Not Simon

@simontsui@infosec.exchange
1.2K Followers
112 Following
687 Posts
This is not Simon. Opinions are made by a screaming goat and do not express the views or opinions of his goatherder.
Show threadNot SimonApr 17, 2024

TrustedSec CTO Justin Elze shared CVE-2024-3400 exploit in the wild on Twitter yesterday, reports that 149.28.194.95 was attempting to exploit CVE-2024-3400

#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #threatintel #IOC

Not SimonMar 28, 2024

U.S. State Department press release: Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure. State's Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of ALPHV BlackCat actors, their affiliates, activities, or links to a foreign government. 🔗 https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-alphv-blackcat-linked-cyber-actors-targeting-u-s-critical-infrastructure/

#USStateDept #RewardsForJustice #BlackCat #ALPHV #threatintel

Show threadNot SimonMar 26, 2024

U.S. State Department Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of APT31, a collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD), a provincial branch of the Ministry of State Security. 🔗 https://rewardsforjustice.net/rewards/apt31-wuhan-xiaoruizhi-science-technology-company-ltd/

#China #cyberespionage #StateDept #RewardsforJustice #APT31 #threatintel

APT31/Wuhan Xiaoruizhi Science & Technology Company, Ltd. – Rewards For Justice

Not SimonMar 21, 2024

iSoon

#Apple #PatchTuesday #iOS #vulnerability

×
Show threadNot SimonApr 17, 2024

TrustedSec CTO Justin Elze shared CVE-2024-3400 exploit in the wild on Twitter yesterday, reports that 149.28.194.95 was attempting to exploit CVE-2024-3400

#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #threatintel #IOC

Show threadNot SimonApr 18, 2024

Zscaler observed exploitation of the Palo Alto Networks PAN-OS command injection zero-day vulnerability CVE-2024-3400 following the release of the PoC exploit code. Zscaler provides an attack flow diagram, and a technical analysis of the Upstyle backdoor and its layers. IOC provided. 🔗 https://www.zscaler.com/blogs/security-research/look-cve-2024-3400-activity-and-upstyle-backdoor-technical-analysis

#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #threatintel #IOC

A Look at CVE-2024-3400 Activity and Upstyle Backdoor Technical Analysis

Delve into CVE-2024-3400, a zero-day command-injection flaw in PAN-OS. Uncover exploitation trends in Zscaler's intelligence network and a Python-based backdoor

Show threadNot SimonApr 19, 2024

Bleeping Computer: GreyNoise and ShadowServer Foundation are reporting active exploitation of CVE-2024-3400 (10.0 critical, disclosed 12 April 2024 by Palo Alto Networks as an exploited zero-day, OS Command Injection Vulnerability in GlobalProtect Gateway, added to CISA KEV Catalog, has Proof of Concept). The good news is that all hotfixes for vulnerable versions of PAN-OS are now released. 🔗 https://www.bleepingcomputer.com/news/security/22-500-palo-alto-firewalls-possibly-vulnerable-to-ongoing-attacks/

#CVE_2024_3400 #PaloAltoNetworks #activeexploitation #eitw #kev

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.

BleepingComputer
Show threadNot SimonApr 20, 2024

Palo Alto Networks released additional details about CVE-2024-3400: the fact that it is a combination of two bugs in PAN-OS; how an attacker was exploiting it; how disabling telemetry initially worked; and how they fixed it. The timeline from discovery to remediation encompasses the whole blog post. Overall a comprehensive after-action review from a company that notified the public almost immediately of an exploited zero-day. 🔗https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/

#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #PANOS #IOC

More on the PAN-OS CVE-2024-3400

PSIRT learned of a suspicious exfiltration attempt at a customer site. Palo Alto Network's team investigated the issue with Volexity's team.

Palo Alto Networks Blog
Show threadCaliApr 20, 2024
@simontsui compared the ivanti fiasco, a tale of two exploits that couldn’t be more different
Show threadNot SimonApr 20, 2024
@Cali it's unfortunate because Ivanti was extraordinarily forthcoming and provided a patch and hot-fix soon after zero-day exploitation. That soon became mass-exploitation and a bypass of the original hotfix. 10 January for the initial 2 zero-days, and 31 January for the 3rd zero-day and another vuln.
Show threadRicky BooneApr 17, 2024
@simontsui I have several I'd like to share as well that I haven't seen posted elsewhere, but I think that actors are just taking advantage of other compromised hosts, VPN providers, etc.