The Threat CodexFeb 27, 2025
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
#BlackBastaGroup #CVE_2023_6875 #CVE_2024_3400 #CVE_2024_27198 #CVE_2024_24919 #CVE_2024_23897 #CVE_2024_1709 #CVE_2023_4966 #CVE_2023_42793 #CVE_2023_36845 #CVE_2023_36844 #CVE_2023_29357 #CVE_2023_22515 #CVE_2023_20198 #CVE_2022_41082 #CVE_2022_41040 #CVE_2022_37042 #CVE_2022_30525 #CVE_2022_27925 #CVE_2022_26134 #CVE_2022_22965 #CVE_2022_1388 #CVE_2021_44228 #CVE_2021_26855
https://www.greynoise.io/blog/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs

Ransomware group Black Basta’s chat logs were leaked, revealing 62 mentioned CVEs. GreyNoise identified 23 of these CVEs as actively exploited, with some targeted in the last 24 hours.

The Threat CodexAug 22, 2024
The Hidden Door: How CVE-2024-23897 Enabled Ransomware Attack on Indian Banks
#CVE_2024_23897
https://blogs.juniper.net/en-us/threat-research/cve-2024-23897-enabled-ransomware-attack-on-indian-banks
CVE-2024-23897 Enabled Ransomware Attack on Indian Banks

CVE-2024-23897 is an unauthenticated arbitary file read vulnerability in Jenkins CLI used by RansomEXX to target small Indian banks.

Official Juniper Networks Blogs
Not SimonMar 19, 2024

Trend Micro is a bit late talking about CVE-2024-23897 (9.8 critical, disclosed 24 January 2024, has Proof of Concept) Jenkins Server Arbitrary file read vulnerability. The vulnerability exists in the args4j library, allowing an unauthenticated user to read the first few lines of any files on the file system, leading to remote code execution. If I’m reading this correctly, Trend Micro reports active exploitation of CVE-2024-23897, predominantly from the Netherlands (no IOC provided). 🔗 https://www.trendmicro.com/en_us/research/24/c/cve-2024-23897.html They provide vulnerability analyses similar to Sonar Source, explaining attack scenarios and what commands are available for both unauthenticated/authenticated users.

#CVE_2024_23897 #Jenkins #RCE #eitw #activeexploitation #PoC #proofofconcept #vulnerability

Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk

Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.

Trend Micro
Taggart Jan 25, 2024

Good morning! Have a fairly gnarly RCE in #Jenkins:

Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314

#CVE_2024_23897

Jenkins Security Advisory 2024-01-24

Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software

Jenkins Security Advisory 2024-01-24