Security News

Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities affecting F5's BIG-IP Next Central Manager. BIG-IP Next Central Manager allows users to centrally control their BIG-IP Next instances and services.

The US Cybersecurity and Infrastructure Agency has announced the creation of "Vulnrichment," a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database's recent slowdown. Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities to the database, after analyzing public data about them to "Enrich" each entry with impact metrics, vulnerability types, applicability statements, links to security advisories, and more.

Researchers have brought to light a new attack method - dubbed TunnelVision and uniquely identified as CVE-2024-3661 - that can be used to intercept and snoop on VPN users' traffic by attackers who are on the same local network. "Luckily, most users who use commercial VPNs are sending web traffic which is mostly HTTPS. HTTPS traffic looks like gibberish to attackers using TunnelVision, but they know who you are sending that gibberish to which can be an issue," the researchers noted.

Veeam has patched a high-severity vulnerability in Veeam Service Provider Console and is urging customers to implement the patch. Veeam Service Provider Console is a cloud platform used by managed services providers and enterprises to manage and monitor data backup operations.

Patch network security isn't applicable in the same way for cloud environments, and few cloud providers assign Common Vulnerabilities and Exposures identifiers to vulnerabilities. For vulnerability management teams who talk exclusively in this CVE-based construct, the lack of CVEs in cloud services is a significant challenge.

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are "Not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability." On April 12, Palo Alto Networks warned about limited attacks against internet-exposed firewalls, likely by a state-backed threat actor, who managed to install backdoors, grab sensitive data, and move laterally through target organizations' networks.

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday."On a compromised ASA, the attackers submit shellcode via the host-scan-reply field, which is then parsed by the Line Dancer implant. The host-scan-reply field, typically used in later parts of the SSL VPN session establishment process, is processed by ASA devices configured for SSL VPN, IPsec IKEv2 VPN with 'client-services' or HTTPS management access," the researchers explained.

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.

For nearly four years and perhaps even longer, Forest Blizzard has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service. Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more.

A vulnerability in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. According to Censys, there are currently 9,600+ publicly-exposed CrushFTP hosts, mostly in North America and Europe.