Common Vulnerabilities and Exposures

MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis

Posted on August 2, 2023 by Valentina Palmiotti

The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and […]

The post MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis appeared first on Security Intelligence.

Continue reading MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis→

Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain

Posted on July 18, 2023 by John Dwyer

This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker […]

The post Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain appeared first on Security Intelligence.

Continue reading Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain→

CISA’s Known Vulnerabilities Impact 15M Public Services

Posted on June 14, 2023 by Jonathan Reed

CISA’s Known Exploited Vulnerabilities (KEV) catalog is the authoritative source of information on past or currently exploited vulnerabilities. In a new report, the Rezilion research team analyzed vulnerabilities in the current KEV catalog. The results revealed a whopping 15 million vulnerable instances. And the majority of the occurrences were Microsoft Windows instances. Rezilion notes that […]

The post CISA’s Known Vulnerabilities Impact 15M Public Services appeared first on Security Intelligence.

Continue reading CISA’s Known Vulnerabilities Impact 15M Public Services→

X-Force Identifies Vulnerability in IoT Platform

Posted on April 5, 2023 by Katherine Bianco Vega

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a […]

The post X-Force Identifies Vulnerability in IoT Platform appeared first on Security Intelligence.

Continue reading X-Force Identifies Vulnerability in IoT Platform→

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

Posted on March 21, 2023 by Valentina Palmiotti

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption […]

The post Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours appeared first on Security Intelligence.

Continue reading Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours→

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

Posted on January 20, 2023 by Valentina Palmiotti

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabilities usually yield a lot of interest, but […]

The post Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” appeared first on Security Intelligence.

Continue reading Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”→

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

Posted on December 13, 2022 by Chris Thompson

In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely execute code. The vulnerability is in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, which allows […]

The post Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism appeared first on Security Intelligence.

Continue reading Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism→

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1

Posted on October 17, 2022 by Rio Sherri

Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a […]

The post Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1 appeared first on Security Intelligence.

Continue reading Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1→

CISA or CVSS: How Today’s Vulnerability Databases Work Together

Posted on August 22, 2022 by Mark Stone

In the cybersecurity field, large databases of known threats and vulnerabilities have often been an essential resource. These catalogs show you where to focus your efforts. They’re also a good tool for prioritizing patches to increase security and mitigate the risk of disaster. As a result, these databases need to be reliable and up-to-date and […]

The post CISA or CVSS: How Today’s Vulnerability Databases Work Together appeared first on Security Intelligence.

Continue reading CISA or CVSS: How Today’s Vulnerability Databases Work Together→

X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021

Posted on May 5, 2022 by Austin Zeizel

From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the […]

The post X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 appeared first on Security Intelligence.

Continue reading X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021→