September 23, 2024 at 02:18AM A suspected APT from China targeted a Taiwanese government organization and other APAC countries by exploiting a security flaw. The activity uses various techniques and malware like Cobalt Strike and EAGLEDOOR to infiltrate and gather data from government and energy sectors. The threat actor’s sophistication and adaptability are notable. Key … Read more
September 22, 2024 at 09:10PM A China-linked cyber-espionage group dubbed Earth Baxia has targeted Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam. The group primarily uses spear-phishing and a custom backdoor called EagleDoor, as well as exploiting a vulnerability in the open source GeoServer software. The majority of the group’s … Read more
July 16, 2024 at 06:19PM CISA warns of actively exploited GeoServer GeoTools remote code execution flaw (CVE-2024-36401). The flaw allows arbitrary code execution and affects all GeoServer instances. Researchers demonstrated proof of concept exploits, prompting patching of versions 2.23.6, 2.24.4, and 2.25.2. CISA requires federal agencies to patch servers by August 5th, 2024, while private … Read more
July 16, 2024 at 12:09PM CISA is urgently advising federal agencies to address a high-severity vulnerability in GeoServer (CVE-2024-36401) due to active exploitation risks. The flaw allows unauthenticated attackers to execute remote code through crafted input, affecting all GeoServer instances. Users are recommended to apply the latest patches and review CISA’s Known Exploited Vulnerabilities list … Read more
July 16, 2024 at 12:45AM The U.S. CISA identified a critical security flaw in OSGeo GeoServer GeoTools as actively exploited. The vulnerability, CVE-2024-36401, allows remote code execution. Versions 2.23.6, 2.24.4, and 2.25.2 address the issue. Another flaw, CVE-2024-36404, also poses RCE risk. Federal agencies must apply fixes by August 5, 2024, amid reports of active … Read more