🤔

#UPSTYLE backdoor targeting GlobalProtect VPN devices via CVE-2024-3400 in 3 images/stages 🔥 #0day
[+] bazaar.abuse.ch/sample/3de2a43…

All technical details in the blogs of:
+ Volexity ( #UTA0218 ): volexity.com/blog/2024/04/1…
+ Unit 42 (Operation #MidnightEclipse ):…

OK maybe just one more shitpost

If you've never seen 'The Net' starring Sandra Bullock, you're over due. Starting to wonder if these security product companies watched it and got crazy ideas.

This oddly doesn’t bother me. It just reinforces marketing teams need to be connected with technical people.

testing in prod. 👩‍🔬

Decided to create a repo on tracking the default driver block list based on OS build.

github.com/jsecurity101/M…

Unauth RCE as NT AUTHORITY\SYSTEM in FortiClient EMS (CVE-2023-48788). Metasploit module & AKB article are up. Shout out to James Horseman Zach Hanley for the great research. github.com/rapid7/metaspl… attackerkb.com/topics/Qqg45PU…

Our latest blog post details Volexity's identification & incident response associated with the Palo Alto Networks GlobalProtect #0day vuln, assigned CVE-2024-3400, that the team found being exploited in the wild.

Read more here: volexity.com/blog/2024/04/1…

#DFIR #ThreatIntel

It's nice to have a positive Outlook.

Akamai researchers have discovered another critical vulnerability that bypasses the patch for the custom sound vuln from March 2023.

Psst: this one can also be triggered in Explorer 👀

Full write-up:
akamai.com/blog/security-…

posting this for no reason whatsoever

All three conditions that must exist for this CVE:

1. Running PanOS 10.2 or greater
2. Have GlobalProtect gateway enabled
3. Have device telemetry enabled

Places to check for these:
1. Device > Software
2. Network > GlobalProtect > Gateways
3. Device > Setup > Telemetry

Happy Friday security.paloaltonetworks.com/CVE-2024-3400

Our team at Volexity has identified a new 0day exploited in the wild. This time we caught a threat actor using an unauthenticated RCE in Palo Alto Networks GlobalProtect. It has been assigned CVE-2024-3400 and is covered in this Palo Alto Networks advisory security.paloaltonetworks.com/CVE-2024-3400

Sisense has released specific instructions to its customers.

On the one hand it’s easy to be mad at this situation, the plaintext storage of credentials and the insecure storage of data at rest.

On the other had I want to give them props for reaching this point in under 24…

The nature of sisense is they require access to their customers confidential data sources. They have direct access to JDBC connections, to SSH, and to SaaS platforms like Salesforce and many more. It also means they have tokens, credentials, certificates often upscoped. 1/2

Because we only text other blue bubble people?

Ever wondered what hacking was like in the wild days of the 80s/90s/00s? Come take a journey back in time into the underground world of hackers/crackers. I'll unravel the stories/techniques/culture that defined this crazy era at HackSpaceCon tomorrow 4pm in End0r (9030)

Learn networking

#Nim continues to be full of mysteries!
I found function names that don't use the _u suffix so I updated #Nim filt name parsing to support those. + I added some unit tests because I kept causing regressions while trying to do it😅
Also fixed some issues with strings handling