February 9, 2024 at 12:27PM The malware Raspberry Robin has evolved to utilize new one-day exploits for local privilege escalation, making it harder to detect and analyze. It serves as an initial access facilitator for other malicious payloads and has ties to various e-crime groups. The threat actors behind it purchase exploits from the dark … Read more
January 24, 2024 at 03:05PM A new proof-of-concept exploit is available for a critical authentication bypass vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere Managed File Transfer software. This flaw affects a large percentage of systems and allows unauthenticated remote attackers to create new accounts with admin privileges. The release of this exploit is likely to lead to … Read more
January 24, 2024 at 10:07AM Security experts have rapidly published working exploits for a critical vulnerability in Fortra GoAnywhere MFT, exposing a serious authentication bypass issue initially disclosed by Fortra in December. Researchers from Horizon3 developed an exploit targeting a vulnerable endpoint, exposing the system to unauthorized admin user creation. Fortra advises upgrading to version … Read more
January 24, 2024 at 09:24AM A critical vulnerability (CVE-2024-0204, CVSS score 9.8) in Fortra’s GoAnywhere MFT allows an unauthenticated attacker to create an admin user. Patches were released on Dec 7, urging customers to update to version 7.4.1. Horizon3.ai published a technical writeup on the bug’s root cause and PoC code one day after the … Read more
January 19, 2024 at 06:12AM VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed … Read more
January 16, 2024 at 10:04AM Ivanti Connect Secure (ICS) VPN users are at risk if they have not applied recent vulnerability mitigation. Over 1,700 devices have been compromised due to successful exploits. The attacks have targeted a wide range of organizations globally. Users are advised to run Ivanti’s Integrity Checker Tool to detect compromises and … Read more
January 12, 2024 at 02:49PM Security experts have warned about a ransomware group exploiting a critical Microsoft SharePoint vulnerability, CVE-2023-29357, which can lead to remote code execution. This vulnerability was added to the US’s must-patch list, giving agencies three weeks to patch it. The exploit chain has been a concern, and patching is crucial to … Read more
December 21, 2023 at 09:20AM Sonatype reports low adoption of fixed versions of Struts 2 despite a critical RCE vulnerability (CVE-2023-50164) in the framework’s file upload feature. The fix is simple: use updated Struts versions. With active exploitation and ease of automatable attacks, Sonatype urges immediate upgrades to mitigate potential risks and emphasizes vigilant maintenance … Read more
November 28, 2023 at 04:30PM Google has released an emergency security update to fix the fifth Chrome zero-day vulnerability of the year. The vulnerability, CVE-2023-6345, was being actively exploited in attacks. Google acknowledged the exploit and released patched versions for Windows, Mac, and Linux users. The company is restricting access to bug details until most … Read more
November 18, 2023 at 10:32PM A proof-of-concept exploit for a critical remote code execution vulnerability in CrushFTP has been publicly released. Attackers can access files, execute code, and obtain passwords. The developers released a fix in CrushFTP 10.5.2, but applying the patches may not protect against all threats. Users should update to the latest version, … Read more