CVE-2024-0012
KEV- 4 Posts
- 9 Interactions
CVE Info
Fediverse
Bad day for VPN routers: Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 auth bypass by HTTP, privesc via command injection. Exploitation enables pre-auth RCE chaining the bypass to inject arbitrary commands in PHP session handling, targeting SSLVPN devices.
Being actively exploited.
‘ We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?’
NIST-defined critical software.
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
Updates on PAN-SA-2024-0015: The blog has been updated with the following latest information provided by Palo Alto.
1) CVE-2024-0012 has been assigned
2) Indicators of Compromise has been updated.
3) Added a section "What if I found one of the IOCs in my Organization's environment??"
4) Affected Products and Product versions has been updated
5) Fixed versions has been updated.
Refer: https://patchnow24x7.com/blog-1/f/pan-sa-2024-0015-secure-your-paloalto-management-interface-now
#PatchNOW
#Vulnerability
#ComputerSecurity
#hacked
#Cyberattack
#infosec
#informationsecurity
#CyberSecurityAwareness
#DataBreach
#cybersecurity
CVE-2024-9474
KEV- 3 Posts
- 9 Interactions
CVE Info
Fediverse
Bad day for VPN routers: Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 auth bypass by HTTP, privesc via command injection. Exploitation enables pre-auth RCE chaining the bypass to inject arbitrary commands in PHP session handling, targeting SSLVPN devices.
Being actively exploited.
‘ We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?’
NIST-defined critical software.
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
CVE-2024-52940
- 1 Post
- 1 Interaction
CVE Info
Fediverse
CVE-2024-26229
- 1 Post
- 2 Interactions
CVE Info
Fediverse
@cR0w This is from a client lol, AlienVault is flagging 127.0.0.0/8 connections as cve-2024-26229 IOCs 🙄
CVE-2024-1212
KEV- 1 Post
- 1 Interaction
CVE Info
Fediverse
Progress Kemp #LoadMaster contains an OS Command #Injection #vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution (CVE-2024-1212):
https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html
CVE-2024-10224
- 1 Post
- 1 Interaction
CVE Info
Fediverse
It has been 0 days since I've had to tap the sign:
https://infosec.exchange/@ckure/111970971640286655
"CVE-2024-10224: local attackers can execute arbitrary shell commands as root by tricking needrestart into open()ing a filename of the form "commands|" (technically, this vulnerability is in Perl's ScanDeps module, but it is unclear whether this module was ever meant to operate on attacker-controlled files or not)."
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
CVE-2024-35250
- 1 Post
CVE Info
Fediverse
CVE-2024-21287
- 1 Post
CVE Info
Fediverse
Tracked as CVE-2024-21287 (CVSS score of 7.5), the zero-day affects Agile PLM version 9.3.6 and can be exploited remotely without authentication. https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/
CVE-2024-38812
KEV- 1 Post
- 8 Interactions
CVE Info
Fediverse
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!
- CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
- CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability
#cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vmware #vcenter #vulnerability #eitw #activeexploitation #infosec #cybersecurity
CVE-2024-38813
KEV- 1 Post
- 8 Interactions
CVE Info
Fediverse
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!
- CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
- CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability
#cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vmware #vcenter #vulnerability #eitw #activeexploitation #infosec #cybersecurity
CVE-2024-23113
KEV- 1 Post
CVE Info
Fediverse
What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
CVE-2024-20767
- 1 Post
CVE Info
Fediverse
https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
CVE-2024-21216
- 1 Post
CVE Info
Fediverse
https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
CVE-2024-47575
KEV- 1 Post
CVE Info
Fediverse
What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
CVE-2024-44309
- 1 Post
- 3 Interactions
CVE Info
Fediverse
iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
CVE-2024-44308
- 1 Post
- 3 Interactions
CVE Info
Fediverse
iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
CVE-2023-27997
KEV- 1 Post
CVE Info
Fediverse
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation
Analysis With The APT10 Umbrella
https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html
LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend
Micro has been tracking the group as Earth Kasha. We have identified a new
campaign connected to this group with significant updates to their strategy,
tactics, and arsenals.
In the new campaign starting in early 2023, Earth Kasha expanded their targets
into Japan, Taiwan, and India. Based on the bias of the incident amount, while
we believe that Japan is still the main target of Earth Kasha, we observed
that a few high-profile organizations in Taiwan and India were targeted. The
observed industries under attack are organizations related to advanced
technology and government agencies.
Earth Kasha has also employed different Tactics, Techniques, and Procedures
(TTPs) in the Initial Access phase, which now exploits public-facing
applications such as SSL-VPN and file storage services. We observed that
vulnerabilities of enterprise products, such as Array AG (CVE-2023-28461),
Proself (CVE-2023-45727) and FortiOS/FortiProxy (CVE-2023-27997), were abused
in the wild. Earth Kasha was changing these vulnerabilities to abuse from time
to time. After gaining access, they deployed several backdoors in the victim's
network to achieve persistence. These include Cobalt Strike, LODEINFO, and the
newly discovered NOOPDOOR, which we will describe later.
CVE-2023-28461
- 1 Post
CVE Info
Fediverse
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation
Analysis With The APT10 Umbrella
https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html
LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend
Micro has been tracking the group as Earth Kasha. We have identified a new
campaign connected to this group with significant updates to their strategy,
tactics, and arsenals.
In the new campaign starting in early 2023, Earth Kasha expanded their targets
into Japan, Taiwan, and India. Based on the bias of the incident amount, while
we believe that Japan is still the main target of Earth Kasha, we observed
that a few high-profile organizations in Taiwan and India were targeted. The
observed industries under attack are organizations related to advanced
technology and government agencies.
Earth Kasha has also employed different Tactics, Techniques, and Procedures
(TTPs) in the Initial Access phase, which now exploits public-facing
applications such as SSL-VPN and file storage services. We observed that
vulnerabilities of enterprise products, such as Array AG (CVE-2023-28461),
Proself (CVE-2023-45727) and FortiOS/FortiProxy (CVE-2023-27997), were abused
in the wild. Earth Kasha was changing these vulnerabilities to abuse from time
to time. After gaining access, they deployed several backdoors in the victim's
network to achieve persistence. These include Cobalt Strike, LODEINFO, and the
newly discovered NOOPDOOR, which we will describe later.
CVE-2023-45727
- 1 Post
CVE Info
Fediverse
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation
Analysis With The APT10 Umbrella
https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html
LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend
Micro has been tracking the group as Earth Kasha. We have identified a new
campaign connected to this group with significant updates to their strategy,
tactics, and arsenals.
In the new campaign starting in early 2023, Earth Kasha expanded their targets
into Japan, Taiwan, and India. Based on the bias of the incident amount, while
we believe that Japan is still the main target of Earth Kasha, we observed
that a few high-profile organizations in Taiwan and India were targeted. The
observed industries under attack are organizations related to advanced
technology and government agencies.
Earth Kasha has also employed different Tactics, Techniques, and Procedures
(TTPs) in the Initial Access phase, which now exploits public-facing
applications such as SSL-VPN and file storage services. We observed that
vulnerabilities of enterprise products, such as Array AG (CVE-2023-28461),
Proself (CVE-2023-45727) and FortiOS/FortiProxy (CVE-2023-27997), were abused
in the wild. Earth Kasha was changing these vulnerabilities to abuse from time
to time. After gaining access, they deployed several backdoors in the victim's
network to achieve persistence. These include Cobalt Strike, LODEINFO, and the
newly discovered NOOPDOOR, which we will describe later.
CVE-2024-10979
- 1 Post
- 1 Interaction
CVE Info
Fediverse
https://www.openwall.com/lists/oss-security/2024/11/16/7
CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
CVE-2024-10977
- 1 Post
- 1 Interaction
CVE Info
Fediverse
https://www.openwall.com/lists/oss-security/2024/11/16/7
CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
CVE-2024-10976
- 1 Post
- 1 Interaction
CVE Info
Fediverse
https://www.openwall.com/lists/oss-security/2024/11/16/7
CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979