Vulnerabilities - Cybersec Sentinel

Vulnerabilities

A collection of 8 posts

GNU Wget Exposed by Malicious URI Handling in CVE-2024-38428

GNU Wget Exposed by Malicious URI Handling in CVE-2024-38428

Threat Group: N/A Threat Type: Software Vulnerability Exploited Vulnerabilities: CVE-2024-38428 Malware Used: N/A Threat Score: High (9.1/10) — Critical vulnerability due to potential for sensitive data exposure, phishing, and man-in-the-middle (MiTM) attacks. Last Threat Observation: June 2, 2024, fix commit pushed; vulnerability classified in August 2024. Overview

Palo Alto Confirms Ongoing Exploits Against PAN OS Management Interfaces

Palo Alto Confirms Ongoing Exploits Against PAN OS Management Interfaces

Threat Group: Unknown Threat Type: Remote Code Execution (RCE) Vulnerability Exploited Vulnerabilities: PAN-OS Firewall Management Interface Malware Used: Web Shells Threat Score: High (9.3/10) — Due to the critical nature of the vulnerability allowing unauthenticated remote command execution. Last Threat Observation: November 16, 2024. Overview Palo Alto Networks has

Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024

Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024

Threat Group: Akira Ransomware Threat Type: Ransomware Exploited Vulnerabilities: , CVE-2024-40766 (SonicWall), CVE-2020-3259 (Cisco), CVE-2023-20263 (Cisco), CVE-2023-20269 (Cisco), CVE-2023-27532 (Veeam), CVE-2023-48788 (Ubuntu), CVE-2024-37085 (SAP), CVE-2024-40711 (Microsoft) Malware Used: Akira, Megazord Threat Score: 8.5/10 Last Threat Observation: October 22, 2024 (Resurfaced) Overview Akira ransomware has resurfaced with advanced capabilities, exploiting

Intel and AMD Face Renewed Threat From Spectre Exploits

Vulnerabilities

Intel and AMD Face Renewed Threat From Spectre Exploits

Threat Group: N/A (Multiple Research Teams) Threat Type: Speculative Execution Vulnerability Bypass Exploited Vulnerabilities: CVE-2023-38575 (Intel), CVE-2022-23824 (AMD) Malware Used: N/A (Exploit technique) Threat Score: High (8.5/10) — Due to its ability to bypass significant speculative execution mitigations in widely used CPUs. Last Threat Observation: October 18,

Fortinet Users Warned of Ongoing RCE Vulnerability

Vulnerabilities

Fortinet Users Warned of Ongoing RCE Vulnerability

The recently exploited vulnerability in Fortinet's FortiOS, identified as CVE-2024-23113, is a critical remote code execution (RCE) flaw. This vulnerability is caused by an issue in the fgfmd daemon, which manages authentication requests and keep-alive messages between FortiGate and FortiManager. Specifically, it involves the daemon accepting an externally

CVE-2024-43572 Uncovers Critical Windows Management Console Flaw

Vulnerabilities

CVE-2024-43572 Uncovers Critical Windows Management Console Flaw

Advisory ID: CVE-2024-43572 Release Date: October 2024 Severity: Critical Affected Software: Windows Management Console Description The vulnerability in the Windows Management Console (WMC) could allow an attacker to execute arbitrary code by exploiting improper input validation. Successful exploitation may enable an attacker to run commands with elevated privileges or install

Microsoft Reveals Critical IPv6 Flaw Impacting Every Windows System

Vulnerabilities

Microsoft Reveals Critical IPv6 Flaw Impacting Every Windows System

Overview A critical security vulnerability, identified as CVE-2024-38063, has been discovered in the Windows TCP/IP stack, specifically affecting systems using the IPv6 protocol. This vulnerability is classified as a Remote Code Execution (RCE) flaw, meaning that an attacker can gain control over a system without any user interaction. Given

Entra ID Cybersecurity Threat: UnOAuthorized Admin Privilege Escalation

Vulnerabilities

Entra ID Cybersecurity Threat: UnOAuthorized Admin Privilege Escalation

Summary A critical vulnerability known as "UnOAuthorized" has been discovered in Microsoft Entra ID (formerly Azure Active Directory). This vulnerability allows attackers with specific administrative roles, such as Application Administrator or Cloud Application Administrator, to escalate their privileges to Global Administrator. This escalation is made possible due to