CVE-2024-2389
- 2 Posts
- 4 Interactions
CVE Info
Fediverse
🥪 & #threatintel: we published a tag for CVE-2024-2389, a command-injection vulnerability in Progress Flowmon accessible without authentication.
(fixed CVE # from a previous post)
https://viz.greynoise.io/tags/progress-flowmon-cve-2024-2389-command-injection-rce-attempt?days=10
🚨EXPLOIT CODE🚨PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389).
#Clearnet #DarkWebInformer #DarkWeb #Exploit #Cyberattack #Cybercrime #Flowmon #Infosec #CTI #CVE20242389 #Vulnerability
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-2389
X Link: https://twitter.com/DarkWebInformer/status/1783860822386659836
CVE-2024-3400
KEV- 2 Posts
- 3 Interactions
CVE Info
Fediverse
Palto Alto Networks: How to Remedy CVE-2024-3400
So Palo Alto Networks has an actual remediation (read: incident response) knowledge base article for CVE-2024-3400 (10.0 critical, disclosed 12 April 2024 as an exploited zero-day), "based on the current view of the most effective and least disruptive remediation for customers." Their guidance is simple:
- Level 0 Probe: Unsuccessful exploitation attempt: No indication of compromise = apply hotfix patch
- Level 1 Test: 0-byte file has been created and is resident on the firewall: still not compromised = apply hotfix patch
- Level 2 Potential Exfiltration: File on the device has been copied to a location accessible via a web request (common IOC: running_config.xml): apply hotfix patch and perform private data reset (NOTE: PAN states suggested remediation will eliminate the possibility of capturing forensic artifacts)
- Level 3 Interactive access: Interactive command execution: apply hotfix patch and factory reset.
It's implied that the threat actor would move laterally from the compromised device and establish persistence (additional backdoors, etc.) so threat hunting and containment should be prioritized.
#CVE_2024_3400 #PaloAltoNetworks #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #DFIR
Good haul this week, including #exploit modules for PAN-OS CVE-2024-3400, FortiClient CVE-2023-48788, and Apache Solr CVE-2023-50386. Some solid fixes and enhancements too! 🐚 https://www.rapid7.com/blog/post/2024/04/26/metasploit-weekly-wrap-up-04-26-24/
CVE-2024-4040
KEV- 1 Post
- 7 Interactions
CVE Info
Fediverse
The CrushFTP vulnerability, CVE-2024-4040 -- demo of the file inclusion trick and some of the speculation on the sessions.obj usage to gain remote code execution (I recorded this mid-week before some of the other public analysis was out 😅)
https://www.youtube.com/watch?v=etHDJWYElso
Big thanks to @FlareSystems for sponsoring this video! You can track down shady sellers, hunt for cybercrime, or manage threat intelligence and your exposed attack surface with Flare! Try a free trial: https://jh.live/flare
CVE-2024-20353
KEV- 1 Post
- 8 Interactions
CVE Info
Fediverse
The hubbub about Cisco is winding down, but in case you are handling an active security incident, Computer Incident Response Center Luxembourg (CIRCL) recommended users of Cisco ASA equipment follow the Cisco ASA Forensic Investigation Procedures for First Responders.
This document was created 19 August 2019 and revised 3 times (latest 25 January 2024) by the original author, so it is certainly reliable.
It outlines a number of commands that can be run to gather evidence for an investigation along with the respective output that should be collected upon running these commands. This document also provides information on how to perform integrity checks on an ASA’s system images, and includes a procedure for collecting a core file/memory dump from an ASA device.
#Cisco #CVE_2024_20353 #CVE_2024_20359 #activeexploitation #IR #DFIR #eitw
CVE-2024-3094
- 1 Post
- 2 Interactions
CVE Info
Fediverse
Sysdig: Meet the Research behind our Threat Research Team – RSA 2024
I thought the title was a typo but Sysdig showcases various threats and vulnerabilities that their threat research team worked on: such as SSH-Snake, Romanian threat actor RUBYCARP, Operation SCARLETEEL, cryptojacking Operation AMBERSQUID, Meson Network, Operation LABRAT, CVE-2024-3094 (XZ Utils), and the Leaky Vessels vulnerabilities. You can meet the threat research team at booth S-742 at RSA Conference 2024, May 6 – 9 in San Francisco.
CVE-2022-38028
KEV- 1 Post
- 1 Interaction
CVE Info
Fediverse
CVE-2024-26218
- 1 Post
- 1 Interaction
CVE Info
Fediverse
CVE-2006-4304
- 1 Post
CVE Info
Fediverse
Tiens, le pwnage de la PlayStation, discuté depuis le début de l'année, repose sur une faille de sécurité datant de 2006!
"For some reason, the PS4/PS5 is vulnerable to CVE-2006-4304. By having invalid options, it is possible to cause a heap buffer overwrite and overread."
👇
https://hackerone.com/reports/2177925
"PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May"
👇
https://wololo.net/2024/04/26/ps4-ps5-theflow-discloses-kernel-vulnerability-relying-on-old-bug-from-2006-impacts-ps4-up-to-11-00-ps5-up-to-8-20-more-details-in-may/
CVE-2023-50386
- 1 Post
- 2 Interactions
CVE Info
Fediverse
Good haul this week, including #exploit modules for PAN-OS CVE-2024-3400, FortiClient CVE-2023-48788, and Apache Solr CVE-2023-50386. Some solid fixes and enhancements too! 🐚 https://www.rapid7.com/blog/post/2024/04/26/metasploit-weekly-wrap-up-04-26-24/
CVE-2023-48788
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Good haul this week, including #exploit modules for PAN-OS CVE-2024-3400, FortiClient CVE-2023-48788, and Apache Solr CVE-2023-50386. Some solid fixes and enhancements too! 🐚 https://www.rapid7.com/blog/post/2024/04/26/metasploit-weekly-wrap-up-04-26-24/
CVE-2023-41266
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Cactus Ransomware Exploits Qlik Vulnerabilities for Initial Access Mega Toot
- ShadowServer Foundation: CRITICAL: Vulnerable/Compromised Qlik Sense Special Report
- FoX-IT: Sifting through the spines: identifying (potential) Cactus ransomware victims
- Cyberveilig Nederland: (Dutch) Persbericht: Samenwerkingsverband Melissa vindt diverse Nederlandse slachtoffers van ransomwaregroepering Cactus (official press release)
- Dutch Institute for Vulnerability Disclosure (DIVD): DIVD CSIRT Congratulates Project Melissa
- Northwave Cybersecurity: PrickSense: How Cactus Exploits Qlik Sense
This was reported last year by Arctic Wolf as Cactus Ransomware was actively exploiting Qlik Sense servers for initial access. The vulnerabilities are as follows:
- CVE-2023-41266 (vendor 8.2 high/NVD 6.5 medium) path traversal, disclosed ~29 August 2023?, added to CISA KEV Catalog 07 December 2023
- CVE-2023-41265 (vendor 9.6 critical/NVD 9.9 critical) also known as ZeroQlik ... HTTP Request Tunneling vulnerability, disclosed ~29 August 2023?, added to KEV 07 December 2023
- CVE-2023-48365 (vendor 9.6 critical/NVD 9.9 critical) also known as DoubleQlik ... EoP and a patch bypass of CVE-2023-41265, disclosed 15 November 2023
Project Melissa, a public-private partnership against ransomware, identified 3100 vulnerable servers worldwide and notified their organizations. 122 of these servers were actively being exploited.
#Cactus #ransomware #CVE_2023_41266 #CVE_2023_41265 #CVE_2023_48365 #Qlik #vulnerability #threatintel
CVE-2023-41265
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Cactus Ransomware Exploits Qlik Vulnerabilities for Initial Access Mega Toot
- ShadowServer Foundation: CRITICAL: Vulnerable/Compromised Qlik Sense Special Report
- FoX-IT: Sifting through the spines: identifying (potential) Cactus ransomware victims
- Cyberveilig Nederland: (Dutch) Persbericht: Samenwerkingsverband Melissa vindt diverse Nederlandse slachtoffers van ransomwaregroepering Cactus (official press release)
- Dutch Institute for Vulnerability Disclosure (DIVD): DIVD CSIRT Congratulates Project Melissa
- Northwave Cybersecurity: PrickSense: How Cactus Exploits Qlik Sense
This was reported last year by Arctic Wolf as Cactus Ransomware was actively exploiting Qlik Sense servers for initial access. The vulnerabilities are as follows:
- CVE-2023-41266 (vendor 8.2 high/NVD 6.5 medium) path traversal, disclosed ~29 August 2023?, added to CISA KEV Catalog 07 December 2023
- CVE-2023-41265 (vendor 9.6 critical/NVD 9.9 critical) also known as ZeroQlik ... HTTP Request Tunneling vulnerability, disclosed ~29 August 2023?, added to KEV 07 December 2023
- CVE-2023-48365 (vendor 9.6 critical/NVD 9.9 critical) also known as DoubleQlik ... EoP and a patch bypass of CVE-2023-41265, disclosed 15 November 2023
Project Melissa, a public-private partnership against ransomware, identified 3100 vulnerable servers worldwide and notified their organizations. 122 of these servers were actively being exploited.
#Cactus #ransomware #CVE_2023_41266 #CVE_2023_41265 #CVE_2023_48365 #Qlik #vulnerability #threatintel
CVE-2023-48365
- 1 Post
- 2 Interactions
CVE Info
Fediverse
Cactus Ransomware Exploits Qlik Vulnerabilities for Initial Access Mega Toot
- ShadowServer Foundation: CRITICAL: Vulnerable/Compromised Qlik Sense Special Report
- FoX-IT: Sifting through the spines: identifying (potential) Cactus ransomware victims
- Cyberveilig Nederland: (Dutch) Persbericht: Samenwerkingsverband Melissa vindt diverse Nederlandse slachtoffers van ransomwaregroepering Cactus (official press release)
- Dutch Institute for Vulnerability Disclosure (DIVD): DIVD CSIRT Congratulates Project Melissa
- Northwave Cybersecurity: PrickSense: How Cactus Exploits Qlik Sense
This was reported last year by Arctic Wolf as Cactus Ransomware was actively exploiting Qlik Sense servers for initial access. The vulnerabilities are as follows:
- CVE-2023-41266 (vendor 8.2 high/NVD 6.5 medium) path traversal, disclosed ~29 August 2023?, added to CISA KEV Catalog 07 December 2023
- CVE-2023-41265 (vendor 9.6 critical/NVD 9.9 critical) also known as ZeroQlik ... HTTP Request Tunneling vulnerability, disclosed ~29 August 2023?, added to KEV 07 December 2023
- CVE-2023-48365 (vendor 9.6 critical/NVD 9.9 critical) also known as DoubleQlik ... EoP and a patch bypass of CVE-2023-41265, disclosed 15 November 2023
Project Melissa, a public-private partnership against ransomware, identified 3100 vulnerable servers worldwide and notified their organizations. 122 of these servers were actively being exploited.
#Cactus #ransomware #CVE_2023_41266 #CVE_2023_41265 #CVE_2023_48365 #Qlik #vulnerability #threatintel
CVE-2024-29966
- 1 Post
- 1 Interaction
CVE Info
Fediverse
Maybe it's just easier to create the flaws first and then attach the rest of the software. #infosec #cybersecurity
CVE-2024-2859; CVE-2024-29960; CVE-2024-29961; CVE-2024-29963; CVE-2024-29966
Severe Flaws Disclosed in #Brocade SANnav SAN Management Software - all 18 of them https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html @thehackernews
CVE-2024-2859
- 1 Post
- 1 Interaction
CVE Info
Fediverse
Maybe it's just easier to create the flaws first and then attach the rest of the software. #infosec #cybersecurity
CVE-2024-2859; CVE-2024-29960; CVE-2024-29961; CVE-2024-29963; CVE-2024-29966
Severe Flaws Disclosed in #Brocade SANnav SAN Management Software - all 18 of them https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html @thehackernews
CVE-2024-29963
- 1 Post
- 1 Interaction
CVE Info
Fediverse
Maybe it's just easier to create the flaws first and then attach the rest of the software. #infosec #cybersecurity
CVE-2024-2859; CVE-2024-29960; CVE-2024-29961; CVE-2024-29963; CVE-2024-29966
Severe Flaws Disclosed in #Brocade SANnav SAN Management Software - all 18 of them https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html @thehackernews
CVE-2024-29961
- 1 Post
- 1 Interaction
CVE Info
Fediverse
Maybe it's just easier to create the flaws first and then attach the rest of the software. #infosec #cybersecurity
CVE-2024-2859; CVE-2024-29960; CVE-2024-29961; CVE-2024-29963; CVE-2024-29966
Severe Flaws Disclosed in #Brocade SANnav SAN Management Software - all 18 of them https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html @thehackernews
CVE-2024-29960
- 1 Post
- 1 Interaction
CVE Info
Fediverse
Maybe it's just easier to create the flaws first and then attach the rest of the software. #infosec #cybersecurity
CVE-2024-2859; CVE-2024-29960; CVE-2024-29961; CVE-2024-29963; CVE-2024-29966
Severe Flaws Disclosed in #Brocade SANnav SAN Management Software - all 18 of them https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html @thehackernews