Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440

Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall.

https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782

Legacy Driver Exploitation Through Bypassing Certificate Verification

Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses.

https://asec.ahnlab.com/en/86881/

Synology Vulnerability Updates

Synology updates some security advisories it release last year adding addition details and vulnerable systems.

https://www.synology.com/en-global/security/advisory/Synology_SA_24_20

https://www.synology.com/en-global/security/advisory/Synology_SA_24_24

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör Johannes B. Ullrich. Innehållet i podden är skapat av Johannes B. Ullrich och inte av, eller tillsammans med, Poddtoppen.

Senast besökta

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated

00:00