'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🚨 ScreenConnect Exploits Unleash ToddleShark Malware by Kimsuky 🚨"</p><p>Kimsuky, the North Korean APT, leverages vulnerabilities in ScreenConnect (CVE-2024-1708 & CVE-2024-1709) to deploy ToddleShark, aiming at espionage. This polymorphic malware uses Microsoft binaries for stealth and conducts extensive data theft. It's an evolution of Kimsuky's espionage toolkit, hinting at their refined strategies for long-term intelligence gathering. ToddleShark manipulates registry settings, employs scheduled tasks for persistence, and exfiltrates data using PEM certificates, showcasing advanced obfuscation and evasion techniques. Be vigilant and patch up! </p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NorthKorea</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/ScreenConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ScreenConnect</span></a> <a href="https://infosec.exchange/tags/CVE2024_1708" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024_1708</span></a> <a href="https://infosec.exchange/tags/CVE2024_1709" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024_1709</span></a> <a href="https://infosec.exchange/tags/ToddleShark" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ToddleShark</span></a> <a href="https://infosec.exchange/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kimsuky</span></a> <a href="https://infosec.exchange/tags/DataTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataTheft</span></a> <a href="https://infosec.exchange/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p><p>Source: <a href="https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/" rel="nofollow noopener" target="_blank">BleepingComputer.com</a></p><p><a href="https://attack.mitre.org/groups/G0094/" rel="nofollow noopener" target="_blank">Mitre - Kimsuky</a></p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
516active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-beta.1
#cve2024_1708
0 posts · 0 participants · 0 posts today
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🚨 Critical Vulnerabilities Alert in ConnectWise Software 🚨"</p><p>Two vulnerabilities have been identified in ConnectWise's remote desktop software, ScreenConnect, affecting versions 23.9.7 and prior. The first vulnerability (CVE-2024-1708) is a path-traversal issue allowing potential remote code execution or access to sensitive data, rated with a high severity score of 8.4. </p><p>The second (CVE-2024-1709) is an authentication bypass, considered critical with a severity score of 10.0, and is easily exploitable with existing proof-of-concept exploits. ConnectWise has issued updates for cloud-hosted instances, but self-hosted deployments need immediate patching. The exposure is global, with significant concentrations in the United States, and it's expected that cybercriminals and nation-state actors will actively exploit these vulnerabilities.</p><p>| ---- | ---- | ---- |<br>| <strong>CVE Number</strong> | <strong>Description</strong> | *<strong><em>CVSS Severity</em></strong>* |<br>| <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-1708" rel="nofollow noopener" target="_blank">CVE-2024-1708</a> | ScreenConnect 23.9.7 and prior are affected by a path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | <strong>8.4 High</strong> |<br>| <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-1709" rel="nofollow noopener" target="_blank">CVE-2024-1709</a> | ConnectWise ScreenConnect 23.9.7 and prior are affected by an authentication bypass using an alternate path or channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | <strong>10.0 Critical</strong> |</p><p>Professionals using ConnectWise must urgently patch their systems to mitigate these vulnerabilities. The discovery underscores the importance of rigorous security practices in protecting IT infrastructures.</p><p>🛡️💻🔐</p><p>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/VulnerabilityAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityAlert</span></a> <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectWise</span></a> <a href="https://infosec.exchange/tags/CVE2024_1708" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024_1708</span></a> <a href="https://infosec.exchange/tags/CVE2024_1709" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2024_1709</span></a> <a href="https://infosec.exchange/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchManagement</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://infosec.exchange/tags/PrivilegeEscalation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivilegeEscalation</span></a></p><p>Source: <a href="https://unit42.paloaltonetworks.com/connectwise-threat-brief-cve-2024-1708-cve-2024-1709/" rel="nofollow noopener" target="_blank">Unit42 by Palo Alto Networks</a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload