many parts make the whole
There has been a surge in brute-force attacks targeting Citrix NetScaler. The attacks are mainly originating from a cloud provider based in Hong-Kong, their IP ranges are available in the article linked below and should be blocked to help mitigate the attack on vulnerable systems. The attacks are leveraging zero-day exploits that were recently addressed … Read More “BRUTE-FORCE ATTACKS TARGETING Citrix NetScaler UNDERWAY” »
A new proof-of-concept attack has been disclosed by a team of researchers that effects AMD’s trusted execution environment. The attack does require physical access to the system however as the article below notes, in the age of cloud computing organizations may not have complete control over who has access to the physical hardware running their … Read More “AMD TRUSTED COMPUTING VULNERABLE TO NEW BadRAM ATTACK” »
Apple has confirmed a zero-day attack is currently underway targeting macOS devices running Intel CPUs. Apple’s security response team has declined to provide any Indications of Compromise (IOCs) to help identify effected systems. There is confirmation the vulnerabilities are already being exploited in the wild. Updates to macOS are available and should be applied immediately … Read More “ZERO-DAY ATTACK EFFECTING macOS SYSTEMS” »
Vulnerabilities have been discovered/disclosed in ALL Nvidia GeForce GPUs requiring a driver update that is currently available. The vulnerabilities potentially allow a threat actor to gain full control of a compromised system so be sure to update ASAP if you have an Nvidia GPU! Updated drivers can be found here More reading here and here! … Read More “VULNERABILITIES FOUND IN ALL Nvidia GeForce GPUS” »
A novel VPN attack being called TunnelVision is able to force encrypted VPN traffic to route outside of the secure tunnel, potentially allowing a bad actor to intercept communication thought to be encrypted and secure. According to researchers the vulnerability may have existed since as early as 2002. The attack does not appear to effect … Read More “NOVEL VPN ATTACK FORCES TRAFFIC OUTSIDE OF ENCRYPTED TUNNEL” »
A state-sponsored threat actor group has apparently leveraged two zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) to gain access to government systems and conduct espionage. Cisco is calling the campaign ArcaneDoor and based on the sophistication of the attacks their security division, Talos, believes it to be a state-sponsored group they are calling UAT4356. … Read More “ZERO-DAY VULNERABILITY IN Cisco Adaptive Security Appliances ALLOWS ACCESS TO GOVERNMENT NETWORKS – ArcaneDoor” »
A vulnerability exists that could allow a bad actor to bypass authentication and gain admin access to Delinea Secret Server which is a Privileged Access Management solution. Attackers could potentially extract secrets. The vulnerability exists in the Secret Server SOAP API. Information on the vulnerability and a PoC are already available from a blog post … Read More “CRITICAL VULNERABILITY IN Delinea Secret Server ALLOWS AUTH BYPASS” »
Evan Boehs has provided a detailed analysis and timeline of the xz Utils backdoor. Evan has gone in detail into the why of the compromise, how the threat actor leveraged the culture of the open source software community to gain the trust and experience needed to attempt rolling a malicious backdoor out to a very … Read More “ADDITIONAL ANALYSIS ON THE xz Utils BACKDOOR” »
Malicious code has been detected in xz Utils that appears to be intended to create a backdoor in sshd. xz Utils is a common compression utility used in many Linux distros including Debian and Red Hat. according to a researcher from Analygence the malicious versions of xz Utils were not added to production versions of … Read More “BACKDOOR IN WIDELY USED Linux UTILITY TARGETS SSH CONNECTIONS” »
In it’s too good to be true news, what if you could just ask your target system to execute code? Lucas Luitjes has an interesting article about simply asking AI chatbots to execute code and it turns out they will! Sanitizing user input has been a known issue for quite some time. Without sanitized input … Read More “REMOTE CODE EXECUTION BY ASKING NICELY – InjectGPT” »