RedLegg’s Post

On December 7, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. The vulnerability in this campaign involved unauthorized remote code execution (RCE) through the manipulation of the filesystem, and was suspected of being related to CVE-2024-50623. Most intrusions associated with this campaign were observed in early December. Since our previous security bulletin, several reports have emerged describing activity similar to what we had observed, with several key updates. Learn more in our latest security bulletin: https://ow.ly/QBrV50UrGvA #EndCyberRisk

The MITRE ATT&CK Framework started off in 2015 as just a total of 9 tactics and 96 techniques and quickly gained traction for how threats and attacks were categorized and organized in security. It has since evolved to include 14 tactics, 191 techniques, 386 sub-techniques, and 134 groups, and covers 680 pieces of software. It is presented today as multiple different models (matrices) based on operating systems and environments. Here they stand today.: #attacknow #cybernow Matthew Peterson Michael Archuleta

Join us @ 10:30 ET for GreyNoise Storm⚡️Watch! Today, we're complemented by John Althouse, co-creator of JA3 & creator of JA4+ network fingerprinting standards. If you're live, you can ask him your burning questions! https://stormwatch.ing/ 1/3 We'll also be taking a look at CISA's recent drop of 2023's Top Routinely Exploited Vulnerabilities through a CGNVC (Censys—GreyNoise—VulnCheck) lens. 2/3 And, time-permitting, we'll see why defenders continue to be all wet when it comes to securing our nation's water infrastructure. Join live to heckle/contribute, or on-demand 🎧📺! https://stormwatch.ing/ 3/3

Multiple critical security flaws have been identified in Judge0, an open-source online code execution system. These vulnerabilities could allow attackers to escape the sandbox environment, gain root access, and take complete control of the host machine. The disclosed vulnerabilities include symlink exploitation, patch bypass issues, and a Server-Side Request Forgery (SSRF) that enables remote code execution as root.

OPSWAT have achieved an 100% Protection and Accuracy Score from SE LABS Ⓡ. 🙌🎉 OPSWAT’s Deep CDR dissects files into discrete components, eliminating potentially harmful or out-of-policy objects, and reconstructs usable files while preserving functionality. SE Labs, an independently-owned and run testing company that assesses security products and services, scored two aspects of OPSWAT’s Deep CDR: Protection Accuracy to score the ability to eliminate threats, and Legitimate Accuracy to score the preservation of useful components.  OPSWAT Deep CDR achieved 100% in both categories, demonstrating its capability to ensure both security and file integrity. 👏  

Though a few years old, hands down still the most impactful video I’ve seen that truly resonates with the C-suite—Realistically showing how easily #threatactors exploit overlooked #vulnerabilities within organizations. Spend the time to watch this - It’ll help you formulate which questions you should be asking your IT & Security teams HP #cyberinsurance #commercialinsurance

Our #Security Research team reported: #CVE-2024-35326 (9.8 Critical) and CVE-2024-35328 (7.5 High) have been discovered in the widely-used C library, LibYAML- a key YAML parser and emitter library. Although the severity ratings seem intimidating, a deeper look reveals that the actual risk may not be as concerning as it appears. Read the full thread on X: https://jfrog.co/4cjS5pA

Secure Model That Addresses Security And Downsides Of DNSSEC

Challenge Day 3: Exploitation & Privilege Escalation Practice Today, I completed an exploitation exercise on a vulnerable VM (Metasploitable 1) using the Metasploit Framework. Starting with reconnaissance and Nmap scans, I discovered a known vulnerability in vsftpd 2.3.4. Leveraging this, I gained initial shell access and then used MFCONSOLE to identify potential paths for privilege escalation. Through careful analysis, I modified permissions to elevate privileges to root access. Takeaways: Vulnerability Exploitation: vsftpd backdoor exploited for initial access. Privilege Escalation: Elevated access with MSFCONSOLE insights on writable system files. Security Recommendations: Regularly patch and update software. Audit permissions on sensitive files (like /etc/passwd). Restrict unnecessary services and enforce strict firewall rules. Harvoxx Tech Hub Chukwudi Dimkpa Chukwudi Dimkpa Foundation #tech230project #chukwudidimkpafoundation #harvoxxtechhub #6daystech230challenge #tech230Cybersecurity

🎋 After so long came across few more Labs on PortSwigger WebSecurity Academy. 🕒 Overview: Race Condition Flaws A vulnerability where two or more processes compete to execute simultaneously, leading to unpredictable results. Came across single-endpoint and multi-endpoint scenarios where such unexpected behaviours are possible. For example: 👉 An attacker exploits the tiny window between checking user permissions and executing a critical operation. ⚠️ This flaw can lead to data corruption, privilege escalation, or bypassing security checks. 🔒 Tip: Secure your code by implementing proper locks, atomic operations, and ensuring critical sections of your application are race-free. #WebPentesting #RaceConditions