Media Coverage

A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 and was discovered by Piotr Kijewski of The Shadowserver Foundation. It is a critical severity (CVSS v3.1 score: 9.8) problem.

“Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device,” warns Taiwan’s CERT.

Kijewski told BleepingComputer that the botnet appears to be a Mirai variant, which is usually used as part of DDoS platforms or to perform cryptomining.

A critical command injection vulnerability (CVE-2024-10914) impacting numerous end-of-life D-Link network-attached storage (NAS) devices is currently under active exploitation. The Shadowserver Foundation has reported observing active exploitation attempts targeting these devices since November 12th, with nearly 1,100 devices confirmed as exposed.

Palo Alto Networks said it has seen a “claim of a remote code execution vulnerability via the PAN-OS management interface” but does not have details yet. It urged customers to ensure access “is possible only from trusted internal IPs and not from the Internet…” A search by the Shadowserver Foundation however showed some 11,000 PAN-OS management interfaces publicly exposed to the internet. The majority are in the US (4,000) and India (1,000) with 200  in the UK.

The average person might think for-profit companies like Apple, Google and Microsoft are responsible for keeping digital ecosystems together. In reality, hundreds of nonprofits maintain critical cybersecurity functions for the good of the Internet and all its users,

Many of the tools small businesses depend on are run or supported by nonprofits. They may use Quad9 to block malicious websites, Let’s Encrypt to encrypt their websites, or Shadowserver to fix network vulnerabilities. If you value accessible and secure online experiences, now is the time to show your support.

Shadowserver has issued a critical warning about the widespread exploitation of Fortinet FortiManager devices using the recently disclosed CVE-2024-47575 vulnerability. With a CVSS score of 9.8/10, this critical flaw allows unauthenticated remote attackers to execute arbitrary code or commands on affected systems.

Chris Gibson (FIRST) in an interview with Common Good Cyber.

Our vision is to make the Internet safer through building relationships and networks of teams worldwide. These teams support, train, and mentor each other, helping new groups develop until they can maintain incident response capabilities within their own countries or regions. Our members, company teams and incident response teams worldwide rely on data. They can gather some of it themselves. Some of the more mature teams have that set up within their jurisdictions. They’re pulling feeds, but many of them rely heavily on companies like Shadowserver. 

The data Shadowserver delivers, as a public service, is just fantastic. If Shadowserver disappeared, our membership’s ability to deliver safety on the internet would be significantly impacted.

An interview with Common Good Cyber.

“We share hundreds of millions of cyber threat events daily with entities across the planet.” Shadowserver’s core mission is, at its most basic level, delivering such valuable information for free to threat defenders so that they can better secure their networks. To sustain their operations – including helping critical infrastructure and supporting multi-year law enforcement operations to actively take down threats – Piotr Kijewski, the nonprofit’s CEO, calculates that $5 million are needed yearly and admits there is no fully sustainable guaranteed pipeline for the coming years.

Common Good Cyber is a global initiative to create sustainable funding models for the organizations and individuals working to keep the Internet safe.

A critical security vulnerability affecting over 87,000 FortiOS devices has been discovered, leaving them exposed to potential remote code execution (RCE) attacks. The flaw, identified as CVE-2024-23113, impacts multiple versions of FortiOS, FortiProxy, FortiPAM, and FortiWeb products.

According to Shadowserver scans, approximately 87,390 IP addresses associated with potentially vulnerable Fortinet devices have been identified. The United States leads with 14,000 affected devices, followed by Japan (5,100) and India (4,800).

In a world where we all live and work online, investing in cyber security and promoting responsible behaviour is an essential part of this mission, because fundamentally, and you will all know this, there is no national security, no economic security without cyber security. I wanted to highlight today and reflect on three key themes that will guide our approach as a new government.

The first of those is that partnerships are vital for success.

Secondly, I want to talk about responsible cyber behaviour. I will simply say that for the UK, this is about staying at the forefront of science and technology so we can understand threats and respond appropriately, and helping others do the same. For example, supporting cyber security nonprofit organisations like Shadowserver to share threat data.

Thirdly, I wanted to stress the importance of a whole of society approach.

That’s how we can ultimately keep our citizens safe, help our economies to flourish, protect our security and stand up for our values.

Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently disclosed security flaw, tracked as CVE-2024-45519, has been under attack since late September 2024, prompting urgent calls for patching.

According to the Shadowserver Foundation, as of October 4, 2024, more than 19,600 unpatched Zimbra instances remain exposed to this vulnerability. Germany, the U.S., and Russia top the list of affected countries, each with over 1,500 vulnerable servers.