November 19, 2024 at 06:11PM Chinese government-affiliated hackers are exploiting a zero-day vulnerability in Fortinet’s Windows VPN client to steal sensitive information, including credentials. Volexity identified the issue and reported it to Fortinet, which has yet to release a fix. The attackers use a tool called DeepData, capable of extensive data theft. ### Meeting Takeaways … Read more
November 19, 2024 at 03:00PM Oracle has addressed a critical unauthenticated file disclosure vulnerability (CVE-2024-21287) in its Agile PLM software, which was exploited as a zero-day. Users are urged to update immediately to prevent unauthorized file access. The flaw was reported by CrowdStrike and has a CVSS score of 7.5. **Meeting Takeaways:** 1. **Vulnerability Identified**: … Read more
November 19, 2024 at 10:35AM Palo Alto Networks has issued patches for two zero-day vulnerabilities: CVE-2024-0012, a critical authentication bypass, and CVE-2024-9474, a medium-severity privilege escalation. Users are urged to update urgently. The company warns of ongoing exploitation, particularly from VPN services, and advises restricting access to management interfaces. ### Meeting Takeaways: 1. **New Vulnerabilities … Read more
November 16, 2024 at 03:48AM Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall, allowing unauthenticated remote command execution. Exploited in the wild, this flaw has a CVSS score of 9.3 and could enable persistent access via a web shell. Immediate action is advised until patches are available. ### Meeting Takeaways … Read more
November 14, 2024 at 01:33AM A newly patched Windows NT LAN Manager (NTLM) vulnerability (CVE-2024-43451) was exploited by a Russia-linked actor in attacks on Ukraine, enabling the theft of user hashes via infected documents. The attack involves phishing emails linking to malicious files, leading to potential financial theft within an hour of compromise. ### Meeting … Read more
October 30, 2024 at 05:35PM A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials. Acros Security provides a free micropatch to address the issue while Microsoft awaits an official fix. Exploitation requires user interaction, such as copying a malicious theme file. Users are advised to apply the micropatch promptly for protection. ### … Read more
October 24, 2024 at 06:06AM The Lazarus Group exploited a now-patched zero-day vulnerability in Google Chrome to control devices by targeting cryptocurrency sector individuals via a fake game website. Disguised as a decentralized finance game, the attack, discovered by Kaspersky, began in February 2024 and involved advanced social engineering tactics. ### Meeting Takeaways on Lazarus … Read more
October 23, 2024 at 04:07PM Fortinet has confirmed zero-day exploits targeting a remote code execution vulnerability in the FortiManager platform, which has a CVSS severity score of 9.8/10. The information was reported by SecurityWeek. ### Meeting Takeaways – **Subject**: Zero-Day Exploit in FortiManager – **Vendor**: Fortinet – **Issue**: Confirmation of zero-day exploits affecting a remote … Read more
October 23, 2024 at 02:08PM The North Korean Lazarus hacking group exploited a Google Chrome zero-day (CVE-2024-4947) through a fake DeFi game, targeting cryptocurrency users. Discovered by Kaspersky on May 13, 2024, the exploit gained access to sensitive data. Google issued a fix by May 25, 2024, addressing the vulnerability. ### Meeting Takeaways: **Incident Overview:** … Read more
October 20, 2024 at 09:07PM APT37, a North Korea-backed group, exploited a zero-day vulnerability in Internet Explorer to launch a zero-click attack on South Korean targets via a compromised ad program, delivering malware instead of ads. The malware is known as RokRAT, and Microsoft has since patched the vulnerability. Legacy applications remain at risk. ### … Read more