Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400


This threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made.

Updated April 19 to include information on observed levels of attempted exploitation and relative prevalence of those levels, with unsuccessful attempts and attempts to confirm the device is exploitable forming the majority of the activity observed. Palo Alto Networks and Unit 42 are engaged in tracking activity related to CVE-2024-3400 and are working with external researchers, partners and customers to share information transparently and rapidly.

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter


Related:

  • Tor anonymity compromised by law enforcement. Is it still safe to use?

    September 19, 2024

    Despite people generally considering the Tor network as an essential tool for anonymous browsing, german law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months. German news outlet NDR reports that law enforcement agencies got hold of data while performing server surveillance which was processed in such a way ...

  • Progress Software Releases Security Advisory for LoadMaster

    September 9, 2024

    Progress has released a security advisory addressing one critical vulnerability affecting all LoadMaster products. CVE-2024-7591 has a CVSSv3 score of 10.0 and could allow an unauthenticated, remote attacker with access to the management interface to issue a carefully crafted HTTP request that will allow execution of arbitrary system commands. Progress LoadMaster is an application delivery controller ...

  • CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon

    September 6, 2024

    The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon Web versions prior to 22.10.17, 23.04.13, and 23.10.5. Centreon is a widely used network, system and application monitoring tool. This issue resides ...

  • Zyxel Releases Multiple Security Advisories

    September 4, 2024

    Zyxel has released 3 security advisories to address vulnerabilities in Zyxel firewalls, Access Points (APs), extenders, and security router devices. In the first security advisory, Zyxel describes seven vulnerabilities found in their ATP and USG FLEX firewall product lines. Two vulnerabilities could allow an attacker to create a denial-of-service (DoS) condition, four vulnerabilities could allow an ...

  • Heriot-Watt University begins work on new £2.5m cyber attack station

    August 29, 2024

    Work has begun on the development of a new optical ground station at Heriot-Watt University in Edinburgh. The £2.5m facility will demonstrate and test satellite quantum secure communications and is scheduled to be fully operational by late autumn this year. The Quantum Communications Hub Optical Ground Station (HOGS) will help to tackle future cyberattacks by researching ...

  • Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold

    August 6, 2024

    The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues ...