Tag: detection
-
INCONTROLLER / PIPEDREAM ICS Toolkit Targeting Energy Sector
by
in SecurityNewsThis advisory was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary Incontroller/Pipedrea… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/04/25/incontroller-pipedream-ics-toolkit-targeting-energy-sector/
-
BIG-IP iControl REST API Authentication Bypass
by
in SecurityNewsThis bulletin was written by Yann Lehmann of the Kudelski Security Threat Detection & Research Team Update May 18th, 2022, 1800h UTC (2PM EDT) Acc… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/05/06/big-ip-icontrol-rest-api-authentication-bypass/
-
>>Follina<< (CVE-2022-30190): Microsoft Support Diagnostic Tool 0-Day Vulnerability Being Actively Exploited
by
in SecurityNewsThis bulletin was written by Michal Nowakowski of the Kudelski Security Threat Detection & Research Team Summary On May 27th, 2022, threat researc… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/05/31/follina-cve-2022-30190-microsoft-support-diagnostic-tool-0-day-vulnerability-being-actively-exploited/
-
>>SynLapse<< Azure Synapse Pipeline and Data Factory Vulnerability (CVE-2022-29972)
by
in SecurityNewsThis bulletin was written by Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary Microsoft has recently mitigated a vulne… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/06/15/synlapse-azure-synapse-pipeline-and-data-factory-vulnerability-cve-2022-29972/
-
High Severity VMware Vulnerabilities Under Active Exploitation
by
in SecurityNewsThis bulletin was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Executive Summary On May 18th… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/05/20/high-severity-vmware-vulnerabilities-under-active-exploitation%ef%bf%bc/
-
Active Directory Domain Services Elevation of Privilege Vulnerability
by
in SecurityNewsThis bulletin was written by Michal Nowakowski of the Kudelski Security Threat Detection & Research Team Update June 1st, 2022, 1830h UTC (2.30PM … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/05/16/active-directory-domain-services-elevation-of-privilege-vulnerability/
-
OpenSSL 3 Buffer overflow vulnerabilities: CVE-2022-3786 and CVE-2022-3602
by
in SecurityNewsNote: This Bulletin was contributed to by Kudelski Security’s Threat Detection & Research Team. Specifically Mark Stueck. Executive Summary On the… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/11/01/openssl-3-buffer-overflow-vulnerabilities-cve-2022-3786-and-cve-2022-3602/
-
Critical Severity Buffer Overflow 0-Day Vulnerability in Fortinet SSL-VPN Under Active Exploitation (CVE-2022- 42475)
by
in SecurityNewsThis bulletin was authored by Mark Stueck of the Kudelski Security Threat Detection & Research Team. Summary On December 12th, 2022, Fortinet disc… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/12/12/bulletin-critical-severity-buffer-overflow-0-day-vulnerability-in-fortinet-ssl-vpn-under-active-exploitation-cve-2022-42475/
-
SPNEGO NEGOEX: Critical Pre-Authentication RCE Vulnerability in Modern Microsoft Windows Operating Systems (CVE-2022-37958)
by
in SecurityNewsWritten by Mark Stueck of the Kudelski Security Threat Detection & Research Team Summary On Tuesday, December 13th, Microsoft reclassified a previ… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/12/14/advisory-spnego-negoex-critical-pre-authentication-rce-vulnerability-in-modern-microsoft-windows-operating-systems-cve-2022-37958/
-
Active exploitation of Citrix ADC and Gateway Critical Remote Code Execution Vulnerability by Suspected Chinese APT5 (CVE-2022-27518)
by
in SecurityNewsWritten by Harish Segar of the Kudelski Security Threat Detection & Research Team Summary On December 13, 2022, The U.S. National Security Agency … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/12/15/advisory-active-exploitation-of-citrix-adc-and-gateway-critical-remote-code-execution-vulnerability-by-suspected-chinese-apt5/
-
Linux Kernel ksmbd Remote Code Execution Vulnerability
by
in SecurityNewsNote: This bulletin was written by Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary The Zero Day Initiative (ZDI) rece… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/12/22/bulletin-linux-kernel-ksmbd-remote-code-execution-vulnerability/
-
Ransomware as a Service Nevada Ransomware campaign targeting VMWare ESXi servers
by
in SecurityNewsWritten by Michal Nowakowski of the Kudelski Security Threat Detection & Research Team UPDATE February 14th 2023 After the first wave of ESXiArgs … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/02/09/ransomware-as-a-service-nevada-ransomware-campaign-targeting-vmware-esxi-servers/
-
CVE-2023-23397 Microsoft Outlook Privilege Elevation Critical Vulnerability
by
in SecurityNewsWritten by Lina Jiménez Becerra, Anton Jörgensson and Mark Stueck of the Kudelski Security Threat Detection & Research Team CVE-2023-23397: Abili… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/03/15/cve-2023-23397-microsoft-outlook-privilege-elevation-critical-vulnerability/
-
CVE-2023-27532 Veeam Backup Replication Vulnerability Exposes Stored Credentials, No Auth Necessary
by
in SecurityNewsWritten by Mark Stueck and Scott Emersonof the Kudelski Security Threat Detection & Research Team CVE-2023-27532: Unauthenticated Access to Cleart… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/03/10/cve-2023-27532-veeam-backup-amp-replication-vulnerability-exposes-stored-credentials-no-auth-necessary/
-
3CX Supply Chain Attack ‘SmoothOperator’
by
in SecurityNewsWritten by Anton Jörgensson, Eric Dodge & Yann Lehmann of the Kudelski Security Threat Detection & Research Team Updated on April 5th. We may … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/03/30/3cx-supply-chain-attack-smoothoperator/
-
CVE-2023-27997 Pre-Authentication RCE on FortiGate SSL-VPN
by
in SecurityNewsWritten by Harish Segar and Scott Emerson of the Kudelski Security Threat Detection & Research Team June 13th, update 2: Technical details of bug … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/06/12/cve-2023-27997-fortigate-ssl-vpn/
-
CVE-2023-33308 Critical Remote Code Execution (RCE) on FortiOS/FortiProxy
by
in SecurityNewsWritten by Eric Dodge and Harish Segar of the Kudelski Security Threat Detection & Research Team Summary Fortinet recently disclosed a critical bu… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/07/13/cve-2023-33308-critical-remote-code-execution-rce-on-fortios-fortiproxy/
-
CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability
by
in SecurityNewsWritten by Yann Lehmann and Harish Segar of the Kudelski Security Threat Detection & Research Team Summary On July 11th, Microsoft disclosed a rem… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
-
Citrix ADC/Gateway Triple Threat
by
in SecurityNewsWritten by Eric Dodge and Harish Segar of the Kudelski Security Threat Detection & Research Team Summary Citrix recently released a handful of vul… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/07/18/citrix-adc-gateway-triple-threat/
-
F5 BIG-IP Unauthenticated RCE via HTTP Request Smuggling
by
in SecurityNewsWritten by Scott Emerson of the Kudelski Security Threat Detection & Research Team Summary Researchers at Praetorian have discovered a request smu… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/10/27/f5-big-ip-unauthenticated-rce-via-http-request-smuggling/
-
VMware vCenter Server OutBounds Write Vulnerability (CVE-2023-34048)
by
in SecurityNewsWritten by Yann Lehmann with the support of Scott Emerson of the Kudelski Security Threat Detection & Research Team Summary VMware has released se… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/10/25/vmware-vcenter-server-out-of-bounds-write-vulnerability-cve-2023-34048/
-
Image I/O WebP/libwebp Zero-Day Vulnerabilities
by
in SecurityNewsGoogle/Heap Buffer Overflow Vulnerability in WebP (CVE-2023-4863) Written by Michal Nowakowski of the Kudelski Security Threat Detection & Researc… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/09/29/image-i-o-webp-libwebp-zero-day-vulnerabilities/
-
CVE-2023-46604 Apache ActiveMQ RCE vulnerability
by
in SecurityNewsWritten by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summary On October 25, 2023, Apache disclosed an ActiveMQ Re… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/
-
Ivanti Connect Secure/Policy Secure CVE-2023-46805, CVE-2024-21887 Combine for Unauthenticated RCE, and following CVEs discovered over time
by
in SecurityNewsWritten by the Kudelski Security Threat Detection & Research Team (updated on 2024.02.12 by Yann Lehmann) Summary Ivanti Connect Secure (ICS) and … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/01/11/ivanti-connect-secure-policy-secure-cve-2023-46805-cve-2024-21887-combine-for-unauthenticated-rce/
-
Hackers abuse popular Godot game engine to infect thousands of PCs
by
in SecurityNewsHackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/
-
Five ways to set up early detection systems
by
in SecurityNews
Tags: detectionFirst seen on scworld.com Jump to article: www.scworld.com/perspective/five-ways-to-set-up-early-detection-systems
-
Lazarus Hackers Exploits macOS Extended Attributes To Evade Detection
by
in SecurityNewsThe xattr command in Unix-like systems allows for the embedding of hidden metadata within files, similar to Windows ADS, known as Rustyattr, which is being exploited by threat actors like Lazarus Group to stealthily conceal malicious payloads within seemingly benign files. The Lazarus Group is covertly embedding malicious data within system files using xattr, a…
-
Latest Multi-Stage Attack Scenarios with Real-World Examples
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let’s examine real-world examples of some of the most common multi-stage attack scenarios that are active…
-
Exabeam partners with Wiz for cloud security, threat detection
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/exabeam-partners-with-wiz-for-cloud-security-threat-detection
-
Phishing attacks via ‘URL rewriting’ to evade detection escalate
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/phishing-attacks-via-url-rewriting-to-evade-detection-escalate