RCE to Sliver: IR Tales from the Field
Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source....
10CVSS
8.6AI Score
0.971EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
9.8CVSS
10AI Score
EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0208
Updates of ['dbus'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0727
Updates of ['bindutils'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0565
Updates of ['linux', 'linux-aws', 'unbound', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential...
7.7AI Score
0.0004EPSS
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential...
7.5AI Score
0.0004EPSS
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential...
8.3AI Score
0.0004EPSS
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential...
7.7AI Score
0.0004EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
10AI Score
0.116EPSS
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering...
7.1CVSS
6.7AI Score
0.0004EPSS
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering...
7.1CVSS
6.7AI Score
0.0004EPSS
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering...
7.1CVSS
6.9AI Score
0.0004EPSS
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering...
7.1CVSS
7AI Score
0.0004EPSS
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and.....
9.8CVSS
9.1AI Score
0.192EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0205
Updates of ['unbound'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....
8AI Score
Important Photon OS Security Update - PHSA-2024-3.0-0726
Updates of ['unbound'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0206
Updates of ['linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.002EPSS
RHEL 7 : .NET 6.0 (RHSA-2024:0814)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0814 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
7.5CVSS
8AI Score
0.003EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0207
Updates of ['bluez'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0564
Updates of ['postgresql14', 'postgresql13'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Fat Patch Tuesday, February 2024 Edition
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412, a...
9.8CVSS
8.2AI Score
0.915EPSS
Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34055) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...
6.5CVSS
7.4AI Score
0.0004EPSS
(RHSA-2024:0797) Important: Satellite 6.14.2 Async Security Update
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...
7.7AI Score
0.003EPSS
Update Rollup 70 for Azure Site Recovery -KB5034599
Update Rollup 70 for Azure Site Recovery -KB5034599 Important: 9.58 version for mobility agent and configuration server was made live for Classic VMware/Physical to Azure scenario, during the 9.57 deployment. This version has not been released for any other scenario. The download links have been...
9.3CVSS
9AI Score
0.001EPSS
Intel® PROSet/Wireless and Killer™ Wi-Fi Software February 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. ...
7.1CVSS
7.7AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
KB5034862: Servicing stack update for Windows Server 2016: February 13, 2024
KB5034862: Servicing stack update for Windows Server 2016: February 13, 2024 REMINDERWindows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates.Windows 10, version 1607 IoT...
6.7AI Score
Important Photon OS Security Update - PHSA-2024-4.0-0563
Updates of ['bindutils'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
Intel Thunderbolt DCH Drivers for Windows February 2024 Security Updates
Intel has informed HP of potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows, which might allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these...
8.2CVSS
7.7AI Score
0.0004EPSS
Physical bypass of certain HP TamperLock features
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. Desktop Workstation mitigation...
7.3AI Score
0.0004EPSS
HP Workstation BIOS Arbitrary Write Security Update
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability. HP has released updates to mitigate the...
8.1AI Score
0.0004EPSS
Intel Virtual RAID on CPU (VROC) February 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Virtual RAID on CPU (VROC) software, which might allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential...
6.7CVSS
7.7AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0204
Updates of ['bindutils'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...
8AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0725
Updates of ['linux-rt', 'linux', 'linux-aws', 'linux-esx', 'linux-secure'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.002EPSS
Summary Multiple vulnerabilities in VMware Tanzu Spring Framework used by InfoSphere Information Server were addressed. [CVE-2023-20861, CVE-2023-20860] Vulnerability Details ** CVEID: CVE-2023-20861 DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a...
7.5CVSS
7.5AI Score
0.001EPSS
Moderate Photon OS Security Update - PHSA-2024-3.0-0724
Updates of ['ansible'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0723
Updates of ['linux-rt', 'yarn', 'linux', 'linux-aws', 'linux-esx', 'linux-secure'] packages of Photon OS have been...
9.8CVSS
9.9AI Score
0.001EPSS
Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The...
7.8CVSS
9.6AI Score
0.012EPSS
5.3CVSS
6AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-1145)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
Summary IBM i Access Client Solutions (ACS) is vulnerable to remote credential theft when NT LAN Manager (NTLM) is enabled on Windows workstations (CVE-2024-22318). Since IBM i Access Client solutions allows Universal Naming Convention (UNC) paths in its configuration files, if a path is modified.....
5.5CVSS
6.7AI Score
0.001EPSS
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score:.....
10CVSS
9.6AI Score
0.001EPSS
CentOS 8 : open-vm-tools (CESA-2023:7265)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7265 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...
7.5CVSS
7.1AI Score
0.001EPSS
Moderate Photon OS Security Update - PHSA-2024-3.0-0722
Updates of ['squid', 'dbus'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.009EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0201
Updates of ['patch'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
VMWare Aria Operations for Networks 6.x < 6.12 Multiple Vulnerabilities (VMSA-2024-0002)
According to its self-reported version, the instance of VMWare Aria Operations for Networks running on the remote web server is 6.x < 6.12.0.1706185032. It is, therefore, affected by multiple vulnerabilities: Aria Operations for Networks contains a local privilege escalation vulnerability. A...
7.8CVSS
5.8AI Score
0.0005EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0562
Updates of ['ruby'] packages of Photon OS have been...
9.8CVSS
7.5AI Score
0.004EPSS