Think, Talk, Hack

Eternal Malware: CVE-2024-3400 Rootkits Persist Through Palo Alto Firewalls Updates and Resets

The cybersecurity community has recently been abuzz with discussions surrounding CVE-2024-3400, a critical vulnerability affecting Palo Alto Networks’ PAN-OS, used in their popular firewall products. This vulnerability has seen a surge in exploitation activities following the release of a proof-of-concept (PoC) code, prompting urgent responses from both cybersecurity experts and Palo Alto Networks. Overview of […]

root

New Security Vulnerabilities Uncovered in pfSense Firewall Software – Patch Now

Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar. “Security inside a local network […]

root

Bypassing pfSense firewall and hacking into application server and firewall itself

Recent cybersecurity research has unveiled a critical vulnerability impacting over 1,450 pfSense servers, exposing them to potential remote code execution (RCE) attacks. This vulnerability arises from a combination of command injection and cross-site scripting flaws, posing a significant threat to the security of these widely-used network appliances. Anyone can bypass the Google and AWS Web […]

root

This code allow to hack into Juniper SRX firewalls and EX switches

Juniper Networks, a company that manufactures widely used networking equipment as well as security solutions, has issued a warning about vulnerabilities that are present in the operating systems of many of its devices. The business has acknowledged in not one but two distinct security alerts that were either released or revised this week that the […]

root

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation said that it’s “seeing exploitation attempts from multiple IPs for Juniper J-Web CVE-2023-36844 (& friends) targeting /webauth_operation.php endpoint,” the same day a proof-of-concept (PoC) became available. The issues, […]

root

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now!

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997, is “reachable pre-authentication, on every SSL VPN appliance,” Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet […]

root

Zyxel Issues Critical Security Patches for Firewall and VPN Products

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system. A brief description […]

root

7 security vulnerabilities in Sophos Firewall version

Customers have been alerted by Sophos that many vulnerabilities, including ones that may lead to arbitrary code execution, have been patched in Sophos Firewall version 19.5. Some of these security flaws were uncovered in-house by Sophos, while others were brought to the attention of the business by third-party researchers who participated in the bug bounty […]

root

How Chinese threat actors are using recently discovered zero day flaws in office and Sophos firewall

By deploying a new Trojan named LOWZERO, integrated into an espionage campaign aimed against Tibetan organizations, the Chinese APT known as TA413 is exploiting a variety of flaws in Microsoft Office and Sophos Firewall. The majority of the targets were businesses connected to the exiled Tibetan administration as well as organizations connected to the Tibetan […]

root

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers’ network. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the […]

root

5 Questions You Need to Ask About Your Firewall Security

Often, organizations think of firewall security as a one-and-done type of solution. They install firewalls, then assume that they are “good to go” without investigating whether or not these solutions are actually protecting their systems in the best way possible. “Set it and forget it!” Instead of just relying on firewalls and assuming that they […]

root

Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity

A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos’ firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. “The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks […]

root

Hackers Exploiting a Critical Vulnerability in Zyxel Firewall & VPN Devices

Several hackers have newly begun exploiting a recently patched critical vulnerability, identified as CVE-2022-30525, which is affecting business firewall and VPN devices from Zyxel. In response to this vulnerability, the cybersecurity experts at Rapid7 have discovered that a number of Zyxel firewalls supporting ZTP like the ATP series, the VPN series, and the USG FLEX […]

root

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw […]

root

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. “A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device,” the […]

root

Threat actors are exploiting critical vulnerability in F5 products to destroy firewalls and network devices completely

Cybercriminal groups have been exploiting a critical vulnerability in F5 BIG-IP solutions to erase file systems on affected devices, rendering servers completely useless. Tracked as CVE-2022-1388, successful exploitation of the flaw would allow remote threat actors to execute commands on BIG-IP network devices with root user privileges, making it a critical security risk. The company […]

root

4 new vulnerabilities in SonicWall SonicOS affect firewalls and other security products: Patch immediately

A recent cybersecurity report revealed the patching of at least four vulnerabilities in SonicOS, the operating system with which multiple solutions developed by the technology firm SonicWall work. According to this report, the successful exploitation of these flaws would have allowed threat actors to deploy multiple cyberattacks. Below are brief descriptions of the reported flaws, […]

root