Palo Alto Networks patches two firewall zero-days used in attacks

November 18, 2024 at 03:57PM Palo Alto Networks has released security updates for two zero-day vulnerabilities in its Next-Generation Firewalls (CVE-2024-0012 and CVE-2024-9474). These flaws allow unauthorized access and privilege escalation, affecting a small number of devices. The U.S. cybersecurity agency has urged federal agencies to patch systems by December 9. ### Meeting Notes Takeaways: … Read more

Botnet exploits GeoVision zero-day to install Mirai malware

November 15, 2024 at 02:40PM A malware botnet is exploiting a critical zero-day vulnerability (CVE-2024-11120) in unsupported GeoVision devices for potential DDoS and cryptomining attacks. Approximately 17,000 devices are at risk, primarily in the U.S. Signs of compromise include overheating and slow performance. Replacement with supported models is advised. **Meeting Takeaways:** 1. **Vulnerability Overview**: – … Read more

Critical bug in EoL D-Link NAS devices now exploited in attacks

November 13, 2024 at 01:37PM A critical vulnerability (CVE-2024-10914) in D-Link end-of-life NAS devices allows unauthenticated command injection via malicious HTTP requests. D-Link has ceased support and advises customers to retire affected models. Despite warnings, attackers have begun exploiting this flaw, targeting over 41,000 exposed devices on the internet. ### Meeting Takeaways 1. **Critical Vulnerability … Read more

CISA warns of Jenkins RCE bug exploited in ransomware attacks

August 19, 2024 at 03:22PM CISA warns of critical Jenkins vulnerability (CVE-2024-23897) exploited for remote code execution. Multiple PoCs published online with over 28,000 exposed instances. Trend Micro reports exploitation started in March, with recent breaches affecting Indian banks. CISA orders FCEB agencies to secure servers by September 9, urging all organizations to prioritize fixing … Read more

Critical Progress WhatsUp RCE flaw now under active exploitation

August 7, 2024 at 11:35AM Threat actors are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2024-4885, in Progress WhatsUp Gold 23.1.2 and older versions. Proof-of-concept (PoC) exploits are available, and the attacks started on August 1, 2024, from six distinct IP addresses. Users are urged to upgrade to version 23.1.3 or implement firewall … Read more

CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks

July 16, 2024 at 06:19PM CISA warns of actively exploited GeoServer GeoTools remote code execution flaw (CVE-2024-36401). The flaw allows arbitrary code execution and affects all GeoServer instances. Researchers demonstrated proof of concept exploits, prompting patching of versions 2.23.6, 2.24.4, and 2.25.2. CISA requires federal agencies to patch servers by August 5th, 2024, while private … Read more

Unprecedented: Cloud Giants, Feds Team on Unified Security Intelligence

July 12, 2024 at 02:34PM The top US cloud service providers are collaborating on a National Cyber Feed Initiative to provide real-time threat-monitoring data to federal cybersecurity authorities. The effort aims to improve threat intelligence sharing and cybersecurity. Challenges remain, including standardizing data delivery and making the information consumable. The initiative has gained momentum and … Read more

CISA says GitLab account takeover bug is actively exploited in attacks

May 1, 2024 at 12:33PM CISA warns of active exploitation of a critical GitLab vulnerability (CVE-2023-7028), allowing attackers to hijack accounts via password resets, potentially leading to supply chain attacks. While 2FA-protected accounts are safe, unpatched systems are at risk. GitLab has released fixes, and CISA urges prompt patching, especially for federal agencies and private … Read more

Ivanti: Patch new Connect Secure auth bypass bug immediately

February 8, 2024 at 02:53PM Ivanti warns of authentication bypass vulnerability (CVE-2024-22024) in Connect Secure, Policy Secure, and ZTA gateways, allowing remote access to unpatched appliances. No evidence of customer exploitation, but immediate action is recommended. Over 20,000 ICS VPN gateways tracked online. Ivanti devices targeted in zero-day attacks. Security patches released. CISA orders disconnection … Read more

Ivanti warns of new Connect Secure zero-day exploited in attacks

January 31, 2024 at 08:48AM Ivanti has warned of two vulnerabilities affecting Connect Secure, Policy Secure, and ZTA gateways. The first vulnerability (CVE-2024-21893) is a zero-day bug allowing server-side request forgery, granting unauthorized access. The second flaw (CVE-2024-21888) enables privilege escalation. Ivanti has released security patches and mitigation measures. Threat actors have exploited these vulnerabilities, … Read more