Nostr notes by Not Simon 🐐

Happy #PatchTuesday from Google Chrome: [Stable Channel ...

2025-02-12T19:07:26Z

In reply to nevent1q…3ufx
_________________________

Happy #PatchTuesday from **Google Chrome**: [Stable Channel Update for Desktop](https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html )
Chrome 133.0.6943.98/.99 for Windows, Mac and 133.0.6943.98 for Linux has 4 security fixes, all 4 were externally reported:<li>CVE-2025-0995 (high) Use after free in V8</li><li>CVE-2025-0996 (high) Inappropriate implementation in Browser UI</li><li>CVE-2025-0997 (high) Use after free in Navigation</li><li>CVE-2025-0998 (high) Out of bounds memory access in V8</li>

No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#chrome #google #cve #vulnerability #infosec #cybersecurity

Happy #PatchTuesday from CrowdStrike: [CVE 2025-1146 - ...

2025-02-12T19:04:52Z

In reply to nevent1q…2dge
_________________________

Happy #PatchTuesday from **CrowdStrike**: [CVE 2025-1146 - CrowdStrike Falcon Sensor for Linux TLS Issue](https://www.crowdstrike.com/security-advisories/cve-2025-1146/ )
[CVE-2025-1146](https://www.cve.org/CVERecord?id=CVE-2025-1146 ) CrowdStrike Falcon Sensor for Linux TLS Issue:

> CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validation. This could allow an attacker with the ability to control network traffic to potentially conduct a man-in-the-middle (MiTM) attack.

> CrowdStrike has no indication of any exploitation of this issue in the wild.

I want to note that ClownStrike does not have a date or timestamp on their security advisory. 🤡 h/t: cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008)

#crowdstrike #crowdstrikefalcon #CVE_2025_1146 #cve #vulnerability #infosec #cybersecurity

Assetnote: [Nginx/Apache Path Confusion to Auth Bypass in ...

2025-02-12T18:35:46Z

In reply to nevent1q…vn4j
_________________________

**Assetnote**: [Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)](https://www.assetnote.io/resources/research/nginx-apache-path-confusion-to-auth-bypass-in-pan-os )
If I'm reading this correctly, Assetnote dropped vulnerability details and proof of concept for [CVE-2025-0108](https://www.cve.org/CVERecord?id=CVE-2025-0108 ) (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface. They are describing this as a zero-day auth bypass, but it should be called "patch bypass." See related PAN [security advisory](https://security.paloaltonetworks.com/CVE-2025-0108 ).

Fun operational mistake: Assetnote wrote This vulnerability was fixed in versions xx and yy and assigned CVE zz. in their conclusion.

#paloaltonetworks #CVE_2025_0108 #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

Happy #PatchTuesday from Palo Alto Networks (LIKELY ...

2025-02-12T17:49:45Z

In reply to nevent1q…tzyv
_________________________

Happy #PatchTuesday from **Palo Alto Networks** (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only) <li><a href="https://security.paloaltonetworks.com/CVE-2025-0113"; target="_blank" rel="nofollow noopener">CVE-2025-0113</a> (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers</li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0112"; target="_blank" rel="nofollow noopener">CVE-2025-0112</a> (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent</li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0110"; target="_blank" rel="nofollow noopener">CVE-2025-0110</a> (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin<ul><li>Exploit Maturity: POC 🤔</li></ul></li><li><a href="https://security.paloaltonetworks.com/PAN-SA-2025-0005"; target="_blank" rel="nofollow noopener">PAN-SA-2025-0005</a> GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN</li><li><a href="https://security.paloaltonetworks.com/PAN-SA-2025-0004"; target="_blank" rel="nofollow noopener">PAN-SA-2025-0004</a> Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)</li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0109"; target="_blank" rel="nofollow noopener">CVE-2025-0109</a> (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface<ul><li>Exploit Maturity: POC 🤔</li></ul></li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0111"; target="_blank" rel="nofollow noopener">CVE-2025-0111</a> (7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface</li>

> Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

> Based on threat intelligence sources each of the following must apply:<li>Proof-of-concept is publicly available</li><li>No knowledge of reported attempts to exploit this vulnerability</li><li>No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability</li>

#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

Happy #PatchTuesday with GitLab: [GitLab Patch Release: ...

2025-02-12T12:36:02Z

In reply to nevent1q…qx9r
_________________________

Happy #PatchTuesday with **GitLab**: [GitLab Patch Release: 17.8.2, 17.7.4, 17.6.5](https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/ )
8 CVEs (1 high severity, 7 medium). At a *glance*, no mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#gitlab #cve #vulnerability #infosec #cybersecurity

RE: Fortinet's CVE-2024-24472 Bleeping Computer: ...

2025-02-12T03:36:29Z

In reply to nevent1q…4d8a
_________________________

RE: Fortinet's CVE-2024-24472
**Bleeping Computer**: [Fortinet discloses second firewall auth bypass patched in January](https://www.bleepingcomputer.com/news/security/fortinet-discloses-second-firewall-auth-bypass-patched-in-january/ )

> Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January.

cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008) I called it 💪 Not a zero-day.

#fortinet #cve #infosec #cybersecurity #vulnerability

subtoot about Fortinet zero-day. Those infosec publications are ...

2025-02-11T23:27:35Z

In reply to nevent1q…rffa
_________________________

subtoot about Fortinet zero-day. Those infosec publications are running WILD calling it an exploited zero-day (complete with a backstory) with absolutely no evidence. Are we reading the same security advisory? What the fuck are you guys conjuring up and extrapolating from 2025-02-11: Added CVE-2025-24472 and its acknowledgement?

EDIT: You've heard of "patch-diffing." Get ready for *advisory-diffing*:
https://web.archive.org/web/20250114161659/https://fortiguard.fortinet.com/psirt/FG-IR-24-535 (14 January 2025)
versus https://fortiguard.fortinet.com/psirt/FG-IR-24-535 (11 February 2025):<li>An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module <code>or via crafted CSF proxy requests.</code></li><li>Follow the recommended upgrade path using our tool at: <del><a href="https://docs.fortinet.com/upgrade-tool"; target="_blank" rel="nofollow noopener" translate="no">https://docs.fortinet.com/upgrade-tool</a></del> <code>https://docs.fortinet.com/upgrade-tool</code></li><li>Please note that the above IP parameters are <del>under attacker control and therefore can be any other IP address.</del> <code>not the actual source IP addresses of the attack traffic, they are generated arbitrarily by the attacker as a parameter. Because of this they should not be used for any blocking.</code></li><li>edit 2set intf "<del>all</del><code>any</code>"</li><li><code>Please note as well that an attacker needs to know an admin account's username to perform the attack and log in the CLI. Therefore, having a non-standard and non-guessable username for admin accounts does offer some protection, and is, in general, a best practice. Keep in mind however that the targeted websocket not being an authentication point, nothing would prevent an attacker from bruteforcing the username.</code></li><li><code>CSF requests issue:</code><code>Disable Security Fabric from the CLI:</code><code>Config system csf</code><code>Set status disable</code><code>end</code></li>

Some of these are explained in the changelog, but I wanted to be certain.

Wiz: [How Wiz found a Critical NVIDIA AI vulnerability: Deep ...

2025-02-11T19:39:28Z

**Wiz**: [How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132)](https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132 )
This is an update to a previous blog post from [26 September 2024](https://www.wiz.io/blog/wiz-research-critical-nvidia-ai-vulnerability ). Wiz provides vulnerability details for [CVE-2024-0132](https://www.cve.org/CVERecord?id=CVE-2024-0132 ) (**9.0 critical**) NVIDIA Container Toolkit 1.16.1 or earlier TOCTOU (hehe funny acronym cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008)) which can lead to "code execution, denial of service, escalation of privileges, information disclosure, and data tampering."

> We withheld specific technical details of the vulnerability because the NVIDIA PSIRT team identified that the original patch did not fully resolve the issue. We worked closely with the NVIDIA team to ensure proper mitigation of both the original vulnerability and the bypass. The bypass is tracked under a separate CVE, > [> CVE-2025-23359](https://www.cve.org/CVERecord?id=CVE-2025-23359 )> .

#nvidia #cve #vulnerability #CVE_2024_0132 #CVE_2025_23359 #infosec #cybersecurity

Happy #PatchTuesday: Exploited Fortinet zero-day??? ...

2025-02-11T19:31:08Z

In reply to nevent1q…hjxf
_________________________

Happy #PatchTuesday: Exploited **Fortinet** zero-day??? [FG-IR-24-535](https://fortiguard.fortinet.com/psirt/FG-IR-24-535 )
CVE-2025-24472 (8.1 high) Authentication bypass in Node.js websocket module and CSF requests
If this security advisory looks familiar, that's because it belongs to the previous Fortinet exploited zero-day [CVE-2024-55591](https://www.cve.org/CVERecord?id=CVE-2024-55591 ) (**9.6 critical**) . This was tacked onto the same advisory, with no context other than the changelog:

> 2025-02-11: Added CVE-2025-24472 and its acknowledgement

BleepingComputer (npub1pkr…6763) seems to think it is: [Fortinet warns of new zero-day exploited to hijack firewalls](https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/ ) but I'm skeptical.

#fortinet #infosec #CVE_2024_55591 #vulnerability #cve #CVE_2025_24472 #cybersecurity #eitw #activeexploitation #zeroday

CISA: [CISA Adds Four Known Exploited Vulnerabilities to ...

2025-02-11T19:21:23Z

In reply to nevent1q…49d9
_________________________

**CISA**: [CISA Adds Four Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2025/02/11/cisa-adds-four-known-exploited-vulnerabilities-catalog )<li><a href="https://www.cve.org/CVERecord?id=CVE-2025-21418"; target="_blank" rel="nofollow noopener">CVE-2025-21418</a> (7.8 high) Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2025-21391"; target="_blank" rel="nofollow noopener">CVE-2025-21391</a> (7.1 high) Microsoft Windows Storage Link Following Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-40890"; target="_blank" rel="nofollow noopener">CVE-2024-40890</a> (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-40891"; target="_blank" rel="nofollow noopener">CVE-2024-40891</a> (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability</li>

The Zyxel stuff is not new, but since the Microsoft zero-days are part of #PatchTuesday, I'm including them in this conversation.

#cisa #kev #cisakev #KnownExploitedVulnerabilitiesCatalog #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity #cve

Happy #PatchTuesday from Adobe: <li><a ...

2025-02-11T18:27:49Z

In reply to nevent1q…xjc2
_________________________

Happy #PatchTuesday from **Adobe**: <li><a href="https://helpx.adobe.com/security/products/indesign/apsb25-01.html"; target="_blank" rel="nofollow noopener">APSB25-01</a> Security Update Available for Adobe InDesign (7 CVEs)</li><li><a href="https://helpx.adobe.com/security/products/magento/apsb25-08.html"; target="_blank" rel="nofollow noopener">APSB25-08</a> Security update available for Adobe Commerce (31)</li><li><a href="https://helpx.adobe.com/security/products/substance3d_stager/apsb25-09.html"; target="_blank" rel="nofollow noopener">APSB25-09</a> Security updates available for Substance 3D Stager (1)</li><li><a href="https://helpx.adobe.com/security/products/incopy/apsb25-10.html"; target="_blank" rel="nofollow noopener">APSB25-10</a> Security Update Available for Adobe InCopy (1)</li><li><a href="https://helpx.adobe.com/security/products/illustrator/apsb25-11.html"; target="_blank" rel="nofollow noopener">APSB25-11</a> Security Updates Available for Adobe Illustrator (3)</li><li><a href="https://helpx.adobe.com/security/products/substance3d_designer/apsb25-12.html"; target="_blank" rel="nofollow noopener">APSB25-12</a> Security updates available for Substance 3D Designer (1)</li><li><a href="https://helpx.adobe.com/security/products/photoshop_elements/apsb25-13.html"; target="_blank" rel="nofollow noopener">APSB25-13</a> Security updates available for Adobe Photoshop Elements (1)</li>

> Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

#adobe #cve #indesign #photoshop #incopy #vulnerability #infosec #cybersecurity

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) ...

2025-02-11T18:07:12Z

In reply to nevent1q…guq7
_________________________

Happy #PatchTuesday from **Microsoft**: 4 ZERO-DAYS (2 EXPLOITED) out of 56 new CVEs<li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21377"; target="_blank" rel="nofollow noopener">CVE-2025-21377</a> (6.5 medium) NTLM Hash Disclosure Spoofing Vulnerability (PUBLICLY DISCLOSED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194"; target="_blank" rel="nofollow noopener">CVE-2025-21194</a> (7.1 high) Microsoft Surface Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418"; target="_blank" rel="nofollow noopener">CVE-2025-21418</a> (7.8 high) Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (EXPLOITED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391"; target="_blank" rel="nofollow noopener">CVE-2025-21391</a> (7.1 high) Windows Storage Elevation of Privilege Vulnerability (EXPLOITED)</li>

#microsoft #zeroday #cve #eitw #activeexploitation #vulnerability #infosec #cybersecurity

Happy #PatchTuesday from Fortinet: <li><a ...

2025-02-11T17:45:27Z

In reply to nevent1q…cg8g
_________________________

Happy #PatchTuesday from **Fortinet**: <li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-422"; target="_blank" rel="nofollow noopener">FG-IR-24-422</a> CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-261"; target="_blank" rel="nofollow noopener">FG-IR-23-261</a> CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-300"; target="_blank" rel="nofollow noopener">FG-IR-24-300</a> CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-279"; target="_blank" rel="nofollow noopener">FG-IR-23-279</a> CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-311"; target="_blank" rel="nofollow noopener">FG-IR-24-311</a> CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-063"; target="_blank" rel="nofollow noopener">FG-IR-24-063</a> CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-147"; target="_blank" rel="nofollow noopener">FG-IR-24-147</a> CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-438"; target="_blank" rel="nofollow noopener">FG-IR-24-438</a> CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-220"; target="_blank" rel="nofollow noopener">FG-IR-24-220</a> CVE-2024-40584 (7.2 high) OS command injection in external connector</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-25-015"; target="_blank" rel="nofollow noopener">FG-IR-25-015</a> CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-302"; target="_blank" rel="nofollow noopener">FG-IR-24-302</a> CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-324"; target="_blank" rel="nofollow noopener">FG-IR-23-324</a> CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-160"; target="_blank" rel="nofollow noopener">FG-IR-24-160</a> CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-094"; target="_blank" rel="nofollow noopener">FG-IR-24-094</a> CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data</li>

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

Happy #PatchTuesday from Ivanti: [February Security ...

2025-02-11T15:23:29Z

In reply to nevent1q…xghk
_________________________

Happy #PatchTuesday from **Ivanti**: [February Security Update](https://www.ivanti.com/blog/february-security-update )<li><a href="https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-47908-CVE-2024-11771?language=en_US"; target="_blank" rel="nofollow noopener">Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)</a></li><li><a href="https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-MDM-N-MDM?language=en_US"; target="_blank" rel="nofollow noopener">N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM)</a></li><li><a href="https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US"; target="_blank" rel="nofollow noopener">February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs)</a></li>

> We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.

#Ivanti #ivantiCSA #neurons #connectsecure #cve #vulnerability #infosec #cybersecurity

ElecticIQ: [Sandworm APT Targets Ukrainian Users with ...

2025-02-11T14:38:53Z

**ElecticIQ**: [Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns](https://blog.eclecticiq.com/sandworm-apt-targets-ukrainian-users-with-trojanized-microsoft-kms-activation-tools-in-cyber-espionage-campaigns )
EclecticIQ analysts assess with high confidence that Sandworm (APT44), a threat actor supporting Russia's Main Intelligence Directorate (GRU), is actively conducting a cyber espionage campaign against Ukrainian Windows users. Likely ongoing since late 2023, following Russia's invasion of Ukraine, Sandworm leverages pirated Microsoft Key Management Service (KMS) activators and fake Windows updates to deliver a new version of BACKORDER, a loader previously associated with the group. BACKORDER ultimately deploys Dark Crystal RAT (DcRAT), enabling attackers to exfiltrate sensitive data and conduct cyber espionage.

Multiple pieces of evidence strongly link this campaign to Sandworm, also tracked by CERT-UA as UAC-0145, based on recurring use of ProtonMail accounts in WHOIS records, overlapping infrastructure, and consistent Tactics, Techniques and Procedures (TTPs). Additionally, the reuse of BACKORDER, DcRAT, and TOR network mechanisms, along with debug symbols referencing a Russian-language build environment, further reinforce confidence in Sandworm's involvement. Yara and Sigma rules, and Indicators of Compromise are listed.

#russia #sandworm #apt44 #gru #threatintel #IOC #yara #sigma #malwareanalysis #infosec #cybersecurity #cti #cyberthreatintelligence

Happy #PatchTuesday from SolarWinds:<li><a ...

2025-02-11T14:31:59Z

In reply to nevent1q…nq4h
_________________________

Happy #PatchTuesday from **SolarWinds**:<li><a href="https://www.solarwinds.com/trust-center/security-advisories/cve-2024-45718"; target="_blank" rel="nofollow noopener">Sensitive data disclosure vulnerability (CVE-2024-45718)</a> 4.6 medium</li><li><a href="https://www.solarwinds.com/trust-center/security-advisories/cve-2024-52611"; target="_blank" rel="nofollow noopener">SolarWinds Platform Information Disclosure Vulnerability (CVE-2024-52611)</a> 3.5 low</li><li><a href="https://www.solarwinds.com/trust-center/security-advisories/cve-2024-52606"; target="_blank" rel="nofollow noopener">SolarWinds Platform Server-Side Request Forgery Vulnerability (CVE-2024-52606)</a> 3.5 low</li>

No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#solarwinds #cve #vulnerability

Happy Patch Tuesday to those still suffering. All new security ...

2025-02-11T12:32:01Z

Happy Patch Tuesday to those still suffering. All new security advisories from today will be posted under this toot as a conversation.

APPLE ZERO-DAY: [About the security content of iPadOS ...

2025-02-10T18:39:56Z

**APPLE ZERO-DAY**: [About the security content of iPadOS 17.7.5](https://support.apple.com/en-us/122173 ) ; [About the security content of iOS 18.3.1 and iPadOS 18.3.1](https://support.apple.com/en-us/122174 )
CVE-2025-24200 (score pending) A physical attack may disable USB Restricted Mode on a locked device. An authorization issue was addressed with improved state management. h/t: ApplSec (npub17m3…7tnu)

> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

#apple #zeroday #vulnerability #CVE_2025_24200 #eitw #activeexploitation #infosec #cybersecurity

Sucuri: [Google Tag Manager Skimmer Steals Credit Card Info ...

2025-02-10T16:45:50Z

**Sucuri**: [Google Tag Manager Skimmer Steals Credit Card Info From Magento Site](https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html )
Title is straightforward: Sucuri warns of credit card data theft from a customer's Magento-based eCommerce website. The credit card skimmer malware is delivered by leveraging Google Tag Manager (GTM). GTM is a free tool from Google that allows website owners to manage and deploy marketing tags on their website without needing to modify the site’s code directly. A single malicious domain is identified, but the real IOC is the GTM identifier GTM-MLHK2N68. The Hacker News identified at least [three sites infected with the skimmer](https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html ).

#magento #threatintel #ioc #infosec #cybersecurity #cyberthreatintelligence #CTI

Zimbra security advisory ~03 February 2025: [Zimbra ...

2025-02-10T15:04:30Z

**Zimbra** security advisory ~03 February 2025: [Zimbra Collaboration Daffodil 10.0.12 Patch Release](https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Security_Fixes )
This is a reason why change logs and timelines are important for security advisories: Zimbra supposedly released this on 17 December 2024. Yet the CVEs have a publish date of 03 February 2025. Open source reporting are only coming out *today*.

Only 3 out of 5 vulnerabilities have CVEs. Since they didn't provide a CVSS score, CISA as an ADP scored [CVE-2025-25064](https://cve.org/CVERecord?id=CVE-2025-25064 ) SQL injection vulnerability as **9.8 critical**.

Why you should care about patching: Zimbra Collaboration Suite has **nine** CVEs on the KEV Catalog, with four of them allowing for unauthenticated code execution. CVE-2025-25064 is more likely to get exploited than other vulnerabilities.

#zimbra #zcs #cve_2025_25064 #vulnerability #cve #infosec #cybersecurity

I swear to god, if they deployed godzilla post-exploitation ...

2025-02-07T18:25:27Z

In reply to nevent1q…yem4
_________________________

I swear to god, if they deployed godzilla post-exploitation framework I'm going to blow up China.

CISA: [CISA Adds One Known Exploited Vulnerability to ...

2025-02-07T18:19:11Z

In reply to nevent1q…medw
_________________________

**CISA**: [CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2025/02/07/cisa-adds-one-known-exploited-vulnerability-catalog )
[CVE-2025-0994](https://www.cve.org/CVERecord?id=CVE-2025-0994 ) (8.6 high) Trimble Cityworks Deserialization Vulnerability

cc: Glenn 📎 (npub1p03…q09v) rare Friday KEV

#cisa #cisakev #kev #eitw #zeroday #vulnerability #trimble #cityworks #activeexploitation #infosec #cybersecurity #KnownExploitedVulnerabilitiesCatalog

ASEC's appears to be the closest and I'm trying to ...

2025-02-07T14:24:21Z

In reply to nevent1q…lrxt
_________________________

ASEC's appears to be the closest and I'm trying to determine if Godzilla (web shell) and Godzilla (post-exploitation framework) are one and the same.

This is the web shell version https://github.com/BeichenDream/Godzilla frequently referenced.

Interestingly "19d87910d1a7ad9632161fd9dd6a54c8a059a64fc5f5a41cf5055cd37ec0499d" from Microsoft isn't hot yet on VirusTotal

EXPLOITED ZERO-DAY: CISA: [Trimble ...

2025-02-06T15:42:20Z

EXPLOITED ZERO-DAY: **CISA**: [Trimble Cityworks](https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04 )
Now that it's public, I can confirm that [CVE-2025-0994](https://www.cve.org/CVERecord?id=CVE-2025-0994 ) (7.2 high) remote code execution is an exploited zero-day. Quoting Trimble [internal communication](https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0? ):

> These changes address a recently discovered vulnerability enabling an external actor to exploit a deserialization vulnerability for remote code execution (RCE) against a customer's Microsoft Internet Information Services (IIS) web server

Indicators of compromise are on page 2 of the Trimble communication page* (thanks Catalin Cimpanu (npub1s69…rmen))

#threatintel #zeroday #trimble #cityworks #activeexploitation #eitw #CVE_2025_0994 #infosec #cybersecurity #cyberthreatintelligence #vulnerability #CTI

Cisco security advisories (PatchTuesday-ishing ...

2025-02-05T16:37:04Z

**Cisco** security advisories (PatchTuesday-ishing shellsharks (npub1fux…vvx6)):<li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34"; target="_blank" rel="nofollow noopener">Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities</a><ul><li>CVE-2024-20184 (6.5 medium) Cisco Secure Email Gateway and Cisco Secure Web Appliance Command Injection Vulnerability</li><li>CVE-2024-20185 (3.1 low) Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance Privilege Escalation Vulnerability</li></ul></li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-range-bypass-2BsEHYSu"; target="_blank" rel="nofollow noopener">Cisco Secure Web Appliance Range Request Bypass Vulnerability</a> CVE-2025-20183 (5.8 medium)</li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW"; target="_blank" rel="nofollow noopener">Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities</a><ul><li>CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176 (7.7 high) Cisco IOS and IOS XE Software SNMP Software Denial of Service Vulnerabilities</li><li>CVE-2025-20172 Cisco IOS and IOS XE (7.7 high), and IOS XR (4.3 medium) Software SNMP Denial of Service Vulnerabilities</li></ul></li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG"; target="_blank" rel="nofollow noopener">Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities</a> CVE-2025-20204 and CVE-2025-20205 (4.8 medium)</li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF"; target="_blank" rel="nofollow noopener">Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities</a><ul><li>CVE-2025-20124 (9.9 critical) Cisco ISE Insecure Java Deserialization Vulnerability</li><li>CVE-2025-20125 (9.1 critical) Cisco ISE Authorization Bypass Vulnerability</li></ul></li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-xss-uexUZrEW"; target="_blank" rel="nofollow noopener">Cisco Expressway Series Cross-Site Scripting Vulnerability</a> CVE-2025-20179 (6.1 medium)</li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-xss-WCk2WcuG"; target="_blank" rel="nofollow noopener">Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability</a> CVE-2025-20180 (4.8 medium)</li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX"; target="_blank" rel="nofollow noopener">Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability</a> CVE-2025-20207 (4.3 medium)</li>

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

Veeam: [CVE-2025-23114](https://www.veeam.com/kb4712 ) ...

2025-02-05T14:06:19Z

**Veeam**: [CVE-2025-23114](https://www.veeam.com/kb4712 )
CVE-2025-23114 (9.0 critical) A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions. This CVE impacts multiple versions of Veeam Backup. No mention of exploitation. h/t: cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008)

#veeam #cve #CVE_2025_23114 #infosec #vulnerability #cybersecurity

Unofficial #PatchTuesday continues with Google Chrome: ...

2025-02-04T19:05:24Z

Unofficial #PatchTuesday continues with **Google Chrome**: [Stable Channel Update for Desktop](https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html )
Chrome 133.0.6943.53 (Linux) and 133.0.6943.53/54( Windows, Mac) includes 12 security fixes, 3 are externally reported:<li>CVE-2025-0444 (high) Use after free in Skia</li><li>CVE-2025-0445 (high) Use after free in V8</li><li>CVE-2025-0451 (medium) Inappropriate implementation in Extensions API</li>

No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#google #chrome #vulnerability #cve #infosec #cybersecurity

In relation to parent toots above, see related press release from ...

2025-02-04T17:16:25Z

In reply to nevent1q…ht30
_________________________

In relation to parent toots above, see related press release from **CISA**: [CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices](https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-partners-asds-acsc-cccs-ncsc-uk-and-other-international-and-us-organizations-release-guidance )

> Foreign adversaries routinely exploit software vulnerabilities in network edge devices to infiltrate critical infrastructure networks and systems. The damage can be expensive, time-consuming, and reputationally catastrophic for public and private sector organizations. These guidance documents detail various considerations and strategies for a more secure and resilient network both before and after a compromise.

#infosec #cybersecurity #networksecurity #securitybestpractice #securebydesign

See related press release NCSC-UK: [Cyber agencies unveil new ...

2025-02-04T16:51:31Z

In reply to nevent1q…6kcr
_________________________

See related press release **NCSC-UK**: [Cyber agencies unveil new guidelines to secure edge devices from increasing threat](https://www.ncsc.gov.uk/news/cyber-agencies-unveil-new-guidelines-to-secure-edge-devices-from-increasing-threat )
The new guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default, so that network defenders can more easily detect malicious activity and investigate following an intrusion.

#infosec #cybersecurity #networksecurity #securitybestpractice #securebydesign

FBI: [Guidance on digital forensics and protective monitoring ...

2025-02-04T16:50:05Z

**FBI**: [Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances](https://www.ic3.gov/CSA/2025/250204.pdf ) (PDF)
This guidance outlines expectations for the minimum requirement for forensic visibility, to help network defenders secure organizational networks both before and after a compromise. Network defenders are encouraged to consider these features when selecting new physical and virtual network devices.

#infosec #cybersecurity #networksecurity #securitybestpractice

NETGEAR did this earlier than #PatchTuesday on 01 February ...

2025-02-04T16:41:33Z

**NETGEAR** did this earlier than #PatchTuesday on 01 February 2025 but here you go:<li><a href="https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039"; target="_blank" rel="nofollow noopener">Security Advisory for Unauthenticated RCE on Some WiFi Routers, PSV-2023-0039</a>An unassigned (no CVE) unauthenticated remote code execution vulnerability (CVSSv3.0: 9.8 critical) has been patched in NETGEAR XR1000, XR1000v2, and XR500 WiFi routers.</li><li><a href="https://kb.netgear.com/000066557/Security-Advisory-for-Authentication-Bypass-on-Some-Wireless-Access-Points-PSV-2021-0117"; target="_blank" rel="nofollow noopener">Security Advisory for Authentication Bypass on Some Wireless Access Points, PSV-2021-0117</a>An unassigned (no CVE) authentication bypass security vulnerability (9.6 critical) was patched on NETGEAR WAX206, WAX220 and WAX214c2 wireless access points.</li>

#netgear #vulnerability #infosec #cybersecurity

Claroty: [Do the CONTEC CMS8000 Patient Monitors Contain a ...

2025-02-04T16:37:05Z

In reply to nevent1q…qxjt
_________________________

**Claroty**: [Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated...](https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated )
There was increased interest in healthcare industry's patient monitors after CISA warned on 31 January 2025 that [Contec CMS8000 Contains a Backdoor](https://www.cisa.gov/resources-tools/resources/contec-cms8000-contains-backdoor ). Claroty's Team82 actually previously investigated the firmware and reached the conclusion that it is most likely not a hidden backdoor, but instead an insecure/vulnerable design that introduces great risk to the patient monitor users and hospital networks. Their conclusion is mainly based on the fact that the vendor—and resellers who re-label and sell the monitor—list the IP address in their manuals and instruct users to configure the Central Management System (CMS) with this IP address within their internal networks. h/t: Jonathan Reiter (张飞) (npub1u4t…94re); cc: Will Dormann (npub12xh…zxeq)

Note: there's associated vulnerabilities: <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-0626"; target="_blank" rel="nofollow noopener">CVE-2025-0626</a> (CVSSv4: 7.7/v3.1: 7.5 high) Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2025-0683"; target="_blank" rel="nofollow noopener">CVE-2025-0683</a> (CVSSv4: 8.2 high/v3.1: 5.9 medium) Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor</li>

#contec #backdoor #hph #hhs #vulnerability #cve #china #cisa #infosec #cybersecurity

#PatchTuesday continues with Zyxel: [Zyxel security advisory ...

2025-02-04T16:20:24Z

#PatchTuesday continues with **Zyxel**: [Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE](https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 )
Zyxel's security advisory confirms the existence of [CVE-2024-40890](https://www.cve.org/CVERecord?id=CVE-2024-40890 ), [CVE-2024-40891](https://www.cve.org/CVERecord?id=CVE-2024-40891 ), and [CVE-2025-0890](https://www.cve.org/CVERecord?id=CVE-2025-0890 ) affecting end-of-life DSL CPE products. While they link to GreyNoise's [blog post](https://www.greynoise.io/blog/active-exploitation-of-zero-day-zyxel-cpe-vulnerability-cve-2024-40891 ), Zyxel does not acknowledge the fact that CVE-2024-40891 (8.8 high) post-auth command injection is a **zero-day being exploited in the wild** by a Mirai botnet variant. They reiterate that EoL products don’t receive further support and:

> "we strongly recommend that users replace them with newer-generation products for optimal protection."

Note: DSL CPE likely stands for Digital Subscriber Line Customer-Premises Equipment cc: Fellows (npub1x6r…qtcd) for more Patch Tuesday Madness.

#zyxel #vulnerability #cve #CVE_2024_40891 #zeroday #eitw #activeexploitation #mirai #botnet #infosec #cybersecurity

CISA: [CISA Adds Four Known Exploited Vulnerabilities to ...

2025-02-04T15:42:18Z

**CISA**: [CISA Adds Four Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-adds-four-known-exploited-vulnerabilities-catalog )
Hot off the press!:<li><a href="https://www.cve.org/CVERecord?id=CVE-2018-19410"; target="_blank" rel="nofollow noopener">CVE-2018-19410</a> (9.8 critical) Paessler PRTG Network Monitor Local File Inclusion Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2018-9276"; target="_blank" rel="nofollow noopener">CVE-2018-9276</a> (7.2 high) Paessler PRTG Network Monitor OS Command Injection Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-29059"; target="_blank" rel="nofollow noopener">CVE-2024-29059</a> (7.5 high) Microsoft .NET Framework Information Disclosure Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-45195"; target="_blank" rel="nofollow noopener">CVE-2024-45195</a> (9.8 critical) Apache OFBiz Forced Browsing Vulnerability</li>

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

Google Android zero-day: [Android Security Bulletin February ...

2025-02-03T19:14:06Z

**Google Android zero-day**: [Android Security Bulletin February 2025](https://source.android.com/docs/security/bulletin/2025-02-01 )
46 CVEs (1 critical, 45 high severity)
[CVE-2024-53104](https://cve.org/CVERecord?id=CVE-2024-53104 ) (7.8 high) media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (EoP in Kernel) cc: buherator (npub17wv…nag2)

> Note: There are indications that CVE-2024-53104 may be under limited, targeted exploitation.

#CVE_2024_53104 #android #google #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity

Qualcomm: [February 2025 Security ...

2025-02-03T18:12:14Z

**Qualcomm**: [February 2025 Security Bulletin](https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html )
Qualcomm has 7 propriety vulnerabilities (1 critical, 5 high, 1 medium severity) and 17 open source vulnerabilities (1 critical, 9 high, 7 medium). That critical vulnerability CVE-2024-49837 (7.8 high) is Improper Validation of Array Index in Automotive OS Platform QNX. No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ). h/t cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008)

#qualcomm #patchtuesday #vulnerability #infosec #cybersecurity

Forget Punxsutawney Phil, my scrambled eggs had a foreboding omen ...

2025-02-02T14:48:41Z

In reply to nevent1q…zv4a
_________________________

Forget Punxsutawney Phil, my scrambled eggs had a foreboding omen this morning.

CISA: [Contec CMS8000 Contains a ...

2025-01-30T19:36:26Z

**CISA**: [Contec CMS8000 Contains a Backdoor](https://www.cisa.gov/resources-tools/resources/contec-cms8000-contains-backdoor )
CISA has an 11 page [PDF advisory](https://www.cisa.gov/sites/default/files/2025-01/fact-sheet-contec-cms8000-contains-a-backdoor-508c.pdf ) warning that a patient monitor known as Contec CMS8000 has an embedded backdoor with a hardcoded IP address which enables patient data spillage, or remote code execution (CISA puts forth a scenario where the device is altered to display inaccurate patient vital signs, which poses a serious risk to patient's safety). The Contec CMS8000 (made by Contec Medical Systems in China) is used by the U.S. Healthcare and Public Health (HPH) sector, and in the European Union to provide continuous monitoring of a patient's vital signs. See related Food and Drug Administration advisory [Cybersecurity Vulnerabilities with Certain Patient Monitors from Contec and Epsimed: FDA Safety Communication](https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication ).

#cisa #content #health #infosec #cybersecurity #hph #china

we should ask for the expert opinion of pilot @npub1lcc…lcye ...

2025-01-30T16:55:39Z

In reply to nevent1q…37gg
_________________________

we should ask for the expert opinion of pilot Kevin Beaumont (npub1lcc…lcye) who has flown thousands of hours of various Microsoft Flight Simulators. Viss (npub12as…yvvc) cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008) Chilly :donor: 🛡️ :gayint: :ifin: (npub17cv…9jd4) Jerry 🦙💝🦙 (npub1vtx…e7wk) Andrew Kalat (npub1pzm…2a9l)

Palo Alto Networks [PAN-SA-2025-0003 Informational: PAN-OS ...

2025-01-24T00:43:29Z

In reply to nevent1q…vj09
_________________________

**Palo Alto Networks** [PAN-SA-2025-0003 Informational: PAN-OS BIOS and Bootloader Security Bulletin](https://security.paloaltonetworks.com/PAN-SA-2025-0003 )
See parent toot above. Palo Alto Networks is in damage control mode, after Eclypsium reported that their Next Generation Firewall (NGFW) products were still impacted by multiple known vulnerabilities.

> Palo Alto Networks is aware of claims of multiple vulnerabilities in hardware device firmware and bootloaders included in our PA-Series (hardware) firewalls.
> Palo Alto Networks is not aware of any malicious exploitation of these issues in our products. We are aware of a blog post discussing these issues.

#paloaltonetworks #panw #vulnerability #cve #infosec #cybersecurity #eclypsium

FBI: [North Korean IT Workers Conducting Data ...

2025-01-23T19:13:58Z

**FBI**: [North Korean IT Workers Conducting Data Extortion](https://www.ic3.gov/PSA/2025/PSA250123 )
The Federal Bureau of Investigation (FBI) is providing an update to previously shared guidance regarding Democratic People's Republic of Korea (North Korea) Information Technology (IT) workers to raise public awareness of their increasingly malicious activity, which has recently included data extortion. FBI is warning the public, private sector, and international community about North Korean IT workers' continued victimization of US-based businesses. In recent months, in addition to data extortion, FBI has observed North Korean IT workers leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.

#northkoreanitworkers #northkorea #cybercrime #infosec #cybersecurity #cyberthreatintelligence #cti

Eclysium: [PANdora's Box: Vulnerabilities Found in ...

2025-01-23T16:24:39Z

**Eclysium**: [PANdora's Box: Vulnerabilities Found in NGFW](https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/ )
Eclysium evaluated three Palo Alto Networks appliances, finding known vulnerabilities ranging from "Boothole" (buffer overflow to RCE) and secure boot bypass to LogoFail, PixieFail, leaked keys bypass, etc. Elypsium provides a timeline with the most recent update requesting that they wait for a patch before going public with the details, but no estimated time of patch release.

#paloaltonetworks #panos #pixiefail #logofail #boothole #secureboot #panw #infosec #vulnerability #cve #cybersecurity

SonicWall exploited zero-day: [SMA1000 Pre-Authentication ...

2025-01-23T12:16:30Z

**SonicWall exploited zero-day**: [SMA1000 Pre-Authentication Remote Command Execution Vulnerability](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 )
CVE-2025-23006 (**9.8 critical**) Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

> IMPORTANT: SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors

cc: GoatYell group (npub17la…5j4p) cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008) Kevin Beaumont (npub1lcc…lcye) BrianKrebs (npub1vc3…axsh)

#zeroday #CVE_2025_23006 #sonicwall #vulnerability #CVE #infosec #cybersecurity #eitw #activeexploitation

Google Chrome security advisory: [Stable Channel Update for ...

2025-01-22T19:03:31Z

**Google** Chrome security advisory: [Stable Channel Update for Desktop](https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html )
New version 132.0.6834.110/111 for Windows, Mac and 132.0.6834.110 for Linux includes 3 security fixes, 2 were externally reported. CVE-2025-0611 (high severity) Object corruption in V8 and CVE-2025-0612 (high) Out of bounds memory access in V8. No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#google #chrome #chromium #vulnerability #cve #infosec #cybersecurity

Cisco Zero-Day: [ClamAV OLE2 File Format Decryption Denial of ...

2025-01-22T16:15:21Z

**Cisco Zero-Day**: [ClamAV OLE2 File Format Decryption Denial of Service Vulnerability](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA )
CVE-2025-20128 (5.3 medium) A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read.

> The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.
> The Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.

Two more Cisco security advisories:<li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc"; target="_blank" rel="nofollow noopener">Cisco Meeting Management REST API Privilege Escalation Vulnerability</a> CVE-2025-20156 (9.9 critical) </li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt"; target="_blank" rel="nofollow noopener">Cisco BroadWorks SIP Denial of Service Vulnerability</a> CVE-2025-20165 (7.5 high)</li>

These two do not mention proof of concept or [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#cisco #vulnerability #cve #infosec #cybersecurity

You've heard of #PatchTuesday, now get ready for ...

2025-01-22T16:02:58Z

In reply to nevent1q…xjpl
_________________________

You've heard of #PatchTuesday, now get ready for PatchEveryday: **Elastic** security advisories 22 January 2025:<li><a href="https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522"; target="_blank" rel="nofollow noopener">Fleet Server 8.15.0 Security Update (ESA-2024-31)</a> CVE-2024-52975 (8.0 high) Fleet Server sensitive information exposure via logs</li><li><a href="https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521"; target="_blank" rel="nofollow noopener">Kibana 8.15.0 Security Update (ESA-2024-29, ESA-2024-30)</a> CVE-2024-43710 (4.3 medium) Kibana server-side request forgery</li>

No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#elastic #kibana #vulnerability #CVE #infosec #cybersecurity

Oracle: [Oracle Critical Patch Update Advisory - January ...

2025-01-22T12:35:53Z

**Oracle**: [Oracle Critical Patch Update Advisory - January 2025](https://www.oracle.com/security-alerts/cpujan2025.html )
It's a pain in the butt to read, but there's 300+ vulnerabilities and coupled with the Oracle VP of Security Assurance's blog post [January 2025 Critical Patch Update Released](https://blogs.oracle.com/security/post/january-2025-cpu-released ), there's likely no mention of [exploitation](https://www.oracle.com/security-alerts/cpujan2025.html ).

See related The Hacker News reporting: [Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products](https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html )

#oracle #vulnerability #PatchTuesday #cve #infosec #cybersecurity

We've had one #PatchTuesday yes, but how about second Patch ...

2025-01-21T13:40:35Z

We've had one #PatchTuesday yes, but how about second Patch Tuesday?
**Elastic** security advisories:<li><a href="https://discuss.elastic.co/t/kibana-7-17-23-and-8-14-2-security-update-esa-2024-26/373443"; target="_blank" rel="nofollow noopener">Kibana 7.17.23 and 8.14.2 Security Update (ESA-2024-26)</a> CVE-2024-52973 (6.5 medium) DoS</li><li><a href="https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442"; target="_blank" rel="nofollow noopener">Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25)</a> CVE-2024-43709 (6.5 medium) DoS</li><li><a href="https://discuss.elastic.co/t/elastic-defend-8-13-3-security-update-esa-2024-24/373441"; target="_blank" rel="nofollow noopener">Elastic Defend 8.13.3 Security Update (ESA-2024-24)</a> CVE-2024-37284 (5.5 medium) DoS</li>

No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#elastic #kibana #infosec #vulnerability #cve #cybersecurity

JetBrains security advisory: [TeamCity 2024.12.1 Bug Fix Is ...

2025-01-21T13:25:33Z

**JetBrains** security advisory: [TeamCity 2024.12.1 Bug Fix Is Now Available](https://blog.jetbrains.com/teamcity/2025/01/teamcity-2024-12-1-bug-fix/ )
It's time for security theater as JetBrains announces a TeamCity update but refuses to tell us what vulnerabilities actually got fixed. 🤡 There are no release notes for 2024.12.1 at the time of this toot.
There is no dropdown option for TeamCity 2024.12.1 in [Fixed security issues](https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.12 ) page. A CVE of "[TeamCity](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=teamcity )" doesn't show any new CVEs since December 2024. On average, they update their security bulletin with CVEs 4-30 days after announcing security updates.

#jetbrains #teamcity #cve #vulnerability #infosec #cybersecurity

#proton #andyyen ...

2025-01-19T14:46:58Z

In reply to nevent1q…qf56
_________________________

#proton #andyyen

courtesy of @npub1jfd…v80a ...

2025-01-18T21:43:59Z

In reply to nevent1q…364a
_________________________

courtesy of K. Reid Wightman :verified: 🌻 :donor: :clippy: (npub1jfd…v80a)

Nostr event nevent1qqsd5ylaer5qp6tuupgu5kzc49ls0ffw0gzh4gh2dwm5esu3zeqpknszyz4plwfa8wd7ry98ju9fmsyjme5ucstc0yg8vvefpxr4s4smaccsyqam0a8

2025-01-17T18:03:01Z

In reply to nevent1q…mhyt
_________________________

Federal agencies and state governments legitimize Twitter by ...

2025-01-17T15:21:41Z

In reply to nevent1q…wkq8
_________________________

Federal agencies and state governments legitimize Twitter by continuing to post important information to the platform. This includes cybersecurity companies like Microsoft Threat Intelligence who sometimes post exclusive CTI to their accounts. It's shameful and is a step back for society.

CISA: [Closing the Software Understanding ...

2025-01-16T19:49:15Z

**CISA**: [Closing the Software Understanding Gap](https://www.cisa.gov/resources-tools/resources/closing-software-understanding-gap )
CISA, along with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA) published [Closing the Software Understanding Gap](https://www.cisa.gov/sites/default/files/2025-01/joint-guidance-closing-the-software-understanding-gap-508c.pdf ) (PDF) which urges the U.S. government to take decisive and coordinated action to close the software understanding gap. This gap arises from a disparity of technical investment where software production has outstripped investment in improving understanding for decades. By closing the software understanding gap, the United States will help mission owners and operators trust the system is functional, safe, and secure, and support confidence in national security and critical infrastructure systems.

#securitybestpractice #cisa #securebydesign #infosec #cybersecurity

> I add alt-text to images (mine and yours too)

2025-01-16T02:19:55Z

In reply to nevent1q…jja6
_________________________

> I add alt-text to images (mine and yours too)

I think we should come up with a catchphrase that sticks: > ...

2025-01-16T02:16:02Z

In reply to nevent1q…2m9p
_________________________

I think we should come up with a catchphrase that sticks:

> "I use Mastodon btw :)"

someone like @npub1vtx…e7wk may have statistics on when ...

2025-01-16T01:55:39Z

In reply to nevent1q…h6za
_________________________

someone like Jerry 🦙💝🦙 (npub1vtx…e7wk) may have statistics on when registration spikes occur on specific days, which could be attributable to a popular entity promoting Mastodon or some billionaire embarrassing themselves and driving traffic off their platform.

I recognize that there's planned protests in the U.S. on Saturday, and probably protests on Monday, but it seemed odd that there'd be a surge of users this weekend or next week as if all of the other dumpster fires didn't convince them.

what makes this weekend special as opposed to any other day of ...

2025-01-16T01:47:43Z

In reply to nevent1q…zsj4
_________________________

what makes this weekend special as opposed to any other day of the year though? I may be out of the loop.

CISA: [Microsoft Expanded Cloud Logs Implementation ...

2025-01-15T19:54:51Z

**CISA**: [Microsoft Expanded Cloud Logs Implementation Playbook](https://www.cisa.gov/resources-tools/resources/microsoft-expanded-cloud-logs-implementation-playbook )
CISA released a 60 page [Microsoft Expanded Cloud Logs Implementation Playbook](https://www.cisa.gov/sites/default/files/2025-01/microsoft-expanded-cloud-logs-implementation-playbook-508c.pdf ) (PDF) to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs.

#microsoft #cisa #securitybestpractice #cloudsecurity #infosec #cybersecurity

Trend Micro: [Investigating A Web Shell Intrusion With Trend ...

2025-01-15T15:15:23Z

**Trend Micro**: [Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR](https://www.trendmicro.com/en_us/research/25/a/investigating-a-web-shell-intrusion-with-trend-micro--managed-xd.html )
Trend Micro provides a case study of a security incident where an attacker’s webshell sent to an unrestricted IIS worker led to the customer's server compromise and multiple payloads being deployed, and payment information being exfiltrated. Indicators of compromise are provided.

#threatintel #ioc #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

Note that Fortinet's security advisory has Indicators of ...

2025-01-15T14:17:58Z

In reply to nevent1q…7tta
_________________________

Note that Fortinet's security advisory has Indicators of Compromise, of which 3 out of 5 IP addresses overlap with **Arctic Wolf** reporting from 10 January 2025: [Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls](https://arcticwolf.com/resources/blog-uk/campaign-targeting-publicly-exposed-management-interfaces-on-fortinet-fortigate-firewalls/ ).

While its use in a ransomware campaign [hasn't been confirmed](https://techcrunch.com/2025/01/14/hackers-are-exploiting-a-new-fortinet-firewall-bug-to-breach-company-networks/ ) by Arctic Wolf, Kevin Beaumont (npub1lcc…lcye) notes [exploitation by a ransomware operator](https://cyberplace.social/@GossiTheDog/113828060350738157 ):

> they have a copy of an exploit and are using it for initial access and handing off for lateral movement.

#CVE_2024_55591 #threatintel #ioc #fortinet #FortiProxy #fortios #zeroday #vulnerability #infosec #cybersecurity #cybersecurity #eitw #activeexploitation #cisakev #kev #cti #cyberthreatintelligence #infosec

Happy #PatchTuesday from Google Chrome: [Stable Channel ...

2025-01-14T23:42:33Z

Happy #PatchTuesday from **Google** Chrome: [Stable Channel Update for Desktop](https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html )
Chrome 132.0.6834.83 (Linux) and 132.0.6834.83/84( Windows, Mac) contain 16 security fixes, 13 were externally reported: 5 high, 5 medium and 3 low severity. No mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage )

#infosec #chrome #chromium #google #vulnerability #cybersecurity #CVE

Happy #PatchTuesday from Zyxel: [Zyxel security advisory for ...

2025-01-14T19:30:33Z

Happy #PatchTuesday from **Zyxel**: [Zyxel security advisory for improper privilege management vulnerability in APs and security router devices](https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 )
CVE-2024-12398 (8.8 high) An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

There is no mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#zyxel #cve #vulnerability #infosec #cybersecurity

Happy #PatchTuesday from Microsoft: SEVEN ZERO-DAYS (3 ...

2025-01-14T18:20:15Z

Happy #PatchTuesday from **Microsoft: SEVEN ZERO-DAYS** (3 exploited, 4 publicly disclosed, 159 new CVEs)<li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334"; target="_blank" rel="nofollow noopener">CVE-2025-21334</a> (7.8 high) Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability (EXPLOITED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333"; target="_blank" rel="nofollow noopener">CVE-2025-21333</a> (7.8 high) Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability (EXPLOITED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335"; target="_blank" rel="nofollow noopener">CVE-2025-21335</a> (7.8 high) Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability (EXPLOITED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21308"; target="_blank" rel="nofollow noopener">CVE-2025-21308</a> (6.5 medium) Windows Themes Spoofing Vulnerability (PUBLICLY DISCLOSED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275"; target="_blank" rel="nofollow noopener">CVE-2025-21275</a> (7.8 high) Windows App Package Installer Elevation of Privilege Vulnerability (PUBLICLY DISCLOSED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21186"; target="_blank" rel="nofollow noopener">CVE-2025-21186</a> (7.8 high) Microsoft Access Remote Code Execution Vulnerability (PUBLICLY DISCLOSED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21395"; target="_blank" rel="nofollow noopener">CVE-2025-21395</a> (7.8 high) Microsoft Access Remote Code Execution Vulnerability (PUBLICLY DISCLOSED)</li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21366"; target="_blank" rel="nofollow noopener">CVE-2025-21366</a> (7.8 high) Microsoft Access Remote Code Execution Vulnerability (PUBLICLY DISCLOSED)</li>

cc: GoatYell group (npub17la…5j4p)

#microsoft #vulnerability #zeroday #eitw #activeexploitation #infosec #cve #cybersecurity

Happy #PatchTuesday from Ivanti: [January Security ...

2025-01-14T15:24:42Z

Happy #PatchTuesday from **Ivanti**: [January Security Update](https://www.ivanti.com/blog/january-security-update )
Bottom line up front: "We have no evidence of any of these vulnerabilities being exploited in the wild."
Links: <li><a href="https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs?language=en_US"; target="_blank" rel="nofollow noopener">Security Advisory Ivanti Avalanche 6.4.7 (Multiple CVEs)</a></li><li><a href="https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630?language=en_US"; target="_blank" rel="nofollow noopener">Security Advisory - Ivanti Application Control Engine (CVE-2024-10630)</a><ul><li>(AC Engine is present on Ivanti Application Control, Ivanti Neurons for App Control and can integrate with Ivanti Security Controls and Ivanti Endpoint Manager)</li></ul></li><li><a href="https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US"; target="_blank" rel="nofollow noopener">Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6</a></li>

These are unrelated to the zero-day exploitation of CVE-2025-0282 inside of [Ivanti Connect Security, Policy Secure and ZTA Gateways](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US ) advisory from 08 January 2025.

#ivanti #vulnerability #cve #infosec #cybersecurity

The rest of the #PatchTuesday security advisories from ...

2025-01-14T15:13:32Z

In reply to nevent1q…7tta
_________________________

The rest of the #PatchTuesday security advisories from **Fortinet**:<li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-239"; target="_blank" rel="nofollow noopener">Admin Account Persistence after Deletion</a> CVE-2024-47571 (8.1 high)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-143"; target="_blank" rel="nofollow noopener">Arbitrary file delete on firmware import image feature</a> CVE-2024-33502 (6.5 medium)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-097"; target="_blank" rel="nofollow noopener">Arbitrary file deletion in administrative interface</a> CVE-2024-32115 (5.5 medium)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-152"; target="_blank" rel="nofollow noopener">Arbitrary file write on GUI</a> CVE-2024-36512 (7.2 high)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-417"; target="_blank" rel="nofollow noopener">Blind SQL injection in Update</a> CVE-2024-52969 (4.1 medium)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-220"; target="_blank" rel="nofollow noopener">Blind SQL injection vulnerability</a> CVE-2023-37931 (8.8 high)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-381"; target="_blank" rel="nofollow noopener">CVE-2023-4863 - Heap overflow in Chrome/libwebp</a> CVE-2023-4863 ("7.5 high" / NVD 8.8 high)<ul><li>bruv I recognize a historical exploited zero-day when I see one: <a href="https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"; target="_blank" rel="nofollow noopener">CVE-2023-4863</a></li></ul></li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-222"; target="_blank" rel="nofollow noopener">Command injection in csfd daemon</a> CVE-2024-46662 (8.8 high)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-164"; target="_blank" rel="nofollow noopener">Denial of Service in TLS-SYSLOG handler</a> CVE-2024-46667 (7.5 high)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-476"; target="_blank" rel="nofollow noopener">EMS console login under brute force attack does not get locked</a> CVE-2024-23106 (8.1 high)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-326"; target="_blank" rel="nofollow noopener">Exposure of sensitive information in RADIUS Accounting-Request</a> CVE-2024-46665 (3.7 low)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-282"; target="_blank" rel="nofollow noopener">File-Filter Bypass in Explicit Web Proxy Policy</a> CVE-2024-54021 (6.5 medium)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-405"; target="_blank" rel="nofollow noopener">FortiAP - Restricted Shell Escape via CLI Command Injection</a> CVE-2024-26012 (6.7 medium)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-458"; target="_blank" rel="nofollow noopener">FortiWeb - Stack overflow in execute backup command</a> CVE-2024-21758 (6.4 medium)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-211"; target="_blank" rel="nofollow noopener">HTML Content Injection</a> CVE-2024-52967 (3.5 low)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-216"; target="_blank" rel="nofollow noopener">Hardcoded Encryption Key Used for Named Pipe Communication</a> CVE-2024-50564 (3.3 low)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-260"; target="_blank" rel="nofollow noopener">Hardcoded Session Secret Leading to Unauthenticated Remote Code Execution</a> CVE-2023-37936 (9.8 critical)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-23-407"; target="_blank" rel="nofollow noopener">IPsec dynamic assignation IP spoofing</a> CVE-2023-46715 (5.0 medium)</li><li><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-210"; target="_blank" rel="nofollow noopener">Improper Neutralization of Formula Elements in a CSV File</a> CVE-2024-47572 (9.0 critical)</li>

Notes: Other than the zero-day [CVE-2024-55591](https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ), there is no other mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).

#fortinet #vulnerability #infosec #cybersecurity #cve

if you're referring to the URL you mentioned the other day, ...

2025-01-14T15:02:32Z

In reply to nevent1q…g2pf
_________________________

if you're referring to the URL you mentioned the other day, it's available and does not explicitly mention exploitation 🤔 https://www.fortiguard.com/psirt/FG-IR-24-266

Happy #ZeroDay from your friends at Fortinet: [Authentication ...

2025-01-14T14:26:32Z

Happy #ZeroDay from your friends at **Fortinet**: [Authentication bypass in Node.js websocket module](https://fortiguard.fortinet.com/psirt/FG-IR-24-535 )
CVE-2024-55591 (CVSSv3.1: **9.8 critical**) An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

> Please note that reports show this is being exploited in the wild.

Indicators of compromise include possible log entries, IP addresses used, and admin accounts created. cc: Kevin Beaumont (npub1lcc…lcye) Will Dormann (npub12xh…zxeq) cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008) BrianKrebs (npub1vc3…axsh)

#zeroday #patchtuesday #fortinet #vulnerability #CVE_2024_55591 #infosec #ioc #threatintel #infosec #cybersecurity #

CrowdStrike: [Recruitment Phishing Scam Imitates CrowdStrike ...

2025-01-09T14:37:59Z

**CrowdStrike**: [Recruitment Phishing Scam Imitates CrowdStrike Hiring Process](https://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process/ )
Following CrowdStrike's successful Denial of Service attack on customers' Windows systems worldwide in July 2024, recruitment has gone up (this is a joke). CrowdStrike reports that a newly discovered phishing campaign uses CrowdStrike recruitment branding to convince victims to download a fake application, which serves as a downloader for the XMRig cryptominer. They describe the infection chain and provide Indicators of Compromise.

#crowdstrike #IOC #xmrig #cryptomining #infosec #cybersecurity #cyberthreatintelligence #CTI

Mozilla Foundation security advisories 09 January ...

2025-01-09T12:11:03Z

**Mozilla Foundation** security advisories 09 January 2025:<li><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/"; target="_blank" rel="nofollow noopener noreferrer">MFSA2025-04</a> Security Vulnerabilities fixed in Thunderbird 134 (9 CVEs: 2 high, 7 "moderate")</li><li><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/"; target="_blank" rel="nofollow noopener noreferrer">MFSA2025-05</a> Security Vulnerabilities fixed in Thunderbird ESR 128.6 (7 CVEs: 1 high, 6 moderate)</li>

No [mention](https://infosec.press/screaminggoat/vendor-verbiage ) of exploitation.

#mozilla #thunderbird #vulnerability #cve #infosec #cybersecurity

Ivanti zero-day mega-toot:<li>Ivanti blog post: <a ...

2025-01-09T01:50:22Z

In reply to nevent1q…p2kl
_________________________

Ivanti zero-day mega-toot:<li>Ivanti blog post: <a href="https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways"; target="_blank" rel="nofollow noopener noreferrer">Security Update: Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways</a></li><li>Ivanti security advisory: <a href="https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US"; target="_blank" rel="nofollow noopener noreferrer">Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)</a></li><li>U.S. CISA mitigation guidance: <a href="https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282"; target="_blank" rel="nofollow noopener noreferrer">CISA Mitigation Instructions for CVE-2025-0282</a></li><li>Mandiant observed post-exploitation activity and forensics (includes IOC, Yara): <a href="https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day"; target="_blank" rel="nofollow noopener noreferrer">Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation</a></li>

Government security advisories:<li>U.S.: <a href="https://www.cisa.gov/news-events/alerts/2025/01/08/ivanti-releases-security-updates-connect-secure-policy-secure-and-zta-gateways"; target="_blank" rel="nofollow noopener noreferrer">Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways</a>; <a href="https://www.cisa.gov/news-events/alerts/2025/01/08/cisa-adds-one-vulnerability-kev-catalog"; target="_blank" rel="nofollow noopener noreferrer">CISA Adds One Vulnerability to the KEV Catalog</a></li><li>Canada: <a href="https://www.cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av25-008"; target="_blank" rel="nofollow noopener noreferrer">Ivanti security advisory (AV25-008)</a></li><li>UK: <a href="https://www.ncsc.gov.uk/news/active-exploitation-ivanti-vulnerabilities"; target="_blank" rel="nofollow noopener noreferrer">Active exploitation of vulnerability affecting Ivanti Connect Secure</a></li>

Regular infosec news reporting:<li>Security Week: <a href="https://www.securityweek.com/ivanti-warns-of-new-zero-day-attacks-hitting-connect-secure-product/"; target="_blank" rel="nofollow noopener noreferrer">Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product</a></li><li>The Record: <a href="https://therecord.media/ivanti-warns-of-hackers-exploiting-new-vulnerability"; target="_blank" rel="nofollow noopener noreferrer">Ivanti warns hackers are exploiting new vulnerability</a></li><li>Bleeping Computer: <a href="https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/"; target="_blank" rel="nofollow noopener noreferrer">Ivanti warns of new Connect Secure flaw used in zero-day attacks</a></li>

all else fails I could just point at a random toot ...

2025-01-08T20:23:53Z

In reply to nevent1q…hdt4
_________________________

all else fails I could just point at a random toot https://cyberplace.social/@GossiTheDog/113687025051706838

we could be talking about a different eitw. Fortinet tomorrow ...

2025-01-08T20:21:16Z

In reply to nevent1q…78n5
_________________________

we could be talking about a different eitw. Fortinet tomorrow kthx

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H > A stack-based ...

2025-01-08T20:17:01Z

In reply to nevent1q…mffr
_________________________

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

> A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

It's pretty self explanatory ¯\_(ツ)_/¯

GitLab security advisory 08 January 2025: [GitLab Patch ...

2025-01-08T16:11:35Z

**GitLab** security advisory 08 January 2025: [GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5](https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/ )<li>CVE-2025-0194 (6.5 medium) Possible access token exposure in GitLab logs</li><li>CVE-2024-6324 (4.3 medium) Cyclic reference of epics leads resource exhaustion</li><li>CVE-2024-12431 (4.3 medium) Unauthorized user can manipulate status of issues in public projects</li><li>CVE-2024-13041 (4.3 medium) Instance SAML does not respect external_provider configuration</li>

No [mention of exploitation](https://infosec.press/screaminggoat/vendor-verbiage )

#gitlab #vulnerability #cve #infosec #cybersecurity

RUMINT is that Ivanti has exploited zero-days. Leaked on social ...

2025-01-08T14:50:25Z

In reply to nevent1q…2h84
_________________________

RUMINT is that Ivanti has exploited zero-days. Leaked on social media (broke embargo) and then deleted.

Google Chrome security advisory: [Stable Channel Update for ...

2025-01-07T19:02:43Z

**Google** Chrome security advisory: [Stable Channel Update for Desktop](https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html )
New Google Chrome version 131.0.6778.264/.265 for Windows, Mac and 131.0.6778.264 for Linux includes 4 security fixes, including 1 externally reported: CVE-2025-0291 (high severity) Type Confusion in V8. No [mention of exploitation](https://infosec.press/screaminggoat/vendor-verbiage )

#google #chrome #vulnerability #cve #infosec #cybersecurity #CVE_2025_0291

??? You're missing one: ...

2025-01-07T16:08:09Z

In reply to nevent1q…ujfa
_________________________

??? You're missing one: [CVE-2020-2883](https://www.cve.org/CVERecord?id=CVE-2020-2883 ) (**9.8 critical**) Oracle WebLogic Server Unspecified Vulnerability

https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog

the real reason to carry two guns: To fire two guns while jumping ...

2025-01-03T16:59:15Z

In reply to nevent1q…g05a
_________________________

the real reason to carry two guns: To fire two guns while jumping through the air: https://www.youtube.com/watch?v=r9d_sLRXOH4

U.S. Treasury: [Treasury Sanctions Technology Company for ...

2025-01-03T16:36:17Z

In reply to nevent1q…xr5r
_________________________

**U.S. Treasury**: [Treasury Sanctions Technology Company for Support to Malicious Cyber Group](https://home.treasury.gov/news/press-releases/jy2769 )
Treasury bites back at China: the Office of Foreign Assets Control (OFAC) sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.

> Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure.

See the joint FBI, CNMF and NSA advisory [People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations](https://www.ic3.gov/Media/News/2024/240918.pdf ) (PDF) from 18 September 2024. cc: Natto Thoughts (npub13gz…eks3)

#integritytech #ofac #treasury #sanctions #china #flaxtyphoon #cyberespionage #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

the vulnerability reporter Yuki Chen says CVE-2024-49113 is ...

2025-01-02T22:07:03Z

In reply to nevent1q…j2fn
_________________________

the vulnerability reporter Yuki Chen says CVE-2024-49113 is incorrectly tagged as Denial of Service when it should be "information leak": https://twitter.com/guhe120/status/1874605842353594579

Progress security advisory: [WhatsUp Gold Security Bulletin ...

2025-01-02T15:34:58Z

**Progress** security advisory: [WhatsUp Gold Security Bulletin December 2024](https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2024 )
cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008) Progress allegedly published this advisory 12 December 2024, but the page wasn't available from Google search results (thank Gemini AI ✨ for being useless) and Progress doesn't maintain a dedicated security advisories section on their website. Anyway, this page hasn't been updated with new information since 12 December so it's also useless. Here are the three vulnerabilities:<li><a href="https://cve.org/CVERecord?id=CVE-2024-12105"; target="_blank" rel="nofollow noopener noreferrer">CVE-2024-12105</a> (6.5 medium) authenticated information disclosure via specially crafted HTTP request</li><li><a href="https://cve.org/CVERecord?id=CVE-2024-12106"; target="_blank" rel="nofollow noopener noreferrer">CVE-2024-12106</a> (9.4 critical) unauthenticated attacker can configure LDAP settings</li><li><a href="https://cve.org/CVERecord?id=CVE-2024-12108"; target="_blank" rel="nofollow noopener noreferrer">CVE-2024-12108</a> (9.6 critical) an attacker can gain access to the WhatsUp Gold server via the public API</li>

No mention of exploitation. Patched in WhatsUp Gold version 24.0.2

#infosec #progress #whatsupgold #cve #vulnerability #cybersecurity

> our own > [> @> ...

2025-01-01T06:32:13Z

In reply to nevent1q…jpnk
_________________________

> our own > [> @> GossiTheDog](https://cyberplace.social/@GossiTheDog )

Awesome news! I absolutely love the quote from @npub1elw…a2f2: ...

2024-12-31T04:18:48Z

In reply to nevent1q…yx72
_________________________

Awesome news! I absolutely love the quote from Allison Nixon (npub1elw…a2f2):

> “I know that young people involved in cybercrime will read these articles,” Nixon said. “You need to stop doing stupid shit and get a lawyer. Law enforcement wants to put all of you in prison for a long time.”

the source is "nsa_employee39" who posted this on the ...

2024-12-30T14:22:44Z

In reply to nevent1q…lzmx
_________________________

the source is "nsa_employee39" who posted this on the [Bad Place](https://twitter.com/NSA_Employee39/status/1873644808998367272 )™:

> Hey guys, as a thank you to all the new followers, I will be dropping 0days all this week until MyBB.

> Here's a ACE vulnerability in 7zip.

The 7zip developer Igor Pavlov is disputing it: https://sourceforge.net/p/sevenzip/bugs/2539/

> This report on Twitter is fake.
> And I don't understand why this Twitter user did this.

> There is no such ACE vulnerability in 7-Zip / LZMA.

cc: cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008)

I saw this over at the Bad Place™ and thought of you (no ...

2024-12-29T01:14:22Z

In reply to nevent1q…hge3
_________________________

I saw this over at the Bad Place™ and thought of you (no offense intended)

VulnCheck: [Four-Faith Industrial Router CVE-2024-12856 ...

2024-12-28T17:36:53Z

**VulnCheck**: [Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild](https://vulncheck.com/blog/four-faith-cve-2024-12856 )
[CVE-2024-12856](https://www.cve.org/CVERecord?id=CVE-2024-12856 ) (7.2 high) Four-Faith Industrial Router post-auth command injection is a reported exploited zero-day. Suricata rule available, no IOC though.

Tod Beardsley (npub1qzu…rvyk) there are still 2 more weekdays left in 2024, cram it all into the KEV!

#vulnerability #fourfaith #cve #eitw #activeexploitation #CVE_2024_12856 #infosec #cybersecurity

Merry fucking Christmas from Palo Alto Networks (Zero-Day): ...

2024-12-27T04:00:43Z

Merry fucking Christmas from **Palo Alto Networks (Zero-Day)**: [CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet](https://security.paloaltonetworks.com/CVE-2024-3393 )
[CVE-2024-3393](https://www.cve.org/CVERecord?id=CVE-2024-3393 ) (CVSSv4: 8.7 high) A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

> Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.

#zeroday #eitw #activeexploitation #vulnerability #paloaltonetworks #cve #CVE_2024_3393 #christmas

On the twelfth day of Christmas, the true goat gave to thee: ...

2024-12-26T03:17:31Z

On the twelfth day of Christmas, the true goat gave to thee: https://infosec.press/screaminggoat/patch-tuesday , which is a list of vendors' security advisory landing pages and their #PatchTuesday schedule.

Disclaimer: Not every vendor is listed, and their patching cycle may be different than what I categorized them as, but it's a good starting point. Ideally, you'd be tracking the ones you care about using RSS anyway.

Merry Christmas Infosec Mastodon

#iinfosec #cybersecurity #vulnerability #cve #christmas

Merry Christmas from the goat: [Vendor ...

2024-12-23T23:36:52Z

Merry Christmas from the goat: [Vendor Verbiage](https://infosec.press/screaminggoat/vendor-verbiage ) is a list of common example messages used by software vendors to note that a vulnerability is publicly disclosed or exploited in the wild. This should come in handy when quickly scanning through security advisories on Patch Tuesday. Enjoy!

#patchtuesday #zeroday #vulnerability #CVE #infosec #cybersecurity #proofofconcept #poc #eitw #activeexploitation

Sophos security advisory 19 December 2024: [Resolved Multiple ...

2024-12-20T16:02:58Z

**Sophos** security advisory 19 December 2024: [Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)](https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce )<li><a href="https://cve.org/CVERecord?id=CVE-2024-12727"; target="_blank" rel="nofollow noopener noreferrer">CVE-2024-12727</a> (9.8 critical) pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-12728"; target="_blank" rel="nofollow noopener noreferrer">CVE-2024-12728</a> (9.8 critical) weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-12729"; target="_blank" rel="nofollow noopener noreferrer">CVE-2024-12729</a> (8.8 high) post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall</li>

> Sophos has not observed these vulnerabilities to be exploited at this time.

#sophos #firewall #vulnerability #cve #infosec #cybersecurity

thank you for emphasizing this. Unrelated: You have a robust toot ...

2024-12-20T12:34:18Z

In reply to nevent1q…dck7
_________________________

thank you for emphasizing this.

Unrelated: You have a robust toot history which enables you to keep a running conversation linked to the earliest rumors of an issue/vulnerability. What's your secret?

Juniper: [2024-12 Reference Advisory: Session Smart Router: ...

2024-12-19T12:44:10Z

**Juniper**: [2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged](https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US )
Juniper warns that customers with Juniper Session Smart Routers (SSR) are getting infected with Mirai DDoS botnet malware because they didn't change from the default password. 🤦‍♂️

#juniper #threatintel #cybersecurity #infosec #mirai #botnet #securitybestpractice

CVE-2023-34990 is credited to ...

2024-12-18T18:20:30Z

In reply to nevent1q…lrm4
_________________________

CVE-2023-34990 is credited to [@hacks_zach](https://infosec.exchange/@hacks_zach ) of Horizon3.ai. This gave me a starting point for figuring out where to look for information. It's contained in [Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty”](https://www.horizon3.ai/attack-research/disclosures/fortiwlm-the-almost-story-for-the-forti-forty ) posted on 14 March 2024.

It was described as an unpatched vulnerability: "Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens" Check out the Path to Remote Code Execution #2 section for vulnerability details:

> This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.

Based on the details of the blog, I can confidently say that the new CVE and the blog's description of the vulnerability are almost certainly one and the same. Timeline puts the reporting at 585 days ago.

#CVE_2023_34990 #fortinet #fortiwlm #vulnerability #CVE #infosec #cybersecurity

I found it. I found the vulnerability details: ...

2024-12-18T18:13:40Z

In reply to nevent1q…xzff
_________________________

I found it. I found the vulnerability details: https://www.horizon3.ai/attack-research/disclosures/fortiwlm-the-almost-story-for-the-forti-forty
Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens

"CVE-2024-???? (0-day): Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability"

> This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.

thank you for this website! I've been meaning to see how ...

2024-12-18T17:08:53Z

In reply to nevent1q…lhyg
_________________________

thank you for this website! I've been meaning to see how others track social media posts besides Feedly: https://feedly.com/cve/CVE-2023-34990

Here are sources for your Fortinet CVE-2024-34990 (CVSSv3.1: ...

2024-12-18T17:03:05Z

In reply to nevent1q…l6v0
_________________________

Here are sources for your Fortinet CVE-2024-34990 (CVSSv3.1: **9.8 critical**): <li><a href="https://www.fortiguard.com/psirt/FG-IR-23-144"; target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.fortiguard.com/psirt/FG-IR-23-144</a> (error loading)</li><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-34990"; target="_blank" rel="nofollow noopener noreferrer" translate="no">https://nvd.nist.gov/vuln/detail/CVE-2023-34990</a></li>

> A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

Note: FortiGuard PSIRT has a tendency to only list the temporal CVSS score 9.6 (lower score) to downplay the severity of its original base score.

Fortinet 18 December 2024 security advisory ...

2024-12-18T16:34:19Z

**Fortinet** 18 December 2024 security advisory [FG-IR-23-144](https://www.fortiguard.com/psirt/FG-IR-23-144 )
[CVE-2023-34990](https://cve.org/CVERecord?id=CVE-2023-34990 ) (**9.8 critical**) relative path traversal in Fortinet FortiWLM leads to code and command execution: released today, **557 days** after it was reserved by Fortinet on 09 June 2023. Information in advisory doesn't match what was submitted to NVD. CVSS score is also different than what's listed (base vs temporal score. Shame on them for waiting a year to patch/announce the vulnerability.

h/t: cR0w :cascadia: :gayint: 🏴‍☠️ (npub1s6e…n008)

#fortinet #fortwlm #vulnerability #CVE #infosec #cybersecurity

WIRED: [Intel Officials Warned Police That US Cities ...

2024-12-17T16:57:15Z

**WIRED**: [Intel Officials Warned Police That US Cities Aren't Ready for Hostile Drones](https://www.wired.com/story/intel-officials-police-us-cities-drones-dhs/ ) (possible paywall)
The Department of Homeland Security warned state and local law enforcement agencies in an August 2024 memo that U.S. cities are vulnerable to the rising threat of weaponized drones:

> The memo states that violent extremists in the US are increasingly searching for ways to modify "off-the-shelf" drones to ferry dangerous payloads, including "explosives, conductive materials, and chemicals," with major advancements in the area being propelled largely by rampant experimentation on foreign battlefields, including those in Ukraine.
> Currently, only a handful of federal agencies—including DHS and the Departments of Energy, Justice, and Defense—are legally permitted to bring down a drone inside US airspace.

The drone epidemic in New Jersey puts a spotlight on law enforcement's ability to counter drones.

#drone #threat #news #newjersey #dhs #terrorism

CCCS (Canada): [Alert - CVE-2024-53677 - Vulnerability ...

2024-12-16T22:09:04Z

In reply to nevent1q…9ytl
_________________________

**CCCS** (Canada): [Alert - CVE-2024-53677 - Vulnerability impacting Apache Struts 2](https://www.cyber.gc.ca/en/alerts-advisories/cve-2024-53677-vulnerability-impacting-apache-struts-2 )
I see multiple government organizations emphasize the criticality of [CVE-2024-53677](https://www.cve.org/CVERecord?id=CVE-2024-53677 ) (CVSSv4: **9.5 critical**) affecting both end-of-life and current versions of Apache Struts 2. A malicious actor can exploit this vulnerability to traverse system paths, upload malicious files, and perform remote code execution.

The Canadian Centre for Cyber Security (CCCS) is aware that a **proof of concept** (POC) exploit is available for this CVE.

#apache #struts #CVE_2024_53677 #vulnerability #cve #infosec #cybersecurity #proofofconcept #poc

Nostr notes by Not Simon 🐐

Happy #PatchTuesday from **Google Chrome**: [Stable Channel ...

Happy #PatchTuesday from **CrowdStrike**: [CVE 2025-1146 - ...

**Assetnote**: [Nginx/Apache Path Confusion to Auth Bypass in ...

Happy #PatchTuesday from **Palo Alto Networks** (LIKELY ...

Happy #PatchTuesday with **GitLab**: [GitLab Patch Release: ...

RE: Fortinet's CVE-2024-24472 **Bleeping Computer**: ...

subtoot about Fortinet zero-day. Those infosec publications are ...

**Wiz**: [How Wiz found a Critical NVIDIA AI vulnerability: Deep ...

Happy #PatchTuesday: Exploited **Fortinet** zero-day??? ...

**CISA**: [CISA Adds Four Known Exploited Vulnerabilities to ...

Happy #PatchTuesday from **Adobe**: <li><a ...

Happy #PatchTuesday from **Microsoft**: 4 ZERO-DAYS (2 EXPLOITED) ...

Happy #PatchTuesday from **Fortinet**: <li><a ...

Happy #PatchTuesday from **Ivanti**: [February Security ...

**ElecticIQ**: [Sandworm APT Targets Ukrainian Users with ...

Happy #PatchTuesday from **SolarWinds**:<li><a ...

Happy Patch Tuesday to those still suffering. All new security ...

**APPLE ZERO-DAY**: [About the security content of iPadOS ...

**Sucuri**: [Google Tag Manager Skimmer Steals Credit Card Info ...

**Zimbra** security advisory ~03 February 2025: [Zimbra ...

I swear to god, if they deployed godzilla post-exploitation ...

**CISA**: [CISA Adds One Known Exploited Vulnerability to ...

ASEC's appears to be the closest and I'm trying to ...

EXPLOITED ZERO-DAY: **CISA**: [Trimble ...

**Cisco** security advisories (PatchTuesday-ishing ...

**Veeam**: [CVE-2025-23114](https://www.veeam.com/kb4712 ) ...

Unofficial #PatchTuesday continues with **Google Chrome**: ...

In relation to parent toots above, see related press release from ...

See related press release **NCSC-UK**: [Cyber agencies unveil new ...

**FBI**: [Guidance on digital forensics and protective monitoring ...

**NETGEAR** did this earlier than #PatchTuesday on 01 February ...

**Claroty**: [Do the CONTEC CMS8000 Patient Monitors Contain a ...

#PatchTuesday continues with **Zyxel**: [Zyxel security advisory ...

**CISA**: [CISA Adds Four Known Exploited Vulnerabilities to ...

**Google Android zero-day**: [Android Security Bulletin February ...

**Qualcomm**: [February 2025 Security ...

Forget Punxsutawney Phil, my scrambled eggs had a foreboding omen ...

**CISA**: [Contec CMS8000 Contains a ...

we should ask for the expert opinion of pilot @npub1lcc…lcye ...

**Palo Alto Networks** [PAN-SA-2025-0003 Informational: PAN-OS ...

**FBI**: [North Korean IT Workers Conducting Data ...

**Eclysium**: [PANdora's Box: Vulnerabilities Found in ...

**SonicWall exploited zero-day**: [SMA1000 Pre-Authentication ...

**Google** Chrome security advisory: [Stable Channel Update for ...

**Cisco Zero-Day**: [ClamAV OLE2 File Format Decryption Denial of ...

You've heard of #PatchTuesday, now get ready for ...

**Oracle**: [Oracle Critical Patch Update Advisory - January ...

We've had one #PatchTuesday yes, but how about second Patch ...

**JetBrains** security advisory: [TeamCity 2024.12.1 Bug Fix Is ...

#proton #andyyen ...

courtesy of @npub1jfd…v80a ...

Nostr event nevent1qqsd5ylaer5qp6tuupgu5kzc49ls0ffw0gzh4gh2dwm5esu3zeqpknszyz4plwfa8wd7ry98ju9fmsyjme5ucstc0yg8vvefpxr4s4smaccsyqam0a8

Federal agencies and state governments legitimize Twitter by ...

**CISA**: [Closing the Software Understanding ...

> I add alt-text to images (mine and yours too)

I think we should come up with a catchphrase that sticks: > ...

someone like @npub1vtx…e7wk may have statistics on when ...

what makes this weekend special as opposed to any other day of ...

**CISA**: [Microsoft Expanded Cloud Logs Implementation ...

**Trend Micro**: [Investigating A Web Shell Intrusion With Trend ...

Note that Fortinet's security advisory has Indicators of ...

Happy #PatchTuesday from **Google** Chrome: [Stable Channel ...

Happy #PatchTuesday from **Zyxel**: [Zyxel security advisory for ...

Happy #PatchTuesday from **Microsoft: SEVEN ZERO-DAYS** (3 ...

Happy #PatchTuesday from **Ivanti**: [January Security ...

The rest of the #PatchTuesday security advisories from ...

if you're referring to the URL you mentioned the other day, ...

Happy #ZeroDay from your friends at **Fortinet**: [Authentication ...

**CrowdStrike**: [Recruitment Phishing Scam Imitates CrowdStrike ...

**Mozilla Foundation** security advisories 09 January ...

Ivanti zero-day mega-toot:<li>Ivanti blog post: <a ...

all else fails I could just point at a random toot ...

we could be talking about a different eitw. Fortinet tomorrow ...

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H > A stack-based ...

**GitLab** security advisory 08 January 2025: [GitLab Patch ...

RUMINT is that Ivanti has exploited zero-days. Leaked on social ...

**Google** Chrome security advisory: [Stable Channel Update for ...

??? You're missing one: ...

the real reason to carry two guns: To fire two guns while jumping ...

Happy #PatchTuesday from Google Chrome: [Stable Channel ...

Happy #PatchTuesday from CrowdStrike: [CVE 2025-1146 - ...

Assetnote: [Nginx/Apache Path Confusion to Auth Bypass in ...

Happy #PatchTuesday from Palo Alto Networks (LIKELY ...

Happy #PatchTuesday with GitLab: [GitLab Patch Release: ...

RE: Fortinet's CVE-2024-24472 Bleeping Computer: ...

Wiz: [How Wiz found a Critical NVIDIA AI vulnerability: Deep ...

Happy #PatchTuesday: Exploited Fortinet zero-day??? ...

CISA: [CISA Adds Four Known Exploited Vulnerabilities to ...

Happy #PatchTuesday from Adobe: <li><a ...

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) ...

Happy #PatchTuesday from Fortinet: <li><a ...

Happy #PatchTuesday from Ivanti: [February Security ...

ElecticIQ: [Sandworm APT Targets Ukrainian Users with ...

Happy #PatchTuesday from SolarWinds:<li><a ...

APPLE ZERO-DAY: [About the security content of iPadOS ...

Sucuri: [Google Tag Manager Skimmer Steals Credit Card Info ...

Zimbra security advisory ~03 February 2025: [Zimbra ...

CISA: [CISA Adds One Known Exploited Vulnerability to ...

EXPLOITED ZERO-DAY: CISA: [Trimble ...

Cisco security advisories (PatchTuesday-ishing ...

Veeam: [CVE-2025-23114](https://www.veeam.com/kb4712 ) ...

Unofficial #PatchTuesday continues with Google Chrome: ...

See related press release NCSC-UK: [Cyber agencies unveil new ...

FBI: [Guidance on digital forensics and protective monitoring ...

NETGEAR did this earlier than #PatchTuesday on 01 February ...

Claroty: [Do the CONTEC CMS8000 Patient Monitors Contain a ...

#PatchTuesday continues with Zyxel: [Zyxel security advisory ...

CISA: [CISA Adds Four Known Exploited Vulnerabilities to ...

Google Android zero-day: [Android Security Bulletin February ...

Qualcomm: [February 2025 Security ...

CISA: [Contec CMS8000 Contains a ...

Palo Alto Networks [PAN-SA-2025-0003 Informational: PAN-OS ...

FBI: [North Korean IT Workers Conducting Data ...

Eclysium: [PANdora's Box: Vulnerabilities Found in ...

SonicWall exploited zero-day: [SMA1000 Pre-Authentication ...

Google Chrome security advisory: [Stable Channel Update for ...

Cisco Zero-Day: [ClamAV OLE2 File Format Decryption Denial of ...

Oracle: [Oracle Critical Patch Update Advisory - January ...

JetBrains security advisory: [TeamCity 2024.12.1 Bug Fix Is ...

CISA: [Closing the Software Understanding ...

CISA: [Microsoft Expanded Cloud Logs Implementation ...

Trend Micro: [Investigating A Web Shell Intrusion With Trend ...

Happy #PatchTuesday from Google Chrome: [Stable Channel ...

Happy #PatchTuesday from Zyxel: [Zyxel security advisory for ...

Happy #PatchTuesday from Microsoft: SEVEN ZERO-DAYS (3 ...

Happy #PatchTuesday from Ivanti: [January Security ...

Happy #ZeroDay from your friends at Fortinet: [Authentication ...

CrowdStrike: [Recruitment Phishing Scam Imitates CrowdStrike ...

Mozilla Foundation security advisories 09 January ...

GitLab security advisory 08 January 2025: [GitLab Patch ...

Google Chrome security advisory: [Stable Channel Update for ...

U.S. Treasury: [Treasury Sanctions Technology Company for ...

Progress security advisory: [WhatsUp Gold Security Bulletin ...

VulnCheck: [Four-Faith Industrial Router CVE-2024-12856 ...

Merry fucking Christmas from Palo Alto Networks (Zero-Day): ...

Sophos security advisory 19 December 2024: [Resolved Multiple ...

Juniper: [2024-12 Reference Advisory: Session Smart Router: ...

Fortinet 18 December 2024 security advisory ...

WIRED: [Intel Officials Warned Police That US Cities ...

CCCS (Canada): [Alert - CVE-2024-53677 - Vulnerability ...