Week in Overview(13 Feb-20 Feb) – 2024 Technical Summary 4. Security Advisory Summary Report for CVE-2024-21412: 5. CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC: Week in Overview(13 Feb-20 eb) – 20 🚨 Vulnerability of the Week The vulnerability, termed the #MonikerLink bug, is assigned CVE-2024-21413 with a CVSS score of 9.8. It allows
More
Week in Overview(6 Feb-13 Feb) – 2024 Technical Summary Technical Summary: Chinese APT Groups Exploiting SOHO Facilities for Cyberespionage Chinese Advanced Persistent Threat (APT) groups, particularly APT15 (Vixen Panda, Ke3chang) and APT31 (Zirconium, Judgment Panda), have been identified as exploiting Small Office/Home Office (SOHO) facilities for cyberespionage operations, primarily targeting government and political institutions. These
More
Week in Overview(30 Jan-6 Feb) – 2024 Technical Summary 🚨 Vulnerability of the Week FortiSIEM CVE-2024-23109 Fortinet FortiSIEM, versions 6.4.0 through 7.1.1, has been found vulnerable to an “improper neutralization of special elements used in an OS command” (OS command injection) flaw. This vulnerability allows attackers to execute unauthorized code or commands through crafted API
More
Week in Overview(23 Jan-30 Jan) – 2024 Technical Summary 1. ScarCruft Campaign Targeting Cybersecurity Professionals: 2. Proxying Windows Tools Through SOCKS for Offensive Use: 3. AllaKore RAT Targeting Mexican Banks and Crypto Platforms: 4. CVE-2023-41474: Ivanti Avalanche Directory Traversal Flaw: 5. Microsoft’s Response to the Midnight Blizzard (Nobelium) Nation-State Attack: 6. CVE-2024-0204 RCE Exploit in
More