Vulnerebility Blog News(408)- 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
|
2.11.24 | Attacker Abuses Victim Resources to Reap Rewards from Titan Network | In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. | Vulnerebility blog | |
|
2.11.24 | Command Injection and Local File Inclusion in Grafana: CVE-2024-9264 | The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce charts, graphs and alerts according to the data. | Vulnerebility blog | SonicWall |
|
2.11.24 | Code Injection in Spring Cloud: CVE-2024-37084 | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
|
2.11.24 | VMWare vCenter Server CVE-2024-38812 DCERPC Vulnerability | CVE-2024-38812 is a critical heap-overflow vulnerability identified in VMware vCenter Server’s implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted packets, potentially leading to remote code execution (RCE). The vulnerability, classified under CWE-122 (Heap-based Buffer Overflow), arises when memory allocated in the heap is improperly overwritten, leading to unpredictable behavior that could be exploited. | Vulnerebility blog | SonicWall |
|
2.11.24 | Insecure Deserialization in Veeam Backup and Replication: CVE-2024-40711 | The SonicWall Capture Labs threat research team became aware of an insecure deserialization vulnerability in Veeam Backup & Replication, assessed its impact and developed mitigation measures. Veeam Backup & Replication is a proprietary backup app developed by Veeam for virtual environments built on VMware vSphere, Nutanix AHV and Microsoft Hyper-V hypervisors. | Vulnerebility blog | SonicWall |
|
2.11.24 | NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities | Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of | Vulnerebility blog | Cisco Blog |
|
2.11.24 | Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project | Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. | Vulnerebility blog | Cisco Blog |
|
2.11.24 | Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities | The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. | Vulnerebility blog | Cisco Blog |
|
2.11.24 | Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks | Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? | Vulnerebility blog | Checkpoint |
|
2.11.24 | From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code | In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. | Vulnerebility blog | Project Zero |
|
2.11.24 | The Windows Registry Adventure #4: Hives and the registry layout | To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system | Vulnerebility blog | Project Zero |
|
2.11.24 | Effective Fuzzing: A Dav1d Case Study | Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. | Vulnerebility blog | Project Zero |
21.9.24 | Vulnerabilities in Cellular Packet Cores Part IV: Authentication | Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC), both of which have now been resolved and are discussed in this blog post. | Vulnerebility blog | |
21.9.24 | Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones | Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-20017 is a critical zero-click vulnerability with a CVSS 3.0 score | Vulnerebility blog | SonicWall |
14.9.24 | Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities | In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671. | Vulnerebility blog | |
14.9.24 | Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers | While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from threat actors to achieve their motives, such as crypto mining, data exfiltration and backdoor installation | Vulnerebility blog | |
14.9.24 | Vulnerability in Tencent WeChat custom browser could lead to remote code execution | While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor. | Vulnerebility blog | |
14.9.24 | Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API | CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. | Vulnerebility blog | |
14.9.24 | Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score | September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. | Vulnerebility blog | |
7.9.24 | CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon | Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon | Vulnerebility blog | SonicWall |
31.8.24 | Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem | A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. | ||
31.8.24 | CVE-2024-7928: FastAdmin Unauthenticated Path Traversal Vulnerability | The SonicWall Capture Labs threat research team became aware of an unauthenticated directory traversal vulnerability affecting FastAdmin installations. Identified as CVE-2024-7928 and with a moderate score of 5.3 CVSSv3, the vulnerability is more severe than it initially appears. | ||
31.8.24 | The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks | Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment. | ||
31.8.24 | Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. | |||
31.8.24 | Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case | This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. | ||
31.8.24 | Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver | This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. | ||
31.8.24 | Analysis of two arbitrary code execution vulnerabilities affecting WPS Office | |||
24.8.24 | Cisco Smart Software Manager On-Prem Account Takeover | The SonicWall Capture Labs threat research team became aware of an account takeover vulnerability in Cisco’s Smart Software Manager (SSM), assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
24.8.24 | Understanding CVE-2024-38063: How SonicWall Prevents Exploitation | CVE-2024-38063 is a critical remote code execution vulnerability in Windows systems with the IPv6 stack, carrying a CVSS score of 9.8. This zero-click, wormable flaw allows attackers to execute arbitrary code remotely via specially crafted IPv6 packets, potentially leading to full system compromise. | Vulnerebility blog | SonicWall |
10.8.24 | SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability | The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. | Vulnerebility blog | |
10.8.24 | Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 | Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 | Vulnerebility blog | |
10.8.24 | Protect Your Network: Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold | The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues in the infrastructure by utilizing its intuitive workflows and system integrations. | Vulnerebility blog | SonicWall |
3.8.24 | GeoServer RCE Vulnerability (CVE-2024-36401) Being Exploited In the Wild | The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in GeoServer, assessed its impact and developed mitigation measures. GeoServer is a community-driven project that allows users to share and edit geospatial data | Vulnerebility blog | |
3.8.24 | Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-28747, a vulnerability in SmartPLC devices, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | |
3.8.24 | There is no real fix to the security issues recently found in GitHub and other similar software | The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. | Vulnerebility blog | Cisco Blog |
27.7.24 | The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 | We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. | ||
27.7.24 | Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads | The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe than it initially appeared. | ||
20.7.24 | CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched. | Vulnerebility blog | Trend Micro |
20.7.24 | The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 | We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. | Vulnerebility blog | Trend Micro |
20.7.24 | Container Breakouts: Escape Techniques in Cloud Environments | Container escapes are a notable security risk for organizations, because they can be a critical step of an attack chain that can allow malicious threat actors access. We previously published one such attack chain in an article about a runC vulnerability. | Vulnerebility blog | Palo Alto |
13.7.24 | Microsoft Security Bulletin Coverage for July 2024 | Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
13.7.24 | Adobe Commerce Unauthorized XXE Vulnerability | The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation. | Vulnerebility blog | SonicWall |
13.7.24 | RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112) | Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. | Vulnerebility blog | Checkpoint |
13.7.24 | 15 vulnerabilities discovered in software development kit for wireless routers | Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. | Vulnerebility blog | Cisco Blog |
13.7.24 | Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities | This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. | Vulnerebility blog | Cisco Blog |
6.7.24 | High-Risk Path Traversal in SolarWinds Serv-U | The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 29.6.24 | Multiple vulnerabilities in TP-Link Omada system could lead to root access | Affected devices could include wireless access points, routers, switches and VPNs. | Vulnerebility blog | Cisco Blog |
| 15.6.24 | Microsoft Security Bulletin Coverage for June 2024 | Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2024 and has produced coverage for seven of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 15.6.24 | Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) | The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. | Vulnerebility blog | SonicWall |
| 15.6.24 | Only one critical issue disclosed as part of Microsoft Patch Tuesday | The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. | Vulnerebility blog | Cisco Blog |
| 8.6.24 | Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) | The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears | Vulnerebility blog | SonicWall |
1.6.24 | Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges | Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. | Vulnerebility blog | Cisco Blog |
18.5.24 | Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core | The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. | Vulnerebility blog | Cisco Blog |
18.5.24 | A new alert system from CISA seems to be effective — now we just need companies to sign up | Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog. | Vulnerebility blog | Cisco Blog |
11.5.24 | Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution | Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. | Vulnerebility blog | Cisco Blog |
| 4.5.24 | Vulnerabilities in employee management system could lead to remote code execution, login credential theft | Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files. | Vulnerebility blog | Cisco Blog |
| 20.4.24 | The Windows Registry Adventure #2: A brief history of the feature | Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values", used by Windows and applications to store a variety of settings and configuration data. | Vulnerebility blog | Project Zero |
| 20.4.24 | The Windows Registry Adventure #1: Introduction and research results | In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. | Vulnerebility blog | Project Zero |
| 13.4.24 | Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 | Palo Alto Networks and Unit 42 are engaged in tracking activity related to CVE-2024-3400 and are working with external researchers, partners and customers to share information transparently and rapidly. | Vulnerebility blog | Palo Alto |
| 13.4.24 | Vulnerability in some TP-Link routers could lead to factory reset | There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11. | Vulnerebility blog | Cisco Blog |
| 31.3.24 | Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094) | On March 28, 2024, Red Hat Linux announced CVE-2024-3094 with a critical CVSS score of 10. This vulnerability is a result of a supply chain compromise impacting the versions 5.6.0 and 5.6.1 of XZ Utils. XZ Utils is data compression software included in major Linux distributions. | Vulnerebility blog | Palo Alto |
| 31.3.24 | Exposing a New BOLA Vulnerability in Grafana | Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. | Vulnerebility blog | Palo Alto |
| 23.3.24 | Netgear wireless router open to code execution after buffer overflow vulnerability | There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. | Vulnerebility blog | Cisco Blog |
| 23.3.24 | Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word | Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution. | Vulnerebility blog | Cisco Blog |
| 23.3.24 | Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft | March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.” | Vulnerebility blog | Cisco Blog |
| 9.3.24 | MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES | Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published. | Vulnerebility blog | Checkpoint |
| 2.3.24 | Vulnerabilities in business VPNs under the spotlight | As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk | Vulnerebility blog | Eset |
| 25.2.24 | Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) | Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust Center. | Vulnerebility blog | Palo Alto |
| 25.2.24 | How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity | While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. | Vulnerebility blog | Cisco Blog |
| 18.2.24 | New Vulnerability in QNAP QTS Firmware: CVE-2023-50358 | This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices. | Vulnerebility blog | Palo Alto |
| 18.2.24 | Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe | Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals | Vulnerebility blog | Eset |
| 10.2.24 | OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges | Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve | Vulnerebility blog | Cisco Blog |