The Threat CodexFeb 27, 2025
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
#BlackBastaGroup #CVE_2023_6875 #CVE_2024_3400 #CVE_2024_27198 #CVE_2024_24919 #CVE_2024_23897 #CVE_2024_1709 #CVE_2023_4966 #CVE_2023_42793 #CVE_2023_36845 #CVE_2023_36844 #CVE_2023_29357 #CVE_2023_22515 #CVE_2023_20198 #CVE_2022_41082 #CVE_2022_41040 #CVE_2022_37042 #CVE_2022_30525 #CVE_2022_27925 #CVE_2022_26134 #CVE_2022_22965 #CVE_2022_1388 #CVE_2021_44228 #CVE_2021_26855
https://www.greynoise.io/blog/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs

Ransomware group Black Basta’s chat logs were leaked, revealing 62 mentioned CVEs. GreyNoise identified 23 of these CVEs as actively exploited, with some targeted in the last 24 hours.

Show threadNot SimonMar 27, 2024

Security Week did their homework and reported that CVE-2023-24955 was part of a 2-bug exploit chain showcased at last year's Pwn2Own Vancouver in March 2023. The exploit chain would allow for unauthenticated remote code execution on SharePoint servers with elevated privileges. Star Labs team who demonstrated them, released the vulnerability details and proofs of concepts for CVE-2023-29357 and CVE-2023-24955 in September and December 2023. CVE-2023-29357 was added to the KEV Catalog on 10 January 2024. 🔗 https://www.securityweek.com/cisa-second-sharepoint-flaw-disclosed-at-pwn2own-exploited-in-attacks/

#CVE_2023_24955 #CVE_2023_29357 #Microsoft #Sharepoint #vulnerability #CISA #KEV #KnownExploitedVulnerabilitiesCatalog #eitw #activeexploitation

CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks

CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild.

SecurityWeek