Tag: CVE

APT40 Attacks Detection: People’s Republic of China State-Sponsored Hackers Rapidly Exploit Newly Revealed Vulnerabilities for Cyber-Espionage
APT40 Attacks Detection: People’s Republic of China State-Sponsored Hackers Rapidly Exploit Newly Revealed Vulnerabilities for Cyber-Espionage

The latest advisory issued by law enforcement agencies within Australia, the U.S., Canada, Germany, the U.K., New Zealand, South Korea, and Japan, warns of the growing threat posed by APT40 operated on behalf of Beijing’s Ministry of State Security (MSS). Specifically, the advisory details the activities of the People’s Republic of China state-sponsored group able […]

Read More
CVE-2024-5806 Detection: A New Authentication Bypass Vulnerability in Progress MOVEit Transfer Under Active Exploitation
CVE-2024-5806 Detection: A New Authentication Bypass Vulnerability in Progress MOVEit Transfer Under Active Exploitation

The cyber threat landscape in June is heating up, largely due to the disclosure of new vulnerabilities, such as CVE-2024-4577  and CVE-2024-29849. Researchers have identified a novel critical improper authentication vulnerability in Progress MOVEit Transfer tracked as CVE-2024-5806, which has already been under active exploitation in the wild a couple of hours after its discovery.  […]

Read More
UNC3886: Novel China-Nexus Cyber-Espionage Threat Actor Exploits Fortinet & VMware Zero-Days, Custom Malware for Long-Term Spying
UNC3886: Novel China-Nexus Cyber-Espionage Threat Actor Exploits Fortinet & VMware Zero-Days, Custom Malware for Long-Term Spying

In Q1 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and russia demonstrated significantly enhanced and innovative offensive capabilities to proceed with sophisticated cyber-espionage campaigns. This surge in activity has posed considerable challenges to the global cybersecurity landscape. Recently, security experts revealed the activity of the China-linked Velvet Ant group infiltrating F5 […]

Read More
CVE-2024-4577 Detection: A New Easy-to-Exploit PHP Vulnerability Could Lead to RCE
CVE-2024-4577 Detection: A New Easy-to-Exploit PHP Vulnerability Could Lead to RCE

Hot on the heels of the disclosure of CVE-2024-29849 and its PoC release, another security flaw is creating a buzz in the cyber threat landscape. Successful exploitation of CVE-2024-4577, which affects Windows-based PHP servers, could lead to RCE. The security bug is a CGI argument injection vulnerability that impacts all versions of PHP on the […]

Read More
FlyingYeti Campaign Detection: russian Hackers Exploit CVE-2023-38831 to Deliver COOKBOX Malware in Ongoing Attacks Against Ukraine
FlyingYeti Campaign Detection: russian Hackers Exploit CVE-2023-38831 to Deliver COOKBOX Malware in Ongoing Attacks Against Ukraine

In mid-April 2024, CERT-UA warned defenders of repeated adversary attempts to compromise Ukrainian organizations using COOKBOX malware. Defenders observed the ongoing phishing campaign targeting Ukraine and took measures to disrupt the offensive attempts. The identified russia-linked malicious activity is tracked under the moniker FlyingYeti and overlaps with the UAC-0149 operation covered in the CERT-UA#9522 alert. […]

Read More
CVE-2024-24919 Detection: Zero-Day Vulnerability Actively Exploited for In-the-Wild Attacks Against Check Point’s VPN Gateway Products
CVE-2024-24919 Detection: Zero-Day Vulnerability Actively Exploited for In-the-Wild Attacks Against Check Point’s VPN Gateway Products

There is a growing interest among hacking collectives in exploiting remote-access VPN environments by commony abusing zero-day vulnerabilities as entry points and attack vectors into enterprises. A novel critical zero-day vulnerability in Check Point Network Security gateway products tracked as CVE-2024-24919 has hit the headlines. Since April 2024, the flaw has been exploited in in-the-wild […]

Read More
CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise
CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise

Defenders have disclosed critical cybersecurity issues in F5’s Next Central Manager, which are tracked as CVE-2024-21793 and CVE-2024-26026, giving potential adversaries the green light to seize control over the impacted installation. Upon successful exploitation, hackers can create accounts on any F5 assets to establish persistence and perform further malicious activities. Detecting CVE-2024-21793 & CVE-2024-26026 Exploits […]

Read More
CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations
CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations

While CVE-2024-21111 exploitation risks have been a serious concern for organizations leveraging Oracle Virtualbox software, another critical vulnerability has been hitting the headlines. CrushFTP has recently reported a novel largely exploited zero-day vulnerability impacting the servers. The maximum severity flaw tracked as CVE-2024-4040 can be weaponized in a series of in-the-wild attacks against organizations in […]

Read More
CVE-2024-21111 Detection: A New Critical Local Privilege Escalation Vulnerability in Oracle VirtualBox with the PoC Exploit Released
CVE-2024-21111 Detection: A New Critical Local Privilege Escalation Vulnerability in Oracle VirtualBox with the PoC Exploit Released

A new vulnerability assigned CVE-2024-21111 was recently discovered in Oracle Virtualbox, a widespread open-source virtualization software. The uncovered critical Oracle VirtualBox vulnerability enables adversaries to escalate privileges to NT AUTHORITY\SYSTEM via Symbolic Link, with its exploitation potentially leading to either arbitrary file deletion or arbitrary file movement. Detect CVE-2024-21111 Exploitation Attempts With the exponential rise […]

Read More
CVE-2024-3400 Detection: A Maximum Severity Command Injection PAN-OS Zero-Day Vulnerability in GlobalProtect Software
CVE-2024-3400 Detection: A Maximum Severity Command Injection PAN-OS Zero-Day Vulnerability in GlobalProtect Software

A novel command injection zero-day vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software hits the headlines. The highly critical flaw, identified as CVE-2024-3400, has been already exploited in a series of attacks in the wild. Detect CVE-2024-3400 Exploitation Attempts The number of vulnerabilities weaponized for in-the-wild attacks increases tremendously on a yearly […]

Read More