enterprise

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it […]

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Attackers are probing Check Point Remote Access VPN devices

Attackers are probing Check Point Remote Access VPN devices 2024-05-28 at 12:46 By Zeljka Zorz Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use that access to discover and pivot to other enterprise assets

Attackers are probing Check Point Remote Access VPN devices Read More »

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) 2024-05-22 at 11:46 By Zeljka Zorz Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitation and

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) Read More »

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) 2024-05-20 at 14:02 By Zeljka Zorz Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly MobileIron Core) is used by enterprises to

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) Read More »

US exposes scheme enabling North Korean IT workers to bypass sanctions

US exposes scheme enabling North Korean IT workers to bypass sanctions 2024-05-17 at 14:46 By Zeljka Zorz The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean IT workers work remotely for US companies under assumed US identities

US exposes scheme enabling North Korean IT workers to bypass sanctions Read More »

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) 2024-05-08 at 16:31 By Zeljka Zorz Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) 2024-04-23 at 13:01 By Zeljka Zorz A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) Read More »

Ernst & Young taps ZK-proofs on Ethereum to automate contracts

Ernst & Young taps ZK-proofs on Ethereum to automate contracts 2024-04-18 at 06:01 By Cointelegraph by Brayden Lindrea EY said it chose Ethereum instead of a private network as it is cheaper, more confidential and prevents a party from gaining a “strategic advantage” over another. This article is an excerpt from Cointelegraph.com News View Original

Ernst & Young taps ZK-proofs on Ethereum to automate contracts Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access 2024-04-15 at 14:46 By Zeljka Zorz Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access Read More »

New covert SharePoint data exfiltration techniques revealed

New covert SharePoint data exfiltration techniques revealed 2024-04-10 at 18:10 By Zeljka Zorz Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data

New covert SharePoint data exfiltration techniques revealed Read More »

Ivanti vows to transform its security operating model, reveals new vulnerabilities

Ivanti vows to transform its security operating model, reveals new vulnerabilities 2024-04-04 at 16:02 By Zeljka Zorz Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months

Ivanti vows to transform its security operating model, reveals new vulnerabilities Read More »

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

Apps secretly turning devices into proxy network nodes removed from Google Play

Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that

Apps secretly turning devices into proxy network nodes removed from Google Play Read More »

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

Scroll to Top