TLP TLP TLP CLEAR Author David Deflache, Sebastien Tricaud Summary This week, we share data from another attack being exploited. Atlassian Confluence faces a critical security threat with an actively exploited unauthenticated remote code execution vulnerability in Confluence Data Center and Server. The injection flaw enables unauthorized users to execute arbitrary code, affecting all versions…
TLP TLP TLP CLEAR Author Sebastien Tricaud Summary This scenario automates the download and installation of AnyDesk, a remote desktop software, on a Windows system. It begins by resolving the IP address of the AnyDesk download server through DNS resolution. Subsequently, it simulates a Windows environment for an HTTP request, fetches the AnyDesk.exe file from…
TLP TLP TLP CLEAR Author Sebastien Tricaud Summary Caitlin Condon, an expert at Rapid7, has highlighted critical vulnerabilities in WS_FTP Server, a secure file transfer solution. These vulnerabilities, notably CVE-2023-40044 and CVE-2023-42657, were disclosed by Progress Software on September 27, 2023. CVE-2023-40044, a .NET deserialization flaw, allows remote code execution with a single HTTPS POST…
TLP TLP TLP CLEAR Author David Deflache Summary Microsoft has detected China-linked state-sponsored group HAFNIUM using zero-day exploits to target on-premises Microsoft Exchange Servers. The group gained access to servers, email accounts, and installed malware. Vulnerabilities CVE-2021-26855, -26857, -26858, and -27065 were patched in the latest release. Exchange Online is unaffected. HAFNIUM’s targets include US…
End of content
End of content
