exploitation

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery

by

February 23, 2024 at 07:33AM ConnectWise’s ScreenConnect product faced a critical vulnerability, leading to widespread exploitation for ransomware and other malware. The company issued patches for an authentication bypass flaw and path traversal issue, now assigned CVE identifiers. Exploited flaws, dubbed SlashAndGrab, allowed unauthorized account creation and arbitrary code execution. Several malicious activities were reported, … Read more

ScreenConnect servers hacked in LockBit ransomware attacks

by

February 22, 2024 at 01:35PM Attackers exploit a severe authentication bypass vulnerability to breach unpatched ScreenConnect servers, deploying LockBit ransomware. ConnectWise released security updates, including a patch for a high-severity path traversal flaw. Both bugs impact all ScreenConnect versions. CISA ordered U.S. federal agencies to secure servers within a week. Threat actors have deployed LockBit … Read more

CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks

by

February 16, 2024 at 06:57AM The US security agency CISA has added CVE-2020-3259, a vulnerability affecting Cisco ASA and FTD products, to its Known Exploited Vulnerabilities catalog. It allows remote attackers to access sensitive information. CISA urges organizations to address it promptly after evidence suggesting exploitation by the Akira ransomware group emerged. Cisco is advised … Read more

Microsoft Warns of Exploited Exchange Server Zero-Day

by

February 15, 2024 at 06:45AM A critical vulnerability in Exchange Server (CVE-2024-21410) is actively exploited, enabling privilege escalation and NTLM hash relay attacks. Microsoft issued a warning and released Exchange Server 2019 CU14 to address the flaw. Furthermore, Check Point disclosed another critical-severity Outlook vulnerability (CVE-2024-21413) allowing remote code execution through crafted hyperlinks. Both companies … Read more

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

by

February 6, 2024 at 03:15AM A server-side request forgery (SSRF) vulnerability in Ivanti products is being widely exploited, leading to mass attacks from over 170 unique IP addresses. The exploit allows unauthorized access to restricted resources. Security firm Rapid7 released a proof-of-concept exploit, and outdated open-source components in Ivanti VPN appliances pose further security risks. … Read more

Newest Ivanti SSRF zero-day now under mass exploitation

by

February 5, 2024 at 11:00AM Ivanti Connect Secure and Policy Secure are being exploited through an SSRF vulnerability, tracked as CVE-2024-21893, allowing attackers to bypass authentication and access restricted resources on vulnerable devices. The exploitation volume is significantly high, leading to U.S. CISA’s directive for federal agencies to disconnect and upgrade affected appliances to the … Read more

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

by

January 19, 2024 at 12:03AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched critical flaw in Ivanti Endpoint Manager Mobile and MobileIron Core to its Known Exploited Vulnerabilities catalog. The flaw enables unauthorized remote access and has been actively exploited, affecting several versions of the impacted software. Federal agencies are advised … Read more

CISA Urges Patching of Exploited SharePoint Server Vulnerability

by

January 11, 2024 at 09:21AM CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All … Read more

New year, new bugs in Windows, Adobe, Android, more to be fixed

by

January 9, 2024 at 05:35PM Microsoft’s recent Patch Tuesday brought 49 Windows security updates and four high-severity Chrome flaws for Edge. Although there’s no active exploitation, two critical CVEs are listed as “exploitation more likely.” Adobe and SAP also released patches for their products, while Google’s Android Security Bulletin addressed 59 CVEs. No prior exploits … Read more

Two years on, 1 in 4 apps still vulnerable to Log4Shell

by

December 11, 2023 at 10:06AM Two years after the Log4Shell vulnerability disclosure, around 1 in 4 applications still rely on outdated Log4j libraries, making them susceptible to exploitation. While some developers promptly updated the libraries, a significant proportion remain vulnerable. Urgent action was effective, but there’s still a need for more rigorous open source security … Read more