#kev — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #kev, aggregated by home.social.
-
Апрельский «В тренде VM»: уязвимость в Microsoft SharePoint
Хабр, привет! На связи Александр Леонов, ведущий эксперт PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies регулярно исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. С прошлого дайджеста мы добавили еще одну трендовую уязвимость. Подробности о ней читайте под катом. Читать
https://habr.com/ru/companies/pt/articles/1028828/
#vm #cvss #kev #max_patrol_vm #sharepoint #уязвимости_и_их_эксплуатация #microsoft_office #debugs #cve
-
Апрельский «В тренде VM»: уязвимость в Microsoft SharePoint
Хабр, привет! На связи Александр Леонов, ведущий эксперт PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies регулярно исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. С прошлого дайджеста мы добавили еще одну трендовую уязвимость. Подробности о ней читайте под катом. Читать
https://habr.com/ru/companies/pt/articles/1028828/
#vm #cvss #kev #max_patrol_vm #sharepoint #уязвимости_и_их_эксплуатация #microsoft_office #debugs #cve
-
Апрельский «В тренде VM»: уязвимость в Microsoft SharePoint
Хабр, привет! На связи Александр Леонов, ведущий эксперт PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies регулярно исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. С прошлого дайджеста мы добавили еще одну трендовую уязвимость. Подробности о ней читайте под катом. Читать
https://habr.com/ru/companies/pt/articles/1028828/
#vm #cvss #kev #max_patrol_vm #sharepoint #уязвимости_и_их_эксплуатация #microsoft_office #debugs #cve
-
Апрельский «В тренде VM»: уязвимость в Microsoft SharePoint
Хабр, привет! На связи Александр Леонов, ведущий эксперт PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies регулярно исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. С прошлого дайджеста мы добавили еще одну трендовую уязвимость. Подробности о ней читайте под катом. Читать
https://habr.com/ru/companies/pt/articles/1028828/
#vm #cvss #kev #max_patrol_vm #sharepoint #уязвимости_и_их_эксплуатация #microsoft_office #debugs #cve
-
Does anyone know if what CISA is putting out post-Jen is worth looking or is just like the rest of the anal flem this administration produces? I mean, for realz inside knowledge?
https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html
-
gcve-eu-kev updated — a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.
It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.
#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement
🔗 https://github.com/gcve-eu/gcve-eu-kev
🔗 https://gcve.eu/bcp/gcve-bcp-07/ -
Following a great question from CERT.PL about GCVE KEV assertion format and especially about the confidence level for an evidence of a vulnerability assertion.
We made a first table of confidence level for the evidence in the KEV record format.
#kev #gcve #format #vulnerability #openstandard
🔗 Discussions / Proposal https://discourse.ossbase.org/t/kev-known-exploited-vulnerabilities-potential-format-bcp-07/744/36?u=adulau
🔗 GCVE BCP-07 https://gcve.eu/bcp/gcve-bcp-07/
-
Exports matter to us. A lot. You’ve been warned 😉
Vulnerability-Lookup now supports KEV catalog export to NDJSON.#OpenData #KEV #CVE #GCVE #Vulnerability #OpenSource #CyberSecurity
-
CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.
The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.
This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.
Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense
-
CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.
The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.
This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.
Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense
-
CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.
The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.
This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.
Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense
-
CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.
The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.
This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.
Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense
-
We’re proud to be included in the VulnCheck State of Exploitation 2026 report and recognized for CrowdSec’s growth as a leading source in first reporting KEVs throughout 2025.
Big thanks to @vulncheck and Patrick Garrity for the recognition, and congrats on the launch of VulnCheck Canary Intelligence.
👉 Read the full article: https://www.vulncheck.com/blog/state-of-exploitation-2026
#threatintelligence #VulnCheck #vulnerability #KEV #cybersecurity @vulncheckai
-
CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw https://hackread.com/cisa-emergency-patching-exploit-hpe-oneview-flaw/ #HewlettPackardEnterprise #Cybersecurity #Vulnerability #CyberAttack #Security #CISA #HPE #KEV
-
In 2025, the top 5 known exploited vulnerability (#KEV) vendors as of https://cyble.com/blog/cisa-kev-2025-exploited-vulnerabilities-growth/ were:
Microsoft (39)
#Apple (9)
#Cisco (8)
#Fortinet (8)
#Google #Chromium (7)If you like to minimize your #security risk here, avoiding those vendors could improve your overall exposure.
As you can see, this is particularly true for #Microsoft.
Mitigation using #AntiMalware or #EndPointProtection is not the answer as we've learned in the previous year where the "Most Frequently Exploited #Vulnerabilities" have been security products!
Source: https://services.google.com/fh/files/misc/m-trends-2025-en.pdfIf you have high requirements for #ITsecurity, you need to migrate your systems to #Linux which is also part of KEV but on a *much* better level!
-
KEV Assertion Format – Draft Specification (potential BCP?)
This format describes a generic KEV (Known Exploited Vulnerability) assertion format.
The goal is to express who claims exploitation, when, based on what, where it was observed, and with which level of confidence, without turning KEV into full threat intelligence. A KEV assertion is usually very binary and lacking some meta-information. The format adds some information which could better capture details about the exploitation. A majority of the fields are optional except
vulnerability,statusandevidence.[].sourcewhich are recommended.Feedback, ideas, comments more than welcome!
🔗 https://discourse.ossbase.org/t/kev-known-exploited-vulnerabilities-potential-format-bcp/744
-
-
Maybe some of you are not aware about the @enisa_eu Known Exploited Vulnerabilities Catalog. In any case, it is now available via Vulnerability-Lookup:
https://vulnerability.circl.lu
and with the API:
https://vulnerability.circl.lu/api -
Are there any good alternatives to #CISA #KEV? #infosec #vulnerability
-
At the request of several users, our CVE web app has been available for installation on mobile devices and desktop computers since 9 September 2025.
However, the app does not have any offline functions, as this would require full synchronisation of the database to the device. Please let me know if this is something that you would really really want.
#Cyber #Security #CyberSecurity #SoftwareSecurity #Vulnerability #CISA #CVE #KEV #CyberAwareness #InfoSec #CyberThreats #CyberResilience
-
CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation https://hackread.com/cisa-citrix-git-flaw-kev-catalog-amid-active-exploitation/ #Cybersecurity #Vulnerability #Security #Citrix #CISA #Git #KEV
-
CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation – Source:hackread.com https://ciso2ciso.com/cisa-adds-citrix-and-git-flaws-to-kev-catalogue-amid-active-exploitation-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #Hackread #security #Citrix #CISA #Git #KEV
-
CISA Warns of Active Exploits in N-able N-central, Urges Upgrade to 2025.3.1 https://thecyberexpress.com/cisa-warns-of-cve-2025-8875-and-cve-2025-8876/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE20258875 #CVE20258876 #CyberNews #Ncentral #Nable #CISA #KEV
-
CISA Adds One Known Exploited Vulnerability to Catalog https://www.cisa.gov/news-events/alerts/2025/07/18/cisa-adds-one-known-exploited-vulnerability-catalog
-
CISA just added 4 CRITICAL, actively exploited vulns to the KEV catalog. Affected products not yet disclosed—patching and monitoring recommended ASAP! Stay vigilant as threat actors are targeting these flaws. https://radar.offseq.com/threat/cisa-adds-four-critical-vulnerabilities-to-kev-cat-b994b620 #OffSeq #KEV #CyberThreats #InfoSec
-
📰cyberlights💥 week 17 out now! I had a hard time choosing from all the #infosec news. the entry got a little longer than usual 👉https://infosec.press/wrzlbrmpfts-cyberlights/cyberlights-week-17-2025
my fav this week is quite geeky, but discovering a bug because of "previously undefined behavior" is kinda cool 🫙 https://cookieplmonster.github.io/2025/04/23/gta-san-andreas-win11-24h2-bug/
a little sidenote: no new entries into CISA's #kev database. that does not happen very often. 🥸
-
I wrote a Discord bot to monitor for CVEs being mentioned in chat, and then it will fetch the details and post it back to chat.
It also has a feature to monitor for new KEV notifications and send them to a dedicated channel
Collab with me. Use it. Abuse it. What ever ya want!
-
Los recortes en #CISA a pesar de ser una agencia americana posiblemente terminen teniendo un impacto negativo en la #ciberseguridad global.
Por ejemplo el #KEV que mantienen (un catálogo de vulnerabilidades que se sabe que se están explotando por el mundo adelante) es una joya de cara a hacer una gestión de vulnerabilidades efectiva.
Otra cosa es que tengamos que quitarnos esa dependencia y buscar alternativas propias (además de ser conscientes de que no nos avisarán de las que exploten ellos, evidentemente), pero perder esa fuente va a hacer mucho daño a corto.
https://www.theregister.com/2025/04/08/cisa_cuts_threat_intel/
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Palo Alto Networks released additional details about CVE-2024-3400: the fact that it is a combination of two bugs in PAN-OS; how an attacker was exploiting it; how disabling telemetry initially worked; and how they fixed it. The timeline from discovery to remediation encompasses the whole blog post. Overall a comprehensive after-action review from a company that notified the public almost immediately of an exploited zero-day. 🔗https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #PANOS #IOC
-
Bleeping Computer: GreyNoise and ShadowServer Foundation are reporting active exploitation of CVE-2024-3400 (10.0 critical, disclosed 12 April 2024 by Palo Alto Networks as an exploited zero-day, OS Command Injection Vulnerability in GlobalProtect Gateway, added to CISA KEV Catalog, has Proof of Concept). The good news is that all hotfixes for vulnerable versions of PAN-OS are now released. 🔗 https://www.bleepingcomputer.com/news/security/22-500-palo-alto-firewalls-possibly-vulnerable-to-ongoing-attacks/
#CVE_2024_3400 #PaloAltoNetworks #activeexploitation #eitw #kev
-
Zscaler observed exploitation of the Palo Alto Networks PAN-OS command injection zero-day vulnerability CVE-2024-3400 following the release of the PoC exploit code. Zscaler provides an attack flow diagram, and a technical analysis of the Upstyle backdoor and its layers. IOC provided. 🔗 https://www.zscaler.com/blogs/security-research/look-cve-2024-3400-activity-and-upstyle-backdoor-technical-analysis
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #threatintel #IOC
-
TrustedSec CTO Justin Elze shared CVE-2024-3400 exploit in the wild on Twitter yesterday, reports that
149.28.194.95was attempting to exploit CVE-2024-3400#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #threatintel #IOC
-
In case you missed it, Palo Alto Networks updated their security advisory in terms of product and mitigation guidance, exploit status, and PAN-OS fix availability: 🔗 https://security.paloaltonetworks.com/CVE-2024-3400
- Exploitation status: Proof of concepts for this vulnerability have been publicly disclosed by third parties.
- Workarounds and mitigations: In earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.
- Solution:
- - 10.2.6-h3 (Released 4/16/24)
- - 11.0.3-h10 (Released 4/16/24)
- - 11.0.2-h4 (Released 4/16/24)
- - 11.1.0-h3 (Released 4/16/24)
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept
-
watchTowr may have successfully replicated CVE-2024-3400 (10.0 critical, disclosed 12 April 2024 by Palo Alto Networks as an exploited zero-day, CWE-77: Command Injection; OS Command Injection Vulnerability in GlobalProtect Gateway, added to CISA KEV Catalog). Instead of releasing a Proof of Concept, they provided a "detection artefact generator tool" 🔗 https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #threatintel #IOC
-
@jullrich of SANS ISC warns that the widely shared GitHub exploit is almost certainly fake (cc: @mttaggart ) and two IP addresses were attempting CVE-2024-3400 exploitation:
173.255.223.159and146.70.192.174🔗 https://isc.sans.edu/diary/rss/30838#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #threatintel #IOC
-
Happy hotfix day from Palo Alto Networks who released 3 hotfixes for CVE-2024-3400 (10.0 critical, disclosed 12 April 2024 as an exploited zero-day) with 15 more hotfixes expected in the coming days: 🔗 https://security.paloaltonetworks.com/CVE-2024-3400
- PAN-OS 10.2:
- 10.2.9-h1 (Released 14 April)
- 10.2.8-h3 (Released 15 April)
- 10.2.7-h8 (Released 15 April)
- 10.2.6-h3 (Released 16 April)
- 10.2.5-h6 (Released 16 April)
- 10.2.3-h13 (Released 18 April)
- 10.2.1-h2 (Released 18 April)
- 10.2.2-h5 (Released 18 April)
- 10.2.0-h3 (Released 18 April)
- 10.2.4-h16 (Released 18 April)
- PAN-OS 11.0:
- 11.0.4-h1 (Released 14 April)
- 11.0.4-h2 (Released 17 April)
- 11.0.3-h10 (Released: 16 April)
- 11.0.2-h4 (Released 16 April)
- 11.0.1-h4 (Released 18 April)
- 11.0.0-h3 (Released 18 April)
- PAN-OS 11.1:
- 11.1.2-h3 (Released 14 April)
- 11.1.1-h1 (Released 16 April)
- 11.1.0-h3 (Released: 16 April)
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #threatintel #IOC
- PAN-OS 10.2:
-
It should come as no surprise that Palo Alto Networks did not release hotfixes* for affected versions of PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11 by the self-imposed deadline of Sunday 14 April 2024 like they estimated in their security advisory. 48 hours to develop/test/release is a tight delivery window with the whole infosec community breathing down their necks.
EDIT: A hotfix is now available for select affected versions of PAN-OS: https://security.paloaltonetworks.com/CVE-2024-3400
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #threatintel #IOC
-
CISA put out an additional security alert about CVE-2024-3400, noting that Palo Alto Networks released workaround guidance for the command injection vulnerability. 🔗 https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #CISA
-
Just to make it easier to read through the various reports (saying almost the same exact thing), I've assembled a Palo Alto Networks zero-day MEGA list:
- Palo Alto Networks security advisory: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
UPDATE: Volexity and Unit 42 talk about the threat actor, campaign, and include indicators of compromise:
- Volexity: Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
- Unit 42: Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
Here's the rest of the related reporting:
- Zscaler: Another CVE (PAN-OS Zero Day), Another Reason to Consider Zero Trust
- The Register: Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways
- Bleeping Computer:
- SANS ISC: Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400)
- CERT-EU: Critical Vulnerability in PAN-OS software
- Qualys: PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400)
- Rapid7: CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls
- The Hacker News:
- Security Week:
- SOCRadar: Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet.
- CISA:
- The Record: Palo Alto Networks warns of zero-day in VPN product
- Ars Technica:“Highly capable” hackers root corporate networks by exploiting firewall 0-day
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #threatintel #IOC
-
Hot off the press! CISA adds CVE-2024-3400 (10.0 critical, disclosed 12 April 2024, PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway) to the Known Exploited Vulnerabilities (KEV) Catalog 🔗 https://www.cisa.gov/news-events/alerts/2024/04/12/cisa-adds-one-known-exploited-vulnerability-catalog
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability
-
@jgreig of The Record writes that CISA confirmed reports by cybersecurity companies and researchers that some older D-Link devices are being exploited by threat actors, and added CVE-2024-3273 and CVE-2024-3272 to its Known Exploited Vulnerabilities list on Thursday 🔗 https://therecord.media/dlink-devices-exploited-vulnerabilities-cisa
#CVE_2024_3272 #CVE_2024_3273 #eitw #activeexploitation #CISA #KEV #KnownExploitedVulnerabilitiesCatalog #DLink
-
Hot off the press! CISA adds D-Link vulnerabilities CVE-2024-3273 (7.3 high, Command Injection) and CVE-2024-3272 (9.8 critical, Hard-coded Credentials), both disclosed 03 April 2024, to the Known Exploited Vulnerabilities (KEV) Catalog 🔗 https://www.cisa.gov/news-events/alerts/2024/04/11/cisa-adds-two-known-exploited-vulnerabilities-catalog
#CVE_2024_3272 #CVE_2024_3273 #eitw #activeexploitation #CISA #KEV #KnownExploitedVulnerabilitiesCatalog #DLink
