Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
icsIndustrial Control Systems Cyber Emergency Response TeamAA24-242A
HistoryAug 29, 2024 - 12:00 p.m.

#StopRansomware: RansomHub Ransomware

2024-08-2912:00:00
Industrial Control Systems Cyber Emergency Response Team
www.cisa.gov
12
install updates
firmware
phishing-resistant mfa
training users

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.973

Percentile

99.9%

JSON

Actions to take today to mitigate cyber threats from ransomware:

  1. Install updates for operating systems, software, and firmware as soon as they are released.
  2. Require phishing-resistant MFA (i.e., non-SMS text based) for as many services as possible.
  3. Train users to recognize and report phishing attempts.

References

Related

thn 28
qualysblog 2
cve 5
nessus 7
fortinet 1
attackerkb 6
githubexploit 56
cvelist 5
zdt 5
nuclei 2
prion 6
rapid7blog 2
krebs 1
cisa_kev 5
hivepro 6
packetstorm 6
cnvd 1
vulnrichment 2
metasploit 6
nvd 6
impervablog 3
malwarebytes 7
ics 2
saint 4
debiancve 1
ibm 7
f5 1
osv 3
redhatcve 1
redhat 4
zdi 1
github 1
ubuntucve 1
atlassian 1
veracode 1
trellix 1
exploitdb 1
trendmicroblog 1
thn
thn
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
2024-09-02 13:33:00
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
2023-11-07 07:14:00
Global Retailers Must Keep an Eye on Their SaaS Stack
2023-07-10 11:35:00
qualysblog
qualysblog
Conti Ransomware
2021-11-18 17:17:56
Atlassian Confluence Broken Access Control Vulnerability (CVE-2023-22515)
2023-11-15 11:57:42
cve
cve
CVE-2023-48788
2024-03-12 15:15:46
CVE-2023-27997
2023-06-13 09:15:16
CVE-2023-46747
2023-10-26 21:15:08
nessus
nessus
Fortinet Fortigate - Heap buffer overflow in sslvpn pre-authentication (FG-IR-23-097)
2023-06-12 00:00:00
Fortinet FortiClient EMS 7.0.x < 7.0.11 / 7.2.x < 7.2.3 (FG-IR-24-007)
2024-03-14 00:00:00
F5 Networks BIG-IP : BIG-IP Configuration utility unauthenticated remote code execution vulnerability (K000137353)
2023-11-02 00:00:00
fortinet
fortinet
Protect
2023-06-12 00:00:00
attackerkb
attackerkb
CVE-2023-27997
2023-06-13 00:00:00
CVE-2023-48788
2024-03-12 00:00:00
CVE-2023-46747
2023-10-26 00:00:00
githubexploit
githubexploit
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
2023-11-01 09:31:05
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
2023-11-01 09:31:05
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
2023-11-02 16:03:35
cvelist
cvelist
CVE-2023-46747 BIG-IP Configuration utility unauthenticated remote code execution vulnerability
2023-10-26 20:04:53
CVE-2023-48788
2024-03-12 15:09:18
CVE-2023-27997
2023-06-13 08:41:47
zdt
zdt
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution Exploit
2024-04-23 00:00:00
F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit
2023-11-10 00:00:00
Atlassian Confluence Unauthenticated Remote Code Execution Exploit
2023-10-19 00:00:00
nuclei
nuclei
F5 BIG-IP - Unauthenticated RCE via AJP Smuggling
2023-10-29 17:52:25
Atlassian Confluence - Privilege Escalation
2023-10-10 13:20:42
prion
prion
Design/Logic Flaw
2023-10-26 21:15:00
Sql injection
2024-03-12 15:15:00
Heap overflow
2023-06-13 09:15:00
rapid7blog
rapid7blog
CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability
2023-06-12 18:16:52
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
2023-11-01 18:32:04
krebs
krebs
CISA Order Highlights Persistent Risk at Network Edge
2023-06-15 15:40:09
cisa_kev
cisa_kev
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
2023-06-13 00:00:00
Fortinet FortiClient EMS SQL Injection Vulnerability
2024-03-25 00:00:00
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
2023-10-05 00:00:00
hivepro
hivepro
Fortinet Releases Patches for Critical Vulnerabilities in Various Products
2024-03-14 18:27:05
Atlassian Confluence Zero-Day Actively Exploited in the Wild
2023-10-06 07:01:32
Attacks, Vulnerabilities and Actors 30 October to 5 November 2023
2023-11-07 06:36:50
packetstorm
packetstorm
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution
2024-04-23 00:00:00
F5 BIG-IP TMUI AJP Smuggling Remote Command Execution
2023-11-14 00:00:00
Atlassian Confluence Unauthenticated Remote Code Execution
2023-10-19 00:00:00
cnvd
cnvd
F5 BIG-IP Remote Code Execution Vulnerability (CNVD-2023-82300)
2023-11-01 00:00:00
vulnrichment
vulnrichment
CVE-2023-48788
2024-03-12 15:09:18
CVE-2023-22515
2023-10-04 14:00:00
metasploit
metasploit
FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE
2024-04-12 17:00:07
F5 BIG-IP TMUI AJP Smuggling RCE
2023-10-31 13:55:18
Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control
2023-10-11 19:09:22
nvd
nvd
CVE-2023-48788
2024-03-12 15:15:46
CVE-2023-27997
2023-06-13 09:15:16
CVE-2023-46747
2023-10-26 21:15:08
impervablog
impervablog
Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability
2023-10-27 14:45:37
Atlassian CVE-2023-22515 Blocked by Imperva
2023-10-11 22:29:06
CVE-2023-3519: NetScaler (Citrix) RCE Blocked By Imperva
2023-07-23 09:46:23
malwarebytes
malwarebytes
Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass
2023-10-31 13:00:04
Ransomware review: November 2023
2023-11-15 22:18:06
Apache ActiveMQ vulnerability used in ransomware attacks
2023-11-03 16:41:44
ics
ics
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
2023-10-16 12:00:00
Delta Electronics InfraSuite Device Master
2024-05-09 12:00:00
saint
saint
Atlassian Confluence Data Center and Server broken access control
2023-11-02 00:00:00
Citrix ADC nsppe buffer overflow
2023-08-09 00:00:00
Citrix ADC nsppe buffer overflow
2023-08-09 00:00:00
debiancve
debiancve
CVE-2023-46604
2023-10-27 15:15:14
ibm
ibm
Security Bulletin: Vulnerability in Apache ActiveMQ affects App Connect Professional.
2023-12-29 07:44:55
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue
2024-07-29 12:14:07
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2023-46604]
2023-12-23 09:54:20
f5
f5
K000137761 : Apache ActiveMQ vulnerability CVE-2023-46604
2023-12-02 00:00:00
osv
osv
Apache ActiveMQ is vulnerable to Remote Code Execution
2023-10-27 15:30:20
CVE-2023-46604
2023-10-27 15:15:14
BIT-activemq-2023-46604
2024-03-06 10:50:29
redhatcve
redhatcve
CVE-2023-46604
2023-10-31 23:33:19
redhat
redhat
(RHSA-2023:6877) Critical: security update jboss-amq-6/amq63-openshift container image
2023-11-09 21:25:44
(RHSA-2023:6878) Critical: Red Hat AMQ Broker 7.10.5 release and security update
2023-11-09 23:24:48
(RHSA-2023:6849) Critical: Red Hat JBoss Fuse/A-MQ Fuse 6.3 R20 HF1 security and bug fix update
2023-11-09 12:31:58
zdi
zdi
Delta Electronics InfraSuite Device Master ActiveMQ Deserialization of Untrusted Data Remote Code Execution Vulnerability
2024-05-13 00:00:00
github
github
Apache ActiveMQ is vulnerable to Remote Code Execution
2023-10-27 15:30:20
ubuntucve
ubuntucve
CVE-2023-46604
2023-10-27 00:00:00
atlassian
atlassian
Update ActiveMQ to fix CVE-2023-46604
2023-11-02 15:05:16
veracode
veracode
Remote Code Execution
2023-10-31 11:02:01
trellix
trellix
How Groove Gang is Shaking up the RAAS to Empower Affiliates
2021-09-08 00:00:00
exploitdb
exploitdb
Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - &#039;EternalBlue&#039; SMB Remote Code Execution (MS17-010)
2017-07-11 00:00:00
trendmicroblog
trendmicroblog
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
2023-11-20 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.973

Percentile

99.9%

JSON
Related for AA24-242A
thn28qualysblog2cve5nessus7fortinet1attackerkb6githubexploit56cvelist5zdt5nuclei2prion6rapid7blog2krebs1cisa_kev5hivepro6packetstorm6cnvd1vulnrichment2metasploit6nvd6impervablog3malwarebytes7ics2saint4debiancve1ibm7f51osv3redhatcve1redhat4zdi1github1ubuntucve1atlassian1veracode1trellix1exploitdb1trendmicroblog1