Comments

INCIDENT: Threat Actors Currently Mass-Exploiting Cleo Servers (0-day-ish) 👾 (source reddit)

2024-12-10T07:56:04+0000 by Alexandre Dulaunoy

JSON CVE-2024-50623

INCIDENT: Threat Actors Currently Mass-Exploiting Cleo Servers (0-day-ish) 👾

https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild

On December 3, Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers. We’ve directly observed evidence of threat actors exploiting this software en masse and performing post-exploitation activity. Although Cleo published an update and advisory for CVE-2024-50623—which allows unauthenticated remote code execution—Huntress security researchers have recreated the proof of concept and learned the patch does not mitigate the software flaw.

‍TL;DR - This vulnerability is being actively exploited in the wild and fully patched systems running 5.8.0.21 are still exploitable. We strongly recommend you move any internet-exposed Cleo systems behind a firewall until a new patch is released.

CVE-2024-36401 GeoServer Remote Code Execution

2024-11-28T21:52:40+0000 by Alexandre Dulaunoy

JSON CVE-2024-36401

CVE-2024-36401 GeoServer Remote Code Execution - https://github.com/0x0d3ad/CVE-2024-36401

Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack

2024-11-18T07:05:03+0000 by Alexandre Dulaunoy

JSON CVE-2024-52301

Rapid7 analysis of CVE-2024-47575

2024-11-14T08:13:33+0000 by Alexandre Dulaunoy

JSON CVE-2024-47575

Rapid7 Analysis of CVE-2024-47575

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

2024-11-08T08:48:36+0000 by Cédric Bonhomme

JSON CVE-2024-43093

« Nov 05, 2024 Ravie LakshmananMobile Security / Vulnerability Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories, according to a code commit message.»

Android Security Bulletin November 2024

Proof of concept for CVE-2024-37383

2024-11-07T17:02:33+0000 by Alexandre Dulaunoy

JSON CVE-2024-37383

https://github.com/bartfroklage/CVE-2024-37383-POC

Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution (still exploited)

2024-11-06T15:21:53+0000 by Alexandre Dulaunoy

JSON CVE-2023-28771

https://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.html

We still see exploitation of that vulnerability in a black-hole network.

Chrome - Stable Channel Update for Desktop

2024-11-06T09:47:00+0000 by Alexandre Dulaunoy

JSON CVE-2024-10826

Stable Channel Update for Desktop

CVE-2024-10826: Use after free in Family Experiences. Reported by Anonymous on 2024-09-29

Chrome release - Stable Channel Update for Desktop

2024-11-06T09:34:53+0000 by Alexandre Dulaunoy

JSON CVE-2024-10827

Chrome release - Stable Channel Update for Desktop

High CVE-2024-10827: Use after free in Serial. Reported by Anonymous on 2024-10-23

"Please, remove this from the Internet even if fully patched" comment from watchTowr

2024-11-05T13:43:12+0000 by Alexandre Dulaunoy

JSON CVE-2024-47575

we’re back, and despite all the buzz about FortiManager - the saga is about to continue.

Please, remove this from the Internet *even if fully patched*

speak soon.

Ref: https://x.com/watchtowrcyber/status/1853262240822276534

Recent comments