Security News

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
2024-04-18 11:59

The newest version of Ivanti Avalanche - the company's enterprise mobile device management solution - carries fixes for 27 vulnerabilities, two of which are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. Both critical vulnerabilities are heap overflow bugs: CVE-2024-29204 is in the WLAvalancheService, and CVE-2024-24996 in the WLInfoRailService component of Ivanti Avalanche before v6.4.3, and may allow unauthenticated remote attackers to execute arbitrary commands on vulnerable systems.

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
2024-04-16 16:36

A vulnerability in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the "Heavily biased" ECDSA nonces, researchers have discovered. According to PuTTY maintainers, 521-bit ECDSA is the only affected key type.

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks
2024-04-12 19:05

Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability in the company's firewalls has been exploited in limited attacks and has urged customers with vulnerable devices to quickly implement mitigations and workarounds. Palo Alto Networks' Unit 42 and Volexity have now released threat briefs with more information about the attacks, threat hunting queries, YARA rules, and indicators of compromise.

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)
2024-04-12 07:32

Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks' firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised."Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," they said, and thanked Volexity researchers for flagging the issue.

Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
2024-04-09 19:27

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild. Microsoft has fixed 24 vulnerabilities that may allow attackers to bypass Windows Secure Boot, a security feature that aims to prevent malware from loading when PCs boot up.

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)
2024-04-08 09:00

A vulnerability in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found.The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive shell has popped up on GitHub.

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
2024-03-29 18:21

A vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns. The cause of the vulnerability is actually malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
2024-03-28 10:20

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable...

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
2024-03-27 11:02

Attackers are leveraging a vulnerability in Anyscale's Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells."We observed hundreds of compromised clusters in the past three weeks alone. Each cluster uses a public IP address, and most clusters contain hundreds to thousands of servers. There are hundreds of servers that are still vulnerable and exposed."

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
2024-03-20 18:47

Ivanti has fixed a critical RCE vulnerability in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. The vulnerability affects all supported version of Ivanti Standalone Sentry as well as older, unsupported ones.