RADIUS