SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 12
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Increase in the number of phishing messages pointing to IPFS and to R2 buckets
Published: 2024-03-14
Last Updated: 2024-03-14 08:57:10 UTC
by Jan Kopriva (Version: 1)
Credential-stealing phishing is constantly evolving, nevertheless, some aspects of it – by necessity – stay the same. One thing, which is constant, is the need for a credential gathering mechanism, and although threat actors have come up with a number of alternatives to simply hosting a fake login page somewhere (e.g., using a third-party “forms” service or attaching an entire phishing page to an e-mail), the old approach of placing a phishing page on an internet-connected server and linking to it from e-mail messages is commonly used to this day.
Still, even when it comes to this kind of phishing, interesting trends do emerge from time to time. One such recent trend seems to be connected with an increased use of IPFS and R2 buckets to host phishing pages.
IPFS, or the InterPlanetary File System is Web3 storage system – a distributed, peer-to-peer data sharing network, originally conceived back in 2015 – which has been used by threat actors to host malicious content since at least 2022. The R2 is a Cloudflare object storage service, which enables owners of buckets to expose their content publicly on the r2.dev domain. The service was rolled out by Cloudflare in 2022 and threat actors started to use it to host malicious files the same year.
Although the use of IPFS and R2 buckets to host phishing pages is therefore nothing new, I did notice a significant increase in the number of new phishing campaigns that used these hosting options starting around the middle of February… You can see this increase in the following chart ...
Read the full entry:
Attacker Hunting Firewalls
Published: 2024-03-19
Last Updated: 2024-03-19 13:29:09 UTC
by Johannes Ullrich (Version: 1)
Firewalls and other perimeter devices are a huge target these days. Ivanti, Forigate, Citrix, and others offer plenty of difficult-to-patch vulnerabilities for attackers to exploit. Ransomware actors and others are always on the lookout for new victims. However, being an access broker or ransomware peddler is challenging: The competition for freshly deployed vulnerable devices, or devices not patched for the latest greatest vulnerability, is immense. Your success in the ransomware or access broker ecosystem depends on having a consistently updated list of potential victims.
As a result, certain IP addresses routinely scan the internet for specific types of vulnerabilities. One such example is 77.90.185.152. This IP address has been scanning for a different vulnerability each day. For example:
December 7th, 2023: We see this IP address for the first time doing widespread scans. It starts with scans for the URL "/remote/login". This URL is commonly associated with Fortinet's FortiOS. A few days later, on December 12th, Foritgate released several patches.
December 12th, 2023: Scans for "/login". This is a bit too generic to link it with a specific vulnerability
The next big scan from this IP address doesn't show up until March 9th. The attacker is still looking for "/remote/login", which is a good hint that the same actor still controls this system. These last few days, the activity from this IP address heated up, and we now see some diversity in scans. The URLs include, for example ...
Read the full entry:
https://isc.sans.edu/diary/Attacker+Hunting+Firewalls/30758/
Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability
Published: 2024-03-20
Last Updated: 2024-03-20 13:05:39 UTC
by Johannes Ullrich (Version: 1)
Late last week, an exploit surfaced on GitHub for CVE-2024-21762. This vulnerability affects Fortinet's FortiOS. A patch was released on February 8th. Owners of affected devices had over a month to patch. A few days prior to the GitHub post, the exploit was published on the Chinese QQ messaging network.
It took so long for an exploit to materialize because the vulnerability isn’t quite as trivial to exploit as the path traversal and command injection vulnerabilities usually found in similar devices. This is an "old fashioned" out-of-bounds write vulnerability requiring some assembly skills to craft a working exploit.
The vulnerability is triggered by the use of "Chunked Encoding". Chunked encoding implementations have been problematic in the past. Instead of advertising the length of the HTTP request's body via a "Content-Length" header, chunked encoding breaks the body into individual "chunks," each with a length field.
The exploit can be sent via a post request to the index page. But for the exploit to work, the right amount of memory has to be allocated first. This is done by submitting form data first, and the URL allowing an attacker to do so is "/remote/hostcheck_validate". This URL had its own heap-based buffer overflow last year. However, in this case, it just serves as an "innocent bystander", minding its business and being abused to prepare the system to exploit the new vulnerability.
Read the full entry:
https://isc.sans.edu/diary/Scans+for+Fortinet+FortiOS+and+the+CVE202421762+vulnerability/30762/
Internet Storm Center Entries
Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary] (2024.03.17)
Obfuscated Hexadecimal Payload (2024.03.16)
https://isc.sans.edu/diary/Obfuscated+Hexadecimal+Payload/30750/
5Ghoul Revisited: Three Months Later (2024.03.15)
https://isc.sans.edu/diary/5Ghoul+Revisited+Three+Months+Later/30746/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-21762 - Fortinet FortiOS Out-of-Bound Write Vulnerability
CVE-2023-48788 - Fortinet FortiClientEMS versions 7.0.1 through 7.2.2 are vulnerable to SQL injection, allowing attackers to execute unauthorized code or commands through specially crafted packets.
CVE-2023-27997 - Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
CVE-2023-36554 - Fortinet FortiManager versions 7.4.0, 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 6.4.0 through 6.4.13, and all 6.2 versions are susceptible to unauthorized code execution via manipulated HTTP requests.
CVE-2023-42789 - Fortinet FortiOS and FortiProxy are vulnerable to an out-of-bounds write, allowing attackers to execute unauthorized code or commands via specially crafted HTTP requests.
CVE-2024-25153 - FileCatalyst Workflow Web Portal is vulnerable to a directory traversal flaw in the 'ftpservlet' that allows attackers to upload files to unauthorized directories and execute code using specially crafted JSP files.
CVE-2024-22257 - Spring Security versions 5.7.x to 6.2.x are vulnerable to broken access control if AuthenticatedVoter#vote is used with a null Authentication parameter.
CVE-2024-21334 - Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-1301 - Badger Meter Monitool versions 4.6.3 and earlier are vulnerable to SQL injection, allowing a remote attacker to extract data from the database by sending a malicious SQL query via the j_username parameter.
CVE-2024-1527 - CMS Made Simple version 2.2.14 is susceptible to an unrestricted file upload vulnerability, enabling authenticated users to bypass security measures and potentially execute remote commands via webshell.
CVE-2024-2413 - Intumit SmartRobot is vulnerable to remote attackers using a fixed encryption key for authentication, allowing them to obtain administrator privileges and execute arbitrary code on the remote server.
CVE-2023-6825 - The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal via the target parameter in specific functions, allowing attackers to read sensitive files and upload files to unintended directories.
CVE-2024-1071 - The Ultimate Member plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2, allowing unauthenticated attackers to extract sensitive information from the database.
CVE-2024-2172 - Malware Scanner and Web Application Firewall plugins by MiniOrange for WordPress have a privilege escalation vulnerability in versions up to 4.7.2 and 2.1.1, allowing unauthenticated attackers to gain administrator privileges.
CVE-2024-0799 - An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
CVE-2024-28194 - YourSpotify versions < 1.8.0 utilize a hardcoded JSON Web Token (JWT) secret, allowing attackers to forge authentication tokens and bypass authentication as arbitrary users, including admin users.
CVE-2024-27102 - Wings, the server control plane for Pterodactyl Panel, has a vulnerability that allows potential unauthorized access to files and directories on the host system.
CVE-2024-28175 - Argo CD is vulnerable to a cross-site scripting bug in versions 1.0.0 and above, allowing attackers to execute malicious scripts with elevated permissions.
CVE-2024-21652 - Argo CD prior to versions 2.8.13, 2.9.9, and 2.10.4 is vulnerable to a critical security issue that allows attackers to bypass brute force login protection and potentially crash the service or compromise accounts.
CVE-2024-0802, CVE-2024-1915 - Mitsubishi Electric Corporation's MELSEC-Q Series and MELSEC-L Series CPU modules incorrect pointer scaling vulnerabilities
Product: Mitsubishi Electric Corporation MELSEC-Q Series CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0802 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1915 NVD References: - https://jvn.jp/vu/JVNVU99690199/ - https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 - https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf CVE-2024-0803, CVE-2024-1916, CVE-2024-1917 - MELSEC-Q Series and MELSEC-L Series CPU modules integer overflow vulnerabilities CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0803 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1916 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1917 NVD References: - https://jvn.jp/vu/JVNVU99690199/ - https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 - https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf CVE-2024-28253 - OpenMetadata is susceptible to a Remote Code Execution vulnerability due to a flaw in its authorization checks, allowing attackers to exploit the `prepare` method in `EntityResource.createOrUpdate()`. Product: OpenMetadata PolicyResource CVSS Score: 9.4 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28253 NVD References: https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-7vf4-x5m2-r6gr CVE-2024-28255 - OpenMetadata allows for authentication bypass through the `JwtFilter` when an attacker manipulates path parameters to match excluded endpoints, leading to arbitrary endpoint access and potential SpEL expression injection, which has been fixed in version 1.2.4 with no known workarounds, tracking this issue as `GHSL-2023-237`. Product: OpenMetadata CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28255 NVD References: https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84 CVE-2024-27957 - Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. Product: Pie Register CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27957 NVD References: https://patchstack.com/database/vulnerability/pie-register/wordpress-pie-register-plugin-3-8-3-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve CVE-2024-27767 - Versions prior to 1.35.227 CWE-287: Improper Authentication Product: Unitronics Unistream Unilogic CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27767 NVD References: - https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered - https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 CVE-2024-27768 - Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal' Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE Product: Unitronics Unistream Unilogic CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27768 NVD References: - https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered - https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 CVE-2024-2599 - AMSS++ version 4.31 is vulnerable to file upload restriction evasion, potentially enabling RCE for authenticated users via webshell access. Product: AMSS++ CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2599 NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss CVE-2024-2051 - Improper Restriction of Excessive Authentication Attempts vulnerability exists in Schneider Electric Easergy T200 RTU that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. Product: Schneider Electric Easergy T200 RTU Product Line CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2051 NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf CVE-2024-24578 - RaspberryMatic prior to version 3.75.6.20240316 contains an unauthenticated remote code execution vulnerability in the Java based `HMIPServer.jar` component, allowing attackers to gain root access and fully compromise the system. Product: RaspberryMatic OCCU CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24578 NVD References: https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h CVE-2024-2636 - Cegid Meta4 HR is vulnerable to an unrestricted file upload issue through '/config/espanol/update_password.jsp' which allows attackers to upload malicious files to the server by modifying the 'M4_NEW_PASSWORD' parameter. Product: Cegid Meta4 HR CVSS Score: 9.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2636 NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid CVE-2024-29135 - Unres…
CVE-2024-28253 - OpenMetadata is susceptible to a Remote Code Execution vulnerability due to a flaw in its authorization checks, allowing attackers to exploit the `prepare` method in `EntityResource.createOrUpdate()`.
CVE-2024-28255 - OpenMetadata allows for authentication bypass through the `JwtFilter` when an attacker manipulates path parameters to match excluded endpoints, leading to arbitrary endpoint access and potential SpEL expression injection, which has been fixed in version 1.2.4 with no known workarounds, tracking this issue as `GHSL-2023-237`.
CVE-2024-27957 - Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1.
CVE-2024-27767 - Versions prior to 1.35.227 CWE-287: Improper Authentication
Product: Unitronics Unistream Unilogic CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27767 NVD References: - https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered - https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 CVE-2024-27768 - Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal' Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE Product: Unitronics Unistream Unilogic CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27768 NVD References: - https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered - https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 CVE-2024-2599 - AMSS++ version 4.31 is vulnerable to file upload restriction evasion, potentially enabling RCE for authenticated users via webshell access. Product: AMSS++ CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2599 NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss CVE-2024-2051 - Improper Restriction of Excessive Authentication Attempts vulnerability exists in Schneider Electric Easergy T200 RTU that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. Product: Schneider Electric Easergy T200 RTU Product Line CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2051 NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf CVE-2024-24578 - RaspberryMatic prior to version 3.75.6.20240316 contains an unauthenticated remote code execution vulnerability in the Java based `HMIPServer.jar` component, allowing attackers to gain root access and fully compromise the system. Product: RaspberryMatic OCCU CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24578 NVD References: https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h CVE-2024-2636 - Cegid Meta4 HR is vulnerable to an unrestricted file upload issue through '/config/espanol/update_password.jsp' which allows attackers to upload malicious files to the server by modifying the 'M4_NEW_PASSWORD' parameter. Product: Cegid Meta4 HR CVSS Score: 9.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2636 NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid CVE-2024-29135 - Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic. This issue affects Tourfic: from n/a through 2.11.15. Product: Tourfic CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29135 NVD References: https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-15-arbitrary-file-upload-vulnerability?_s_id=cve CVE-2024-29027 - Parse Server is vulnerable to code injection, internal store manipulation, and remote code execution through invalid Cloud Function and Cloud Job names prior to versions 6.5.5 and 7.0.0-alpha.29. Product: Parse Server CVSS Score: 9.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29027 NVD References: https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29 CVE-2024-21330 - Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Product: Microsoft Open Management Infrastructure (OMI) CVSS Score: 7.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21330 MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330 CVE-2024-21390 - Microsoft Authenticator Elevation of Privilege Vulnerability Product: Microsoft Authenticator CVSS Score: 7.1 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21390 MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21390 CVE-2024-21392 - .NET and Visual Studio Denial of Service Vulnerability Product: Microsoft .NET and Visual Studio CVSS Score: 7.5 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21392 MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392 CVE-2024-21407 - Windows Hyper-V Remote Code Execution Vulnerability Product: Microsoft Windows Hyper-V CVSS Score: 8.1 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21407 MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21407 CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability Product: Skype for Consumer CVSS Score: 8.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21411 MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411 CVE-2024-21418 - Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability Product: Microsoft SONiC CVSS Score: 7.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21418 MSFT Details: https://msrc.mic…
CVE-2024-2599 - AMSS++ version 4.31 is vulnerable to file upload restriction evasion, potentially enabling RCE for authenticated users via webshell access.
CVE-2024-2051 - Improper Restriction of Excessive Authentication Attempts vulnerability exists in Schneider Electric Easergy T200 RTU that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form.
CVE-2024-24578 - RaspberryMatic prior to version 3.75.6.20240316 contains an unauthenticated remote code execution vulnerability in the Java based `HMIPServer.jar` component, allowing attackers to gain root access and fully compromise the system.
CVE-2024-2636 - Cegid Meta4 HR is vulnerable to an unrestricted file upload issue through '/config/espanol/update_password.jsp' which allows attackers to upload malicious files to the server by modifying the 'M4_NEW_PASSWORD' parameter.
CVE-2024-29135 - Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic. This issue affects Tourfic: from n/a through 2.11.15.
CVE-2024-29027 - Parse Server is vulnerable to code injection, internal store manipulation, and remote code execution through invalid Cloud Function and Cloud Job names prior to versions 6.5.5 and 7.0.0-alpha.29.
CVE-2024-21330 - Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21390 - Microsoft Authenticator Elevation of Privilege Vulnerability
CVE-2024-21392 - .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-21407 - Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability
CVE-2024-21418 - Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
CVE-2024-21419 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21421 - Azure SDK Spoofing Vulnerability
CVE-2024-21426 - Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21427 - Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-21431 - Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVE-2024-21432 - Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21433 - Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21434 - Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-21435 - Windows OLE Remote Code Execution Vulnerability
CVE-2024-21436 - Windows Installer Elevation of Privilege Vulnerability
CVE-2024-21437 - Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-21438 - Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-21439 - Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-21442, CVE-2024-21445 - Windows USB Print Driver Elevation of Privilege Vulnerabilities
CVE-2024-21446 - NTFS Elevation of Privilege Vulnerability
CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerabilities
CVE-2024-21440, CVE-2024-21451, CVE-2024-26159, CVE-2024-26162 - Microsoft ODBC Driver Remote Code Execution Vulnerabilities
CVE-2024-26164 - Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
CVE-2024-26165 - Visual Studio Code Elevation of Privilege Vulnerability
CVE-2024-26169 - Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-26170 - Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178, CVE-2024-26182 - Windows Kernel Elevation of Privilege Vulnerabilities
CVE-2024-26190 - Microsoft QUIC Denial of Service Vulnerability
CVE-2024-26198 - Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2024-26199 - Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26203 - Azure Data Studio Elevation of Privilege Vulnerability
CVE-2024-26204 - Outlook for Android Information Disclosure Vulnerability
CVE-2024-28353, CVE-2024-28354 - TRENDnet TEW-827DRU router with firmware version 2.10B01 command injection vulnerabilities
Sponsors
Dragos
Free Webinar | 2023 OT Cybersecurity Vulnerability BriefingJoin Dragos Vulnerability Analysts Logan Carpenter and Nick Cano on April 18 @ 1 PM ET on a live webinar for an overview of the latest OT vulnerability statistics and trends and helpful advice on which vulnerabilities are the most critical to prioritize mitigation in your OT environment to be better protected in 2024. Register now:
Palo Alto Networks
2024 SANS State of Security Automation Survey | We would like to understand what drives automation in security teams, the role of automation in facilitating collaboration, and the ongoing challenges of automating security operations. Complete this survey for a chance to win a $250 Amazon gift card!
Elastic
Live Today!! Shining a Light in the Dark: Observability and Security | Join Matt Bromiley and Elastic’s Security and Observability experts Gagan Singh and Jennifer Ellard to discover how a convergence between security and observability empowers your teams. Save your seat today:
CrashPlan
Do You Know Where Your Data Is? | April 25 at 1:00pm ET | Tune in as we dive into the results and key findings of our Endpoint Data Survey. Our presenters will provide insight into the strategies that organizations are using to protect against the loss of such data.