Aggregator

KCI Aviation Has Been Claimed a Victim to BLACK SUIT Ransomware

A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled.

Sealevel Construction Inc Has Been Claimed a Victim to RansomHub Ransomware

Authors/Presenters: Atlas

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Autos, Alcohol, Blood, Sweat, & Creative Reversing Obfuscated Car Modding Tool appeared first on Security Boulevard.

Alixsec Targeted the Website of SiliconValleyTelecom

rufusdomando Has Allegedly Leaked the Data of Government of Entre Ríos

Of the numerous victims, at least three refused to pay the demanded ransom, with the rest seemingly in talks with the cybercriminal group.

Evgenii Ptitsyn, a Russian national and suspected administrator of the Phobos ransomware operation, was extradited from South Korea and is facing cybercrime charges in the United States. [...]

CornDB is Allegedly Selling Server Access and Data of RE/MAX Israel

Palo Alto Networks confirmed two zero-day vulnerabilities were exploited as part of attacks in the wild against PAN-OS devices, with one being attributed to Operation Lunar Peek.

Update November 19: The blog has been updated with a link to new technical analysis that could aid in the creation of a proof-of-concept, as well as guidance for identifying PAN-OS devices using Tenable Attack Surface Management.

View Change Log

Background

On November 18, Palo Alto Networks updated its advisory (PAN-SA-2024-0015) for a critical flaw in its PAN-OS software to include a CVE identifier:

CVEDescriptionCVSSCVE-2024-0012PAN-OS Authentication Bypass Vulnerability9.3

In addition to CVE-2024-0012, Palo Alto Networks assigned a second CVE for a privilege escalation vulnerability (CVE-2024-9474).

CVEDescriptionCVSSCVE-2024-9474PAN-OS Privilege Escalation Vulnerability6.9Analysis

CVE-2024-0012 is an authentication bypass vulnerability in the management web interface of PAN-OS devices. An unauthenticated, remote attacker could exploit this vulnerability to obtain administrator privileges on the vulnerable PAN-OS device, enabling follow-on activity including modifying device configuration, accessing other administrative functions as well as exploiting other vulnerabilities, such as CVE-2024-9474.

CVE-2024-9474 is a privilege escalation vulnerability in the web management interface of PAN-OS devices. An authenticated, remote attacker could exploit this vulnerability to gain root privileges on the firewall.

While not explicitly referenced in its advisory, based on the description, it is believed that CVE-2024-0012 and CVE-2024-9474 may have been used as part of an exploit chain.

Attributed to Operation Lunar Peek

In a threat brief about the vulnerabilities, Palo Alto Networks’ Unit 42 have attributed the exploitation of CVE-2024-0012 to a campaign they call Operation Lunar Peek. As of November 18, no specific details have yet to be shared about Operation Lunar Peek or attribution to a specific threat actor or country of origin.

While Unit 42 did not explicitly connect CVE-2024-9474 to this operation, they reference this flaw as part of follow-on activity and have stated they’ve “observed threat activity that exploits this vulnerability against a limited number of management web interfaces.”

Initial advisory published on November 8

PAN-SA-2024-0015 was first published on November 8, following reports of a zero-day vulnerability affecting the management interfaces of PAN-OS devices. Reports indicate that someone was selling access to a zero-day in PAN-OS. It wasn’t until November 14 that Palo Alto Networks confirmed “threat activity” associated with this zero-day.

Proof of concept

At the time this blog post was published, there was no proof-of-concept (PoC) available for this vulnerability. However, on November 19, researchers at watchTowr published a blog post outlining their research into both CVE-2024-0012 and CVE-2024-9474, including technical details which may aid in the construction of a PoC. The researchers are withholding a public PoC for at least one week.

Solution

The following table contains a list of affected and fixed versions of PAN-OS:

ProductCVE-2024-0012CVE-2024-9474Fixed VersionPAN-OS 10.1Not Affected10.1.14-h4 and below10.1.14-h6 and abovePAN-OS 10.210.2.12-h1 and below10.2.12-h1 and below10.2.12-h2 and abovePAN-OS 11.011.0.5-h2 and below11.0.5-h2 and below11.0.6-h1 and abovePAN-OS 11.111.1.4-h7 and below11.1.4-h7 and below11.1.5-h1 and abovePAN-OS 11.211.2.3-h3 and below11.2.3-h3 and below11.2.4-h1 and aboveCloud NGFWNot AffectedNot Affected-Prsima AccessNot AffectedNot Affected-

Equally as important as applying patches, organizations that utilize PAN-OS devices should secure the management web interface to prevent external access, opting instead to limit access to trusted internal IP addresses. For more information, please refer to Palo Alto’s guide, Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device.

Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2024-0012 and CVE-2024-9474 as they’re released. These links will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify PAN-OS devices.

 

Get more information

• Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
• PAN-SA-2024-0015: CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface
• CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

Change Log

Update November 19: The blog has been updated with a link to new technical analysis that could aid in the creation of a proof-of-concept, as well as guidance for identifying PAN-OS devices using Tenable Attack Surface Management.

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

AnyDesk IP Leak Vulnerability CVE-2024-52940

​Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. [...]

Простая идея может повлиять на ключевые технологии.

A Threat Actor Has Allegedly Leaked the Data of Stauber GmbH Metalltechnologie