Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Addressing the active exploitation of Ivanti VPN vulnerabilities (urgent advisory)

A recent advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on vulnerabilities in Ivanti VPNs that are currently being actively exploited by malicious actors. Ivanti VPN solutions, widely utilized for their robust security features and efficient network management capabilities, have recently been identified as containing critical vulnerabilities.

CVE-2024-1071 - Critical Vulnerability in Ultimate Member WordPress Plugin

A critical security flaw, known as CVE-2024-1071, has been found in the Ultimate Member plugin for WordPress. This vulnerability, with a CVSS score of 9.8, poses a significant risk to over 200,000 active installations. It potentially enables attackers to extract sensitive data from compromised databases, presenting a severe threat to website security.

When Patch Tuesday becomes Patch Monday - Friday

If you’re an administrator running Ivanti VPN (Connect Secure and Policy Secure) appliances in your network, then the past two months have likely made you wish you weren’t. In a relatively short timeframe bad news kept piling up for Ivanti Connect Secure VPN customers, starting on Jan. 10th, 2024, when critical and high severity vulnerabilities, CVE-2024-21887 and CVE-2023-46805 respectively, were disclosed by Ivanti impacting all supported versions of the product.

SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure)

On February 29th, the Cybersecurity and Infrastructure Security Agency (CISA) issued two separate advisories related to malicious behavior exhibited by threat actors. The first advisory AA24-060A pertains to Phobos Ransomware and the second advisory AA24-060B pertains to the exploitation of vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.

Remediating new DNSSEC resource exhaustion vulnerabilities

Cloudflare has been part of a multivendor, industry-wide effort to mitigate two critical DNSSEC vulnerabilities. These vulnerabilities exposed significant risks to critical infrastructures that provide DNS resolution services. Cloudflare provides DNS resolution for anyone to use for free with our public resolver 1.1.1.1 service. Mitigations for Cloudflare’s public resolver 1.1.1.1 service were applied before these vulnerabilities were disclosed publicly.

ALPHV Blackcat, GCP-Native Attacks, Bandook RAT, NoaBot Miner, Ivanti Secure Vulnerabilities, and More: Hacker's Playbook Threat Coverage Round-up: February 2024

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

5 Node.js security code snippets every backend developer should know

As backend developers, we are tasked with the crucial role of ensuring the security of our applications. Node.js is not exempt from this responsibility and its growing popularity makes it a lucrative target for hackers, making it imperative to follow best security practices when working with Node.js. In this blog post, we will be exploring some essential Node.js security code snippets every backend developer should know in 2024.

Microsoft Azure CLI affected by CVE-2022-39327

CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.

Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform’s security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still not widespread enough, and this blog post aims to broaden the conversation around the topic.