Geek-Guy.com

Category: Exploits

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in

Biden’s final push: Using AI to bolster cybersecurity standards

In a decisive move to strengthen national cybersecurity, President Joe Biden is poised to sign an executive order imposing stringent security standards for federal agencies and contractors. Scheduled for publication in the coming days, the directive will emphasize integrating artificial intelligence (AI) into cyber defense strategies while addressing systemic vulnerabilities in software security, reported Reuters.…

CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs

The Cybersecurity and Infrastructure Security Agency has seen a surge in its Cyber Hygiene (CyHy) service enrollment from critical infrastructure organizations over a two-year period, with the communications sector representing the biggest jump. In a report released Friday, CISA said an analysis of the 7,791 critical infrastructure organizations enrolled in the agency’s vulnerability scanning service…

What is ‘security theater’ and how can we move beyond it?

Conventional wisdom assumes that the more vulnerabilities a security tool flags, the easier it will be for a company to secure its infrastructure. In theory, layering more tools into a tech stack should equal more effective attack surface monitoring, right? Well, reality isn’t quite panning out like that.  If anything, tool sprawl has created an…

Malware targets Mac users by using Apple’s security tool

A variant of the Banshee macOS infostealer was seen duping detection systems with new string encryption copied from Apple’s in-house algorithm. A Check Point research, which caught the variant after two months of successful evasion, said threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Google Chrome, Telegram,…

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that’s disguised as an employee CRM application as part of a supposed recruitment process. “The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website,” the company said. “Victims are prompted…

Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances

Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year. The latest attacks,…

New Mirai botnet targets industrial routers

According to security analysis, the Gayfemboy botnet, based on the notorious Mirai malware, is currently spreading around the world. Researchers from Chainxin X Lab found that cybercriminals have been using the botnet since November 2024 to attack previously unknown vulnerabilities. The botnet’s preferred targets include Four-Faith and Neterbit routers or smart home devices. Experts from VulnCheck reported at the end…

SonicWall firewall hit with critical authentication bypass vulnerability

SonicWall is warning customers of a severe vulnerability in its SonicOS SSLVPN with high exploitability that remote attackers could use to bypass authentication. The bug is an improper authentication vulnerability in the SSL VPN authentication mechanism, according to emails sent to customers and published on SonicWall’s official subreddit. “We have identified a high (severity) firewall…

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as…

New zero-day exploit targets Ivanti VPN product

A year after a series of vulnerabilities impacting a pair of Ivanti VPN products prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency to federal agencies, the Utah-based software firm is again experiencing issues with one of its signature systems. The company on Wednesday disclosed two vulnerabilities — CVE-2025-0282 and CVE-2025-0283 — that…

China-linked hackers target Japan’s national security and high-tech industries

Japan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have exposed a long-running cyber espionage campaign, “MirrorFace” (also known as Earth Kasha), allegedly linked to China. The campaign, operational since 2019, has targeted Japanese organizations, businesses, and individuals, primarily to exfiltrate sensitive data related to national security…

Neues Mirai-Botnet zielt auf Industrierouter

Das Botnet Gayfemboy basiert auf der Malware Mirai und zielt auf Industrierouter auf der ganzen Welt. Jaiz Anuar – Shutterstock.com Security-Analysen zufolge verbreitet sich das auf der berüchtigten Mirai-Malware basierende Botnet Gayfemboy derzeit auf der ganzen Welt. Forscher von Chainxin X Lab stellten fest, dass Cyberkriminelle das Botnet seit November 2024 nutzen, um bislang unbekannte…

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could…

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version…

Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day

IT software provider Ivanti released patches Wednesday for its Connect Secure SSL VPN appliances to address two memory corruption vulnerabilities, one of which has already been exploited in the wild as a zero-day to compromise devices. The exploited vulnerability, tracked as CVE-2025-0282, is a stack-based buffer overflow rated as critical with a CVSS score of…

DNA sequencer vulnerabilities signal firmware issues across medical device industry

In highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts. The device, Illumina’s iSeq 100 compact DNA sequencer, is used…

Critical Mitel, Oracle flaws find active exploitation, CISA urges patching

Attackers are actively expoiting flaws in Mitel MiCollab flaws to gain unauthorized access to sensitive system files, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned. On Tuesday the agency added two path traversal vulnerabilities in the widely used communication platform to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of exploitation. “These type…

CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild

On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is a stack-based buffer overflow that allows local authenticated attackers to escalate privileges on the device.

CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-41713 (CVSS score: 9.1) – A path traversal vulnerability in Mitel MiCollab that could allow…

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. “The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard

Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting

Generative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise. Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and…

Two Clicks to Chaos: How Double-clickjacking Hands Over Control of Apps without Users Knowing

In our last blog, we discussed how OAuth-based consent phishing attacks have been used to trick users into giving malicious apps the permission to conduct malicious activities via an employee’s account. This attack has been extremely effective due to the lack of awareness of how attackers can misuse OAuth permissions. Now, let’s say we are…

Industrial networking manufacturer Moxa reports ‘critical’ router bugs

Firmware in cellular routers, secure routers and network security appliances made by Moxa are vulnerable to a pair of high severity bugs that can escalate privileges for an attacker, give root-level access or allow for unauthorized execution of commands. In a pair of CVEs published Jan. 3, Moxa called the flaws “critical” and warned they…

Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation’s Hardhat tool in order to steal sensitive data from developer systems. “By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than…

Critical Windows LDAP flaw could lead to crashed servers, RCE attacks

Researchers have published a proof-of-concept exploit for a pair of Windows Lightweight Directory Access Protocol (LDAP) flaws that could lead to server crashes or remote code execution (RCE) on Windows servers. “Active Directory Domain Controllers (DCs) are considered to be one of the crown jewels in organizational computer networks,” noted researchers at security firm SafeBreach,…

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (

Secure by design vs by default – which software development concept is better?

As cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions. With attacks perennially on the rise and the software supply chain remaining as vulnerable as ever, there is…

Best of 2024: Cisco Vulnerability: CISA Alerts Of Smart Install Exploits

In light of recent cybercrime incidents, the United States (US) Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert pertaining to a Cisco vulnerability. As per recent reports, the Cisco vulnerability prevails within the Smart Install (SMI) feature and can be exploited for access to sensitive data. In this article, we’ll explore the vulnerability…

CISO – Traumjob oder eher Albtraum

loading=”lazy” width=”400px”>Der CISO-Job kann auch zu einem Albtraum werden – gerade wenn die Unterstützung und das Budget fehlt. Toma Stepunina – shutterstock.com „Die Rolle des CISO (Chief Information Security Office) ist nicht erstrebenswert“ – so lautet eine der zentralen Thesen der IT-Security-Spezialisten von WatchGuard Technologies für das Jahr 2025. Dabei seien die typische Probleme, die…

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

SafeBreach researchers developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows Lightweight Directory Access Protocol (LDAP) remote code execution vulnerability (CVE-2024-49112). The post LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112 appeared first on SafeBreach. The post LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112 appeared first on Security…

CRITICAL ALERT: Sophisticated Google Domain Exploitation Chain Unleashed

by Source Defense A sophisticated attack chain targeting e-commerce payment flows has been prematurely exposed in a concerning development, highlighting the delicate balance between responsible disclosure and public safety. Discovered initially by Source Defense’s research team and responsibly disclosed to Google on November 19, 2024 (Issue ID: 379818473), this critical vulnerability has now been publicly…

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. “Exploiting these flaws could allow attackers to gain persistent access as shadow administrators

Thousands of industrial routers vulnerable to command injection flaw 

Thousands of industrial routers from a Chinese telecommunications equipment manufacturer are vulnerable to a post-authentication vulnerability, with indications it is already being exploited in the wild to infect devices with Mirai malware. On Dec. 27, VulnCheck detailed the vulnerability, tracked as CVE-2024-12856, wherein an attacker can leverage default credentials in Four-Faith F3x24 and F3x36 routers…

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to…

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting “several dozen users” in 2024. “Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code,”…

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system.…

The 2024 cyberwar playbook: Tricks used by nation-state actors

In 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and Iranian actors leading the charge. Their campaigns weren’t just relentless — they were innovative, using a crafty mix of Tactics, Techniques, and Procedures (TTPs) to gain footholds, stay hidden, and spy-like pros. “There was definitely a continued and noted uptick in nation-state…

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that

Top 7 zero-day exploitation trends of 2024

Zero-day vulnerabilities saw big growth once again in 2024. With no patch available, zero-day flaws give attackers a significant jump on cybersecurity defense teams, making them a critical weapon for attacking enterprise systems. But while all zero-days are essential for CISOs and their team to be aware of, and for vendors to remedy in a…

Understanding Cyber Threats During the Holiday Season

Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period. Understanding these threats is crucial for effective defense. The holiday season, while festive, presents heightened cybersecurity risks for businesses.…

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list…

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending…

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that

DEF CON 32 – Exploiting Cloud Provider Vulnerabilities for Initial Access

Author/Presenter: Nick Frichette Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Exploiting Cloud Provider Vulnerabilities for Initial Access appeared first on…

From reactive to proactive: Redefining incident response with unified, cloud-native XDR

In today’s rapidly evolving threat landscape, cybersecurity is a constant game of cat and mouse. The average security operations center (SOC) team receives 4,484 alerts every day and can spend up to 3 hours manually triaging to understand which signals represent a genuine threat and which are just noise. However, this model traps SOCs in…

A new ransomware regime is now targeting critical systems with weaker networks

The year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL, and Arkansas water plant. A Dragos study for the third quarter of 2024 highlighted a surge in activity from new groups like RansomHub, Play, and…

Meta hit with $263 million fine in Europe over 2018 data breach

Meta has been fined $263.5 million (€251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally. The breach exploited a vulnerability in Facebook’s “view as” feature, which allows users to view their profiles as others would see them. The exploit enabled…

CISOs should stop freaking out about attackers getting a boost from LLMs

A common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of generative AI. Large language models (LLMs) have added a new dimension…

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023…

Clop is back to wreak havoc via vulnerable file-transfer software

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.  Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT…

Top 10 cybersecurity misconfigurations: Nail the setup to avoid attacks

While cybersecurity headlines are often dominated by the latest zero-day or notable vulnerability in a vendor’s software/product or open-source software library, the reality is that many significant data breaches have been and will continue to be due to misconfigurations. To underscore the serious of this issue, the US National Security Agency (NSA) and the Cybersecurity…

CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below – CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to…

DEF CON 32 – Iconv, Set The Charset To RCE Exploiting glibc To Hack The PHP Engine

Author/Presenter: Charles Fox Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Iconv, Set The Charset To RCE Exploiting glibc To Hack…

Catching the ghost in the machine: Adapting threat detection to cloud speed

The rapid adoption of cloud technology has transformed how businesses operate, offering scalability, agility, and opportunities for innovation. However, this transformation has also introduced a profound challenge: the “ghost in the machine”—elusive and dynamic threats that exploit the complexity and scale of cloud environments to remain hidden, evading traditional detection methods and posing significant risks…

SAP-Systeme geraten zunehmend ins Visier von Cyber-Angreifern

width=”5000″ height=”2813″ sizes=”(max-width: 5000px) 100vw, 5000px”>Angriffe auf SAP-Systeme versprechen Hackern fette Beute. Shutterstock Ein Rückblick auf Bedrohungsdaten aus den zurückliegenden vier Jahren macht deutlich, dass immer mehr Cyberkriminelle SAP-Systeme ins Visier nehmen. Das berichtete Yvan Genuer, leitender Sicherheitsforscher bei Onapsis auf der Black Hat Europe, die vom 9. bis 12. Dezember 2024 in London stattfand.…

Cloud Access Security Broker – ein Kaufratgeber

Lesen Sie, worauf es bei der Wahl eines Cloud Access Security Broker ankommt – und welche Anbieter was genau zu bieten haben. Jack the sparow | shutterstock.com Ein Cloud Access Security Broker (CASB) sitzt zwischen Enterprise-Endpunkten und Cloud-Ressourcen und fungiert dabei als eine Art Monitoring-Gateway. Eine CASB-Lösung: gewährt Einblicke in Benutzeraktivitäten in der Cloud, setzt…

WordPress Appliance - Powered by TurnKey Linux