One of my hunting rules hit on potentially malicious PowerShell code. The file was an MSI package (not an MSIX, these are well-known to execute malicious scripts[1]). This file was a good old OLE package: remnux@remnux:/MalwareZoo/20240812$
Continue ReadingMonth: August 2024
ISC Stormcast For Wednesday, August 14th, 2024 https://isc.sans.edu/podcastdetail/9096, (Wed, Aug 14th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingIvanti Releases Security Updates for Avalanche, Neurons for ITSM, and Virtual Traffic Manager
Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager (vTM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Continue ReadingMicrosoft August 2024 Patch Tuesday, (Tue, Aug 13th)
This month we got patches for 92 vulnerabilities. Of these, 9 are critical, and 9 are zero-days (3 previously disclosed, and 6 are already being exploited). The CVEs CVE-2024-38189, CVE-2024-38178, CVE-2024-38193, CVE-2024-38106, CVE-2024-38213, and CVE-2024-38107 are
Continue ReadingIvanti Releases Security Updates for Virtual Traffic Manager, Neurons for ITSM, and Avalanche
Ivanti released security updates to address multiple vulnerabilities in Ivanti Virtual Traffic Manager (vTM), Neurons for ITSM, and Avalanche. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Continue ReadingMicrosoft Releases August 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following
Continue ReadingRockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability
Continue ReadingCISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass
Continue ReadingRockwell Automation FactoryTalk View Site Edition
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Site Edition Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could
Continue ReadingRockwell Automation GuardLogix/ControlLogix 5580 Controller
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580, GuardLogix 5580 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this
Continue Reading