Salman Hussain’s Post

Yet another reminder that there's no such thing as a 100% secure solution. It's crucial to integrate EDR, deploy WAFs, and consistently follow security best practices to stay ahead of potential threats https://lnkd.in/dQ9u9Xs3

Palo Alto Networks has disclosed a critical security flaw, CVE-2024-3400, in PAN-OS that is actively being exploited. The flaw allows unauthenticated remote command execution when two bugs are combined. Threat actor UTA0218 carried out a two-stage attack called Operation MidnightEclipse using a backdoor called UPSTYLE. Patches have been released, and users are urged to apply them immediately. The U.S. CISA has added the vulnerability to its Known Exploited Vulnerabilities list, and around 22,542 internet-exposed firewall devices are estimated to be affected. #soc #socanalyst #securityoperationscenter #cybersecurityanalyst #paloAlto #cybersecuritynews #malware #cyberattacks #micorsoft #vulnerability #securityawareness #Cisco #redteam #blueteam #applenews #googlecybersecurity #google #apple #ios #osint

14 new vulnerabilities allow for actors to potentially hijack and pilot DreyTek routers to include things like buffer overflow vulnerabilities, XSS attacks, Ransomware lateral movement, stack overflows. Two of the 14 vulnerabilites have been given the highest CVSS score of 10/10, those two being the buffer overflow concern and a command injection exploit. The base software contained in the router that allows for user / web interfacing is what is providing the gateway for these vulnerabilities that affect over 704,000 routers, with most of the incidents of router tampering occurring in the US. Patches have been released for these vulnerabilities including equipment that might be nearing EOL. There is a catch however: the software needed to download these patches uses the malicious software in some instances. Forescout Vedere Labs, the ones responsible for identifying the issues, recommends that users disable SSH and RDP functionality of your devices while patching the system. #LetsBeCarefulOutThere #csc270 https://lnkd.in/eHf5eGin

🚨Attention!🚨 SolarWinds Serv-U Vulnerability: CVE-2024-28995 Threat actors are actively exploiting a high-severity path traversal vulnerability (CVE-2024-28995) in SolarWinds Serv-U. Using publicly available PoC exploits, they can read arbitrary files from the filesystem via specially crafted HTTP GET requests. This vulnerability affects the following products: Serv-U FTP Server 15.4 Serv-U Gateway 15.4 Serv-U MFT Server 15.4 Serv-U File Server 15.4.2.126 and earlier Rapid7 and independent researchers have demonstrated the simplicity of exploiting this flaw. GreyNoise reported that attackers are using various strategies to target this vulnerability. 🌟 Urgent Action: SolarWinds has released 15.4.2 Hotfix 2 to address this issue. It is critical for system administrators to apply these updates immediately. #cybersecurity #SolarWinds #infosec #vulnerability #CVE202428995 https://lnkd.in/deMn3-UV

“A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.     The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.     "The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," JetBrains said in an advisory released Monday.”    The security flaws in JetBrains TeamCity On-Premises software could potentially lead to unauthorized access and control of impacted systems. Considering how JetBrains TeamCity was targeted last year by North Korean and Russian threat actors, users are advised to update their servers immediately.     Learn more about the news article and comment your thoughts below! https://lnkd.in/gZR6dMMr     #cybertronium #cybertroniummalaysia #vulnerability #networksecurity 

Threat actors are actively exploiting a #SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. Although the attacks do not appear particularly sophisticated, the observed activity underscores the risk posed by unpatched endpoints, emphasizing the urgent need for administrators to apply the security updates. The CVE-2024-28995 flaw The vulnerability, CVE-2024-28995, is a high-severity directory traversal flaw, allowing unauthenticated attackers to read arbitrary files from the filesystem by crafting specific HTTP GET requests. #cybersecurity #vulnerability #patched

Latest Fortinet Vulnerability you need to address Today! Here is a list of the vulnerabilities along with their details and comments: CVE-2023-45590: Critical-severity vulnerability impacting FortiClient Linux, with a severity score of 9.4 out of 10.0. This vulnerability could enable remote code execution, allowing an unauthenticated attacker to execute arbitrary code via tricking a FortiClient Linux user into visiting a malicious website. CVE-2023-41677: High-severity vulnerability affecting FortiOS and FortiProxy, where credentials are insufficiently protected against theft in numerous versions of the systems. This flaw may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN. CVE-2023-45588 and CVE-2024-31492: High-severity vulnerabilities in FortiClientMac, involving a lack of configuration file validation. These vulnerabilities could potentially be exploited to execute arbitrary code or perform other malicious actions. Fortinet has not specified whether any of these vulnerabilities have been exploited in attacks. It is advisable for users of the affected products to apply patches or follow any mitigation guidance provided by Fortinet to protect against potential exploitation. Please read full article and make sure you have patched these in your FortiGate Environment. Here is the full article : https://lnkd.in/g5chFTju

A critical security regression was discovered in OpenSSH's server (sshd).  The vulnerability, CVE-2024-6387, is a race condition that can allow an unauthenticated, remote attacker to execute arbitrary code as root. The flaw was initially patched in 2006 (CVE-2006-5051) but was reintroduced in 2020.  While the ubiquity of the target poses a significant risk, exploitation can require 8 hours and 10,000 authentication attempts according to Kaspersky researchers.  https://lnkd.in/efZp5NAk

"One of the primary weaknesses remains open source software (OSS). It is attractive to attackers because it is used by everyone and is ubiquitous — and the log4j incident demonstrates its reach." Insights from our VP of Security Research Erez Yalon on the current state of #softwaresupplychain threats in a SecurityWeek article by Kevin Townsend https://lnkd.in/gM7P2qB7  #CheckmarxSecurity #opensourcesecurity #applicationsecurity

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204): The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. “We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure,” the company said on Wednesday. CVE-2024-29204 and CVE-2024-24996 Both critical vulnerabilities are heap overflow bugs: … More → The post Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) appeared first on Help Net Security. #HelpNetSecurity #Cybersecurity