Latest News
A list of topics we covered in the week of December 2 to December 8 of 2024
Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat actors exploiting this vector in the past.
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
The ABB BMS/BAS controller suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameter 'redirect' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
Cryptocurrencies, from Bitcoin to altcoins and meme coins, revolutionize payments by offering privacy, reduced fees, faster transactions, enhanced…
The ABB BMS/BAS controller suffers from an unauthenticated information disclosure and manipulation vulnerability in the OOS (Out of Service) Manager. An unauthorized attacker can enumerate devices marked as in or out of service, accessing detailed information such as device names, network IDs, and transaction counts. Furthermore, the attacker can exploit this vulnerability to modify the OOS status of devices, allowing unauthorized additions or updates via the exposed functionality of the /oosManagerAjax.php endpoint.
The ABB BMS/BAS controller suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can access the affected page and retrieve sensitive system details, including active threads, mapping of reference paths, port pool configurations, internal IP addresses, serial port queue information, and performance metrics such as transaction times.
The ABB BMS/BAS controller is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves uploading a crafted .aam file through fileSystemUpdate.php, which is then moved to /tmp and executed by fileSystemUpdateExecute.php. This script leverages sudo to run the upgrade-bundle.sh script, enabling the attacker to bypass input validation checks and execute arbitrary code, leading to full system compromise and unauthorized root access.
Operation Destabilise was a major international operation led by the UK's National Crime Agency (NCA) to dismantle two Russian-speaking criminal networks: Smart and TGR. These networks were backbone in laundering billions of dollars for various criminal activities.
DroidBot, a sophisticated Android RAT, is targeting individuals and financial institutions across Europe.