Vulmon’s Post

CVE-2024-1709: CVSS 10-point #ScreenConnect #Vulnerability Analysis This flaw allows attackers to alter routes post-authentication to elevate privileges or deploy payloads for attacks. Check over + 4,400 servers identified in Criminal IP Asset Search. https://lnkd.in/gJs4pn-i

Tracking various aspects from incidents that others might not is kinda my jam. https://lnkd.in/eDB_KCPB Are you tracking BITS transfer job names? Got SIEM? Extract it from EDR command lines?

5G Standalone Security 2024 update - new attack techniques

🚨 CVE -2024-47575 https://lnkd.in/g_2mPx8G This flaw allows a remote attacker to send crafted requests, bypass access controls, and execute arbitrary commands on the FortiManager system, potentially compromising the network. Read more above! #infosec #partner #cve #vulnerability

[CVE-2024-6145: HIGH] Actiontec WCB6200Q router is at risk due to a Cookie Format String Remote Code Execution Vulnerability. Attackers can exploit this flaw in the HTTP server to execute code without authentication. Immediate action is crucial to secure vulnerable systems. https://lnkd.in/e-Q3cXxn

Encrypt your data both in transit and at rest to safeguard sensitive information from being accessed by unauthorized parties. Implement proper encryption protocols to protect data when it is being transmitted over the network and when it is stored on devices or servers. This ensures valuable business data stays safe and secure at all times, giving you added peace of mind.

"Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant. The Google-owned threat hunters said they assess, "with moderate confidence," that a crew they track as UNC5174 was behind the exploitation of CVE-2023-46747, a 9.8-out-of-10-CVSS-rated remote code execution bug in the F5 BIG-IP Traffic Management User Interface, and CVE-2024-1709, a path traversal flaw in ConnectWise ScreenConnect that scored a perfect 10 out of 10 CVSS severity rating. UNC5174 uses the online persona Uteus, and has bragged about its links to China's Ministry of State Security (MSS) – boasts that may well be true. The gang focuses on gaining initial access into victim organizations and then reselling access to valuable targets." https://lnkd.in/gDXhh-tR

#CyberAlerts SolarWinds has disclosed critical vulnerabilities in its Access Rights Manager (ARM) platform, identified as CVE-2024-28990 and CVE-2024-28991. The first vulnerability allows attackers to bypass authentication via hard-coded credentials, potentially granting unauthorized access to the RabbitMQ management console. The second, more severe issue, enables remote code execution by exploiting deserialization of untrusted data, posing a significant risk if exploited by authenticated users. Read More: https://lnkd.in/dftTc_KS #SolarWinds #ARMPlatform #Vulnerabilities

[CVE-2021-26102: CRITICAL] FortiWAN 4.5.7 and below, 4.4 versions are vulnerable to a remote attacker exploiting a path traversal flaw to delete system files. Deleting certain files can reset the Admin password. Patch/update to secure systems against this CWE-23 issue. https://lnkd.in/ebxay2gH

Thanks for sharing this John Hammond! One would think checking for internet facing remote and generic default accounts is an obvious first step in securing or disabling completely. It seems all too often businesses completely overlook this cyber security 101 attack surface entry point.