November 18, 2024 at 09:34AM Discontinued GeoVision video surveillance products are facing botnet attacks due to a critical zero-day vulnerability (CVE-2024-11120). This flaw allows remote attackers to execute commands without authentication. The affected models, now unsupported, include GV-VS12 and GV-VS11. Users are urged to replace these devices to mitigate risks. ### Meeting Notes Takeaways: 1. … Read more
August 7, 2024 at 11:35AM Threat actors are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2024-4885, in Progress WhatsUp Gold 23.1.2 and older versions. Proof-of-concept (PoC) exploits are available, and the attacks started on August 1, 2024, from six distinct IP addresses. Users are urged to upgrade to version 23.1.3 or implement firewall … Read more
August 1, 2024 at 09:18AM Around 20,000 unpatched VMware ESXi servers, vulnerable to CVE-2024-37085 (CVSS 6.8), are accessible on the internet. It allows threat actors full access, with ransomware groups like Storm-0506 and Octo Tempest exploiting it. The flaw enables administrative control over hypervisors, risking file encryption, VM access, and lateral movement within networks. Urgent … Read more
July 17, 2024 at 01:42AM Threat actors are exploiting a critical security flaw in Apache HugeGraph-Server, enabling remote code execution attacks (CVE-2024-27348, CVSS score: 9.8). Users are urged to upgrade to version 1.3.0 with Java11 and enable the Auth system to fix the issue. Exploitation attempts are in the wild, emphasizing the urgency of applying … Read more
April 23, 2024 at 06:57AM A recently disclosed Palo Alto Networks firewall vulnerability (CVE-2024-3400) has been exploited for at least a month, impacting Siemens’ Ruggedcom APE1808 devices. Siemens is preparing updates and providing workarounds. The vulnerability has been exploited in the wild, and there are concerns about state-sponsored threat actors. The Shadowserver Foundation has identified … Read more
April 9, 2024 at 02:15AM Security flaws in legacy D-Link NAS devices are being exploited by threat actors, impacting over 92,000 internet-exposed devices. The vulnerabilities allow arbitrary command execution, potentially leading to unauthorized access and denial-of-service conditions. No patches are expected, and users are advised to replace affected devices or firewall remote access. Attackers are … Read more
February 6, 2024 at 03:16PM Dozens of countries, including France, the UK, and the US, and tech giants like Google, Meta, and Microsoft, have joined forces to combat the misuse of commercial spyware violating human rights. The coalition aims to establish guidelines and transparency in the development and use of these cyber-intrusion capabilities. The initiative … Read more
January 22, 2024 at 11:06AM Attempts to exploit a critical Atlassian Confluence vulnerability, CVE-2023-22527, began shortly after its disclosure. Out-of-date versions of Confluence Data Center and Server are affected, allowing unauthenticated attackers to achieve remote code execution. The Shadowserver Foundation reported 40,000 exploitation attempts, highlighting widespread activity and the ongoing risk to vulnerable servers. Based … Read more
December 6, 2023 at 10:48AM The Shadowserver Foundation reports a surge in device hacks linked to new vulnerabilities in Cisco IOS XE. SecurityWeek shared the news in a post titled “Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes.” Here are the clear takeaways from the meeting notes provided: 1. The Shadowserver Foundation has issued a … Read more
November 3, 2023 at 09:42AM The Mozi botnet experienced a significant decrease in activity in August 2023, attributed to the distribution of a kill switch to the bots. This kill switch stripped the bots of functionality but allowed them to maintain persistence. The decline in activity is believed to be a deliberate and calculated takedown, … Read more