From watchtowr.com
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
8 8
It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate appliances. As always,...
#cti #cve #eitw #fortijump #threatintel #vulnerability #cve_2024_47575 #cyberthreatintelligence #infosec #Fortinet
19h ago
From watchtowr.com
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)
0 8
Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it’s in Citrix’s “Virtual Apps and Desktops” offering. This is a tech stack that enables end-users (and likely, your friendly neighbourhood ransomware gang) to...
on Tue, 3PM
From watchtowr.com
watchTowr | Your Persistent Adversary
0 0
The watchTowr Platform integrates Continuous Automated Red Teaming and Attack Surface Management to continuously discover high-impact weaknesses.
on Oct 31
From watchtowr.com
0 0
Today we'd like to share a recent journey into (yet another) SSLVPN appliance vulnerability - a Format String vulnerability, unusually, in Fortinet's FortiGate devices. It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being...
on Oct 17
From watchtowr.com
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
0 0
Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries. Summary What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms - has now seemingly become a
on Sep 13
From watchtowr.com
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
0 1
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's no point deploying cryptolocker malware...
on Sep 9
From watchtowr.com
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
0 0
In the early hours of a day in a month in 2024, watchTowr Labs was sent a chat log: 13:37 -!- dav1d_bl41ne [def_not_phalanx@kernel.org] has joined #!hack (irc.efnet.nl) 13:37 -!- dav1d_bl41ne changed the topic of #!hack to: mag1c sh0w
on Jun 25
From watchtowr.com
No Way, PHP Strikes Again! (CVE-2024-4577)
0 0
Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug
on Jun 12
From watchtowr.com
Check Point - Wrong Check Point (CVE-2024-24919)
0 1
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze. Check Point, for those unaware, is the vendor responsible for the 'CloudGuard
on May 30
From watchtowr.com
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
0 0
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to
on May 20
From watchtowr.com
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
0 0
Welcome to April 2024, again. We’re back, again. Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device. We’ve seen all the commentary around the certification...
on Apr 16
From watchtowr.com
IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377)
0 0
Welcome to April 2024. A depressing year so far - we've seen critical vulnerabilities across a wide range of enterprise software stacks. In addition, we've seen surreptitious and patient threat actors light our industry on fire with slowly introduced backdoors in the XZ library. Today, in...
on Apr 12
From watchtowr.com
“To live is to fight, to fight is to live! - IBM ODM Remote Code Execution
0 0
In previous blogs, we’ve discussed some of the big players in the enterprise software space, but there is one that we have not mentioned before, that is - quite frankly - the heavy-weight champion of the world in terms of applications for large enterprises. With over a hundred years
on Mar 1
From watchtowr.com
Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
0 0
As astute readers of our Twitter account (https://twitter.com/watchtowrcyber) and blog will know, we’ve recently been heavily involved in understanding the recent spatter of vulnerabilities in Ivanti products - most recently, their Connect Secure product which portrays itself as an SSLVPN...
on Feb 9
From watchtowr.com
Form Tools Remote Code Execution: We Need To Talk About PHP
0 0
When looking across the attack surface of large enterprises, the expectation is the utilisation of well-known heavy-hitting software and appliances. Think your Citrix's, Cisco's, MOVEit's, and other such excitement. These products are enterprise-grade, in the sense that they typically go...
on Feb 8
From watchtowr.com
The Second Wednesday Of The First Month Of Every Quarter: Juniper 0day Revisited
0 0
Who likes vulnerabilities in appliances from security vendors? Everyone loves appliance vulnerabilities! If, by 'everyone', you mean various ransomware and APT groups of course (and us). Regular watchTowr-watchers (meta-towr-watchers?) will remember our previous blog post on Juniper's...
on Jan 19
From watchtowr.com
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
0 0
Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and CVE-2024-21887 - two bugs, Command Injection
on Jan 18
From watchtowr.com
XXE, You Can Depend On Me (OpenCMS CVE-2023-42344 and Friends)
0 0
In the idealistic world of security research, we’d be faced with the latest versions of off-the-shelf enterprise products, primed with fresh hardened code ready for analysis and code kung-fu. In reality, however, enterprises and users often don’t update their installations unless world-ending,...
on Nov 21
From watchtowr.com
Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall
0 0
Here at watchTowr, we just love attacking high-privilege devices (and spending hours thinking of awful titles [see above]). A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning they’re Internet-accessible by...
on Oct 20, 2023
From watchtowr.com
Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition
0 0
You’re likely seeing a trend - yes, we know, we look at a lot of enterprise-grade software and appliances. Today, we’re not here to change your expectations of us - we’re looking at more enterprise-grade software and appliances. Today, we’re looking at Sangfor’s Next Gen
on Oct 5, 2023
From watchtowr.com
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
0 0
A few days ago, ZDI went public with no less than six 0days in the popular mail server Exim. Ranging from ‘potentially world-ending' through to ‘a bit of a damp squib’, these bugs were apparently discovered way back in June 2022 (!) - but naturally got caught up in the void
on Oct 2, 2023