Although I never thought it possible, I became FIRST.org Liaison in September.

Now on a mission to find a way how to be reasonably/sustainably useful to the community.

I attended the 72th TF-CSIRT in Prague this September, kindly hosted by CESNET and CSIRT.cz / CZ.NIC.

Even had something small to present. Thanks to all who survived 5 minutes of my mumbling about going outside of SOC process

https://tf-csirt.org/wp-content/uploads/2024/10/72TF-LT_20240926-Phishing-through-Dropbox-Paper.pdf

Allow me to introduce you to my workstation (or "battlestation") - it's a 5th year of ongoing evolution from "just two weeks lockdown" in early 2020.

Note: the corner monitors are portable dual screens "FlipGo" by JSAUX. The various threat maps are up just for this picture.

#workstation #workdesk #workfromhome #battlestation #secops #freelancing #outsourcing #homeoffice

Here goes Ivanti again.
CVE-2024-7593 on Virtual Traffic Manager (vTM), allowing remote unauthenticated attackers to bypass authentication and create admin accounts.

CVSSv2: 10, CVSSv3: 9.8

https://www.tenable.com/cve/CVE-2024-7593
https://www.cert.europa.eu/publications/security-advisories/2024-078/

Interesting read. "UnOAuthorized" Microsoft Entra ID Vulnerability allowed attackers to elevate privileges and persist within Microsoft environments through flaws in OAuth 2.0.

https://cybersecuritynews.com/microsoft-entra-id-vulnerability/

Microsoft July Patch Tuesday fixed several zero-days. Namely CVE-2024-38080 (Hyper-V) & CVE-2024-38112 (MSHTML) - both with detected exploitation in the wild.

https://krebsonsecurity.com/2024/07/microsoft-patch-tuesday-july-2024-edition/

https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2024-patch-tuesday-fixes-142-flaws-4-zero-days/

If you are using Splunk Enterprise and related products, please consider recent patch release (contains 6 high severity fixes, including a RCE)

https://www.securityweek.com/splunk-patches-high-severity-vulnerabilities-in-enterprise-product/

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

https://security-tracker.debian.org/tracker/CVE-2024-6387

Warning of critical vulnerability CVE-2024-6387 OpenSSH (sshd) server on glibc-based Linux systems.
Exploiting vulnerabilities allows unauthorized root users to execute code remotely, which in turn can result in system compromising, installing malicious software, manipulating data, and creating backdors for continuous access.

OpenSSH must be updated to eliminate the threat. It is also recommended to filter access on SSH.

Src: https://cert.gov.ua/article/5436463

Juniper CVE-2024-2973 - Critical vulnerability in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router - Authentication Bypass & possibility of full device control.

https://thehackernews.com/2024/07/juniper-networks-releases-critical.html

https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US

https://www.cert.europa.eu/publications/security-advisories/2024-065/