exploit

  • Blog

    Exploit released for critical WhatsUp Gold RCE flaw, patch now

    A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. The flaw is tracked as CVE-2024-8785 (CVSS v3.1 score: 9.8) and was discovered by Tenable in mid-August 2024. It exists in the NmAPI.exe process in WhatsUp Gold versions from…

    Read More »
  • Blog

    Hackers exploit ProjectSend flaw to backdoor exposed servers

    Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. The flaw, tracked as CVE-2024-11680, is a critical authentication bug impacting ProjectSend versions before r1720, allowing attackers to send specially crafted HTTP requests to ‘options.php’ to change the application’s configuration. Successful exploitation allows the creation of rogue…

    Read More »
  • Blog

    Chinese hackers exploit Fortinet VPN zero-day to steal credentials

    Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but…

    Read More »
  • Blog

    Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

    The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google. Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61. Lazarus tank games Kaspersky discovered the…

    Read More »
  • Blog

    Hackers exploit Roundcube webmail flaw to steal email, credentials

    Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. An attack was discovered by Russian cybersecurity company Positive Technologies in September, but the researchers determined that the threat actor activity had started in June. Roundcube Webmail is an…

    Read More »
  • Blog

    Iranian hackers now exploit Windows flaw to elevate privileges

    The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. In these attacks, spotted by Trend Micro researchers, OilRig deployed a novel backdoor, targeting Microsoft Exchange servers to steal credentials, and also exploited the Windows CVE-2024-30088 flaw to elevate their…

    Read More »
  • Blog

    Akira and Fog ransomware now exploit critical Veeam RCE flaw

    Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. Code White security researcher Florian Hauser found that the security flaw, now tracked as CVE-2024-40711, is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit in low-complexity attacks. Veeam disclosed the…

    Read More »
  • Blog

    Palo Alto Networks warns of firewall hijack bugs with public exploit

    Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as user credentials, that can help…

    Read More »
  • Blog

    Critical Ivanti RCE flaw with public exploit now used in attacks

    CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. Ivanti EPM is an all-in-one endpoint management solution that helps admins manage client devices on various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. Tracked as CVE-2024-29824, this SQL Injection vulnerability in…

    Read More »
  • Blog

    Hackers are using a ChromeLoader exploit to set up fake companies and malware-ridden websites

    A large ChromeLoader campaign that uses valid ‘code-signing’ certificates to bypass Windows security policies has been identified by an HP Wolf Security report. Threat actors using the ChromeLoader exploit may also be setting up fake companies in a bid to validate certificates for bogus PDF reader websites, the report noted. In signing the installation file with valid code signing certificates,…

    Read More »
Back to top button
close