Network Security


NEWS 
  • CVE-2024-24919: Check Point Security Gateway Information Disclosure

    May 30, 2024

    On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a blog reporting that they have observed in-the-wild exploitation of CVE-2024-24919 since April 30, 2024, ...

  • Guidance on the 911 S5 Residential Proxy Service

    May 29, 2024

    The Federal Bureau of Investigation (FBI), Defense Criminal Investigative Services (DCIS), and Department of Commerce (DOC) are publishing this announcement to notify the public of the dismantlement of the 911 S5 residential proxy service and to help individuals and businesses better understand and guard against 911 S5 proxy service and botnet. 911 S5 began operating in ...

  • Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

    May 27, 2024

    Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. A prominent example of this includes a cybercriminal ...

  • New “Goldoon” Botnet Targeting D-Link Devices

    May 1, 2024

    In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header. Fortinet IPS ...

  • Why tourists are particularly vulnerable to cyber attacks

    April 25, 2024

    Travelling abroad always comes with the potential risk of cybercrime threats including spoofing, phishing attacks, catfishing, fraudulent links and calls, spamming, etc. These travel risks are more for tourists who are generally travelling to a new country for the first time or are alone. They don’t know much about the native language of the new place ...

  • Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

    April 22, 2024

    This threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made. Updated April 19 to include information on observed levels of attempted exploitation and relative prevalence of those levels, with unsuccessful ...

  • CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls

    April 17, 2024

    On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges ...

  • Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread

    April 16, 2024

    Last year, a command injection vulnerability, CVE-2023-1389, was disclosed and a fix developed for the web management interface of the TP-Link Archer AX21 (AX1800). FortiGuard Labs has developed an IPS signature to tackle this issue. Recently, their researchers observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and ...

  • Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

    April 8, 2024

    Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light two weeks ago. The researcher said ...

  • CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)

    April 3, 2024

    Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. Minerva uses the open-source OpenSSL library for cryptographic functions and to support secure communications. The root cause of this vulnerability is Minerva’s implementation of OpenSSL’s OPENSSLDIR parameter, which was set to a path accessible to low-privileged users (such as C:\git\vcpkg\packages\openssl_x86-windows-static-vs2019-static\openssl.cnf). Rapid7 has ...