Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

kroll

CVE-2024-0204: Authentication Bypass Vulnerability in Fortra GoAnywhere MFT

Jan 25, 2024 By George Glass In Kroll
An authentication bypass vulnerability, tracked as CVE-2024-0204, was discovered in Fortra's GoAnywhere MFT versions prior to 7.4.1 and allows an unauthorized user to create an admin user via the administration portal. This vulnerability has a CVSS score of 9.8 with a high potential for exploitation, which we expect to see in the short term due to a proof of concept (PoC) being available. Fortra informed customers on December 4, 2023, of the flaw via an internal forum post.
Read Post
kroll

Two Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

Jan 19, 2024 By George Glass In Kroll
Two vulnerabilities have been detected in in Citrix NetScaler ADC and NetScaler Gateway. These vulnerabilities are being tracked as CVE-2023-6549 and CVE-2023-6548 with CVSS scores of 8.2 and 5.5 respectively. They are under active exploitation, affecting the following product versions.
Read Post
kroll

Open the DARKGATE - Brute Forcing DARKGATE Encodings

Jan 18, 2024 By Sean Straw In Kroll

DARKGATE is Windows-based malware that is sold on the dark web. DARKGATE is a fully functional backdoor that can steal browser information, drop additional payloads, and steal keystrokes. Kroll previously noted DARKGATE’s distribution via Teams. When the DARKGATE payload runs on a victim system, it creates a randomly named folder within C:\ProgramData that contains encoded files. Within the randomly named folder is a short configuration file and the output of keystrokes logged on the system.

Read Post

How to Use: MITRE ATT&CK Detection Maturity Assessment Tool

Jan 17, 2024 By Kroll In Kroll
Bharath Kashyap helped create a lightweight, programmatic approach to performing a maturity assessment using free MITRE tools (like ATT&CK framework, D3FEND, and MITRE Centre for Threat Informed Defense (CTID)) to provide a starting point for you to understand your organization’s coverage against the framework, identify areas for improvement and prioritize them for implementation. In this video, Bharath walks through a few ways to make the assessment tool work for your organization.
View Video
kroll

Two Zero-Day Vulnerabilities Impacting Ivanti Connect Secure and Policy Secure Gateways

Jan 15, 2024 By George Glass In Kroll

Note: These vulnerabilities remain under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. Two zero-day vulnerabilities have been discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways.

Read Post
kroll

CVE-2023-39336: Remote Code Execution Vulnerability Found in Ivanti EPM

Jan 9, 2024 By Kroll In Kroll

Ivanti released a patch for a critical vulnerability discovered in Ivanti Endpoint Manager (EPM) that could allow for remote code execution (RCE). This vulnerability is being tracked as CVE-2023-39336 with a CVSS score of 9.6 (Critical), which is not yet actively exploited. All versions of Ivanti EPM prior to Service Update 5 are impacted. Ivanti credits security researcher hir0t for the responsible disclosure.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.