What’s Going on With Check Point (CVE-2024-24919)?
https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
www.greynoise.io
What’s Going on With Check Point (CVE-2024-24919)? | GreyNoise Blog
Find out more about CVE-2024-24919, a zero-day vulnerability in Check Point's Network Security gateway products that threat actors are exploiting in the wild.
Noodle RAT: Reviewing the Backdoor
https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
Trend Micro
Noodle RAT Reviewing the Backdoor Used by Chinese-Speaking Groups
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
/ Dipping into Danger: The WARMCOOKIE backdoor
https://www.elastic.co/security-labs/dipping-into-danger
https://www.elastic.co/security-labs/dipping-into-danger
www.elastic.co
Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs
Elastic Security Labs observed threat actors masquerading as recruiting firms to deploy a new malware backdoor called WARMCOOKIE. This malware has standard backdoor capabilities, including capturing screenshots, executing additional malware, and reading/writing…
Windows Wi-Fi Driver Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30078
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30078
Modern Approaches to Network Access Security-508c.pdf
503.1 KB
Modern Approaches To Network Access Security from CISA (Publication: June 18, 2024)
DejaVU - Open Source Deception Platform
Deception to detect common adversary tactics and techniques during various stages of attack lifecycle..:
https://github.com/bhdresh/Dejavu
Deception to detect common adversary tactics and techniques during various stages of attack lifecycle..:
https://github.com/bhdresh/Dejavu
GitHub
GitHub - bhdresh/Dejavu: DejaVU - Open Source Deception Framework
DejaVU - Open Source Deception Framework. Contribute to bhdresh/Dejavu development by creating an account on GitHub.
Fickle Stealer Distributed via Multiple Attack Chain
https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain
https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain
Fortinet Blog
Fickle Stealer Distributed via Multiple Attack Chain
FortiGuard Labs has uncovered a fresh threat, Fickle stealer, which is distributed via various strategies. Read more.…
/ Ueficanhazbufferoverflow: Widespread Impact From Vulnerability In Popular Pc And Server Firmware
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Eclypsium | Supply Chain Security for the Modern Enterprise
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile…
Remote Network Latency Measurements Leak User Activity
https://snailload.com/
Paper:
https://snailload.com/snailload.pdf
https://snailload.com/
Paper:
https://snailload.com/snailload.pdf
Zyxel NAS Under Attack
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request (CVE-2024-29973. NVD Last Modified 06/24/2024):
https://nvd.nist.gov/vuln/detail/CVE-2024-29973
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
Detailed research:
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request (CVE-2024-29973. NVD Last Modified 06/24/2024):
https://nvd.nist.gov/vuln/detail/CVE-2024-29973
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
Detailed research:
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
Outpost24
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
How Outpost24’s vulnerability research team found five vulnerabilities in Zyxel NAS devices.
red_hat_enterprise_linux_9_configuring_firewalls_and_packet_filters.pdf
629.7 KB
Configuring firewalls and packet filters
Managing the firewalld service, the nftables framework, and XDP packet filtering features (doc from RHEL 9)
Managing the firewalld service, the nftables framework, and XDP packet filtering features (doc from RHEL 9)
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
Qualys
OpenSSH CVE-2024-6387 RCE Vulnerability: Risk & Mitigation | Qualys
CVE-2024-6387 exploit in OpenSSH poses remote unauthenticated code execution risks. Find out which versions are vulnerable and how to protect your systems.
Velvet Ant Exploits Cisco Zero-Day
https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/
https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/
Sygnia
China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for…
Learn about the forensic investigation by Sygnia, the cyber espionage operation by Velvet Ant, and best practices for safeguarding your network against sophisticated threats.
CVE-2024-29510 – Exploiting Ghostnoscript using format strings
https://codeanlabs.com/blog/research/cve-2024-29510-ghostnoscript-format-string-exploitation/
https://codeanlabs.com/blog/research/cve-2024-29510-ghostnoscript-format-string-exploitation/
Codean Labs
CVE-2024-29510 - Exploiting Ghostnoscript using format strings — Codean Labs
A format string vulnerability in Ghostnoscript ≤ 10.03.0 which enables attackers to gain Remote Code Execution (#RCE) while also bypassing sandbox protections. CVE-2024-29510 has significant impact on web-applications and other services offering document conversion…
Отфильтрованный архив (новость: RockYou2024: 10 billion passwords leaked in the largest compilation of all time) от https://securixy.kz
- https://news.1rj.ru/str/securixy_kz/908
- https://news.1rj.ru/str/securixy_kz/908
Telegram
Sys-Admin InfoSec
/ RockYou2024: 10 billion passwords leaked in the largest compilation of all time
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
Exim MTA Could Allow Malicious Email Attachments Past Filters [CVE-2024-39929]
https://censys.com/cve-2024-39929/
https://censys.com/cve-2024-39929/
Censys
July 10, 2024 Advisory: Vulnerability in Exim MTA Could Allow Malicious Email Attachments Past Filters [CVE-2024-39929]