Tenable Identity Exposure allows you to secure your infrastructure by anticipating threats, detecting breaches, and responding to incidents and attacks. Using an intuitive dashboard to monitor your Active Directory in real-time, you can identify at a glance the most critical vulnerabilities and their recommended courses of remediation.…
Tag: CVE
Summary: A vulnerability called “CosmicSting” in Adobe Commerce and Magento websites is leaving millions of sites at risk of XML external entity injection (XXE) and remote code execution (RCE) attacks.
Threat Actor: CosmicSting | CosmicSting Victim: Adobe Commerce and Magento websites | Adobe Commerce and Magento websites
Key Point :
A vulnerability named “CosmicSting” in Adobe Commerce and Magento websites remains unpatched, leaving millions of sites vulnerable to XXE and RCE attacks.…Summary: The Atlassian June 2024 Security Bulletin addressed multiple high-severity vulnerabilities in their Confluence, Crucible, and Jira products.
Threat Actor: None identified.
Victim: Atlassian.
Key Point :
The Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe vulnerability was an improper authorization dependency in Confluence Data Center and Server, which received a CVSS score of 8.2.…This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…
Overview
Read More The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …
Summary: There is a critical vulnerability in the command line program wget, which has a CVSS Base Score of 10.0. CERT-Bund warns of the vulnerability, which is contained in wget versions <=1.24.5.
Threat Actor: Unspecified threat actor | wget Victim: Users of wget under Linux or Windows | wget
Key Point :
A critical vulnerability (CVE-2024-38428) has been discovered in the command line program wget, which allows an attacker to carry out an unspecified attack.…Summary: Cyber espionage groups associated with China have been conducting a long-running campaign targeting telecom operators in an Asian country, infiltrating their networks and attempting to steal credentials.
Threat Actor: Chinese Cyber Espionage | Chinese Cyber Espionage Victim: Telecom operators in an Asian country | telecom operators in an Asian country
Key Point :
Cyber espionage groups associated with China have been conducting a long-running campaign targeting telecom operators in an Asian country.…Summary: Google has released a security update for Chrome 126, addressing several vulnerabilities including a high-severity type confusion issue in the V8 script engine.
Threat Actor: N/A
Victim: N/A
Key Point :
The security update for Chrome 126 addresses a high-severity type confusion issue in the V8 script engine, reported by Seunghyun Lee during the SSD Secure Disclosure’s TyphoonPWN 2024.…Summary: This content discusses the investigation into UNC3886, a suspected China-nexus cyberespionage group targeting strategic global organizations.
Threat Actor: UNC3886 | UNC3886 Victim: Strategic global organizations | strategic global organizations
Key Point :
UNC3886 demonstrated sophisticated and cautious approaches by employing multiple layers of persistence across network devices, hypervisors, and virtual machines to maintain long-term access.…Summary: This content discusses a vulnerability in RAD Data Communications’ SecFlow-2 equipment that allows remote attackers to perform path traversal and obtain files from the operating system.
Threat Actor: RAD Data Communications | RAD Data Communications Victim: Users of RAD Data Communications’ SecFlow-2 equipment | RAD Data Communications
Key Point :
The vulnerability, known as CVE-2019-6268, has a CVSS v4 score of 8.7 and allows attackers to exploit the path traversal vulnerability remotely with low attack complexity.…We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.…
Summary: The content discusses the alarming increase in vulnerabilities across all enterprise software categories and emphasizes the need for alternative approaches to vulnerability monitoring due to delays in associating Common Vulnerabilities and Exposures (CVE) identifiers with Common Platform Enumeration (CPE) data.
Threat Actor: N/A Victim: N/A
Key Point :
Action1 researchers found a significant rise in the total number of vulnerabilities in enterprise software.…Summary: Threat actors are increasingly targeting load balancers, leading to a record exploitation rate for this category of devices over a three-year period.
Threat Actor: Unknown | Unknown Victim: Load balancers | Load balancers
Key Point :
Load balancers have a disproportionately high exploitation rate, with a record 17% exploitation rate over a three-year period.…Summary: Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.
Threat Actor: Malicious actors | malicious actors Victim: Mailcow open-source mail server suite | Mailcow open-source mail server suite
Key Point :
A path traversal vulnerability impacting a function named “rspamd_maps()” that could result in the execution of arbitrary commands on the server by allowing a threat actor to overwrite any file that can be modified with the “www-data” user.…Summary: This article discusses the use of large language models (LLMs) in cyber defense applications and the concerns regarding their reliability and accuracy.
Threat Actor: N/A
Victim: N/A
Key Point :
Researchers from the Rochester Institute of Technology have developed CTIBench, the first benchmark to evaluate the performance of LLMs in cyber threat intelligence applications.…
Introduction
Read More While responding to an incident at one of our clients, the PT ESC CSIRT team discovered a previously unknown backdoor written in Go, which we attributed to a cybercrime gang dubbed ExCobalt.
ExCobalt focuses on cyberespionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt gang. Cobalt attacked financial institutions to steal funds.…
Summary: This content discusses critical-rated flaws in VMware’s vCenter Server, which could potentially lead to remote code execution if exploited by a malicious actor.
Threat Actor: Unknown | Unknown Victim: VMware | VMware
Key Point :
VMware has identified two critical-rated flaws in its vCenter Server, which are heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol.…The executables and the command constitute a component of the threat actor’s attempt to hijack SSH connections with the objective of acquiring SSH credentials. Analysis of the executables and their attempts is discussed later in this report.
Malware Leveraging Trusted Third Parties as C2 ChannelThe threat actor was observed deploying malware, including MOPSLED and RIFLESPINE, that leverages trusted third parties like GitHub and Google Drive as C2 channels while relying on the rootkits for persistence.…
Threat Actor: Unknown | Unknown Victim: Windows Vista and later devices | Windows Vista and later devices Price: $5,000 USD (negotiable) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is selling an exploit for CVE-2024-30078, a Remote Code Execution (RCE) vulnerability in the WiFi driver affecting all Windows Vista and later devices.…Summary: ASUS has addressed a critical remote authentication bypass vulnerability affecting seven router models, allowing a remote attacker to log into the device without authentication.
Threat Actor: N/A
Victim: ASUS
Key Point :
The vulnerability, tracked as CVE-2024-3080, impacts several ASUS router models, including ZenWiFi XT8, RT-AX57, RT-AC86U, and RT-AC68U.…