The Record from Recorded Future News’ Post

Since March 26, suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls, known as CVE-2024-3400. This flaw allows attackers to breach internal networks, steal data, and credentials. Palo Alto Networks, after detecting active exploitation, warned users and planned to release patches on April 14. Volexity, the group that discovered the vulnerability, revealed more details, suggesting state-sponsored involvement. The flaw affects the GlobalProtect feature, allowing attackers to create a backdoor for further network access. Exploitation began in March, with attackers installing custom backdoors, such as 'Upstyle,' to execute commands and steal sensitive data, like Active Directory databases and browser files. Volexity outlined methods to detect compromised devices and emphasized the increasing targeting of network devices for cyber espionage. https://lnkd.in/ezzNvAZA

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure. A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178. There is evidence to suggest that the VPN appliance may have been compromised as early as December 3, 2023. https://lnkd.in/erWiQAs6?

Researchers from cybersecurity firm GreyNoise have identified exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8), affecting all D-Link DIR-859 WiFi routers. This path traversal vulnerability poses a significant risk, leading to information disclosure. Threat actors are leveraging this flaw to gather account details, including user passwords, from the vulnerable routers. The vendor has declared that the DIR-859 router family has reached its End of Life ("EOL") / End of Service Life ("EOS") cycle, indicating that addressing this vulnerability might not be prioritized. https://lnkd.in/eA6Pabiz

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769: Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers. The vulnerability is a path traversal issue that can lead to information disclosure. Threat actors are exploiting the […]

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign: Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or

#informationsecurity #itsecurity #cybersecurity #cybersecurityawareness #patchmanagement #vulnerabilitymanagement Despite initial mitigations, attackers bypassed defenses, compromising even the device's configuration files, leading Ivanti to postpone its firmware patches, scheduled for January 22, to address the sophisticated threat. Due to the situation with active exploitation of multiple critical zero-day vulnerabilities, lack of effective mitigations, and lack of security updates for some of the impacted product versions, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has ordered federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances. https://lnkd.in/eRZDSgwP

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893): CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted resources on vulnerable solutions. It affects the SAML component of: Ivanti Connect Secure (9.x, 22.x) Ivanti Policy Secure (9.x, 22.x) Ivanti Neurons for ZTA (SaaS-delivered zero trust network access solution) Its existence, along with that … More → The post Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) appeared first on Help Net Security. #HelpNetSecurity #Cybersecurity

Ivanti publishes urgent warning about new vulnerability. Why it matters: 1. The discovery of a new vulnerability affecting Ivanti's software products accentuates the increasing difficulty companies face in securing their digital infrastructure. Applying immediate patches is critical to protect restricted resources from unauthorized access. 2. The continuous discovery of vulnerabilities and irregular patch releases in Ivanti's software could lead to customer backlash, undermining the company's credibility in the cybersecurity landscape — a trust crisis that may extend to other companies using outdated components. 3. With Ivanti's products used by numerous government agencies worldwide, the persistent issues raise concerns about state agencies' cyber defenses, suggesting an urgent need to transition to secure, updated tools and increase vigilance against potential cyber attacks. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/enzaAZ5b

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall. "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled," the company clarified in its updated advisory. https://lnkd.in/gfXBFktW #CyberSecurity #PaloAlto #hotfixes

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893): CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted resources on vulnerable solutions. It affects the SAML component of: Ivanti Connect Secure (9.x, 22.x) Ivanti Policy Secure (9.x, 22.x) Ivanti Neurons for ZTA (SaaS-delivered zero trust network access solution) Its existence, along with that … More → The post Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) appeared first on Help Net Security. @Poseidon-US #HelpNetSecurity #Cybersecurity