Phoenix IT

Category: Endpoint Security

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. “The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” cybersecurity firm Arctic Wolf said in an

Read More
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. “The

Read More
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS CHOLLIMA exemplify the use of cross-domain

Read More
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability is rooted in

Read More