Enhanced CleanINTERNET® Protections to Combat Subsequent Threats from the CrowdStrike Outage
Sean Moore – Ph.D. CTO and VP Research Last week (19-July-2024), a significant IT outage occurred because CrowdStrike distributed a faulty update to its Falcon security software running on millions of computers using the Microsoft Windows operating system. This faulty update caused many of these computers to crash, which interrupted the operations of businesses across […]
Risks for Polyfill.io Users
Earlier this year, a Chinese company named Funnull acquired the polyfill[.]io domain. Subsequently, the polyfill CDN started delivering malicious JavaScript code which was automatically deployed on websites embedding scripts from cdn.polyfill[.]io. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS […]
MOVEit Gateway and MOVEit Transfer Vulnerabilities
On June 25, 2024, Progress Software, the parent company of the MOVEit software suite, officially released details for two critical vulnerabilities identified in MOVEit Gateway and MOVEit Transfer, CVE-2024-5805 and CVE-2024-5806 respectively. MOVEit Transfer is a managed file transfer solution that supports the exchange of files and data between servers, systems and applications within and […]
Check Point Vulnerability: CVE-2024-24919
On May 28, 2024, Check Point released an advisory for CVE-2024-24919, a high priority bug which according to NIST NVD is categorized as “Exposure of Sensitive Information to an Unauthorized Actor”. The NVD has yet to assess a CVSS score for CVE-2024-24919 as of this writing. This vulnerability affects Check Point Security Gateway devices connected […]
PuTTY Vulnerability: CVE-2024-31497
On April 15th, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum disclosed that PuTTY had a vulnerability that can allow an attacker to compromise private keys, then forge signatures, and log into any remote servers on which those keys are used. PuTTY is a free and open-source terminal emulator, serial console and network file transfer […]
Palo Alto Networks Vulnerability: CVE-2024-3400
On April 12th, Palo Alto Networks released a CVE advisory for CVE-2024-3400, a critical vulnerability identified in the GlobalProtect Gateway feature of PAN-OS, the operating system for Palo Alto Networks firewalls. This command injection vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges on the affected devices. Due to the low attack complexity […]
XZ Utils Vulnerability: CVE-2024-3094
On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 […]
ConnectWise Vulnerability: Authentication Bypass in ScreenConnect
UPDATE: February 23rd, 2024 The following CVEs have been assigned to the ConnectWise Vulnerability: CVE-2024-1709 (CVSS: 10): Authentication Bypass POC by Horizion3ai on GitHub CVE-2024-1708 (CVSS: 8.4): Path Traversal Widespread exploitation of these vulnerabilities in the wild has been confirmed including comprise of UnitedHealth’s Change Healthcare on February 22nd, by Lockbit. Sophos has confirmed various strains […]
Fortinet Vulnerability: CVE-2024-21762
On Thursday, February 8th, the Fortinet Product Security Incident Response Team released an advisory (FG-IR-24-015) notifying of an out-of-bound write vulnerability in their SSL VPN tracked as CVE-2024-21762. The vulnerability “may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests”. This is concerning as there are estimates of […]
Security Bulletin: AnyDesk Production Systems Breach
On February 2nd, 2024, AnyDesk disclosed that their production systems had been compromised and that private code signing keys and source code were stolen, while an unknown number of user accounts had their passwords reset. This is a significant concern, as it would allow a malicious attacker to generate malicious versions of AnyDesk software with […]