Ivanti Server-Side Request Forgery to Auth-Bypass
Overview Ivanti disclosed a couple more vulnerabilities — server-side request forgery (CVE-2024-21893) and a privilege escalation (CVE-2024-21888) vulnerability. This disclosure comes only a few weeks after confirming an exploit chain impacting Ivanti Connect Secure and […]
Jenkins CLI Data Leak Vulnerability
Overview The SonicWall Capture Labs threat research team became aware of the Jenkins CLI (command-line-interface) arbitrary file read vulnerability, assessed its impact and developed mitigation measures for the vulnerability. Jenkins is a Java-based automation tool […]
Blackwood APT Group Has a New DLL Loader
Overview This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt […]
Ivanti Authentication Bypass Vulnerability
Overview The SonicWall Capture Labs threat research team became aware of the Ivanti Connect Secure and Policy Secure Gateway authentication bypass vulnerability, assessed its impact and developed mitigation measures for the vulnerability. Ivanti Connect Secure, […]
GitLab Account Takeover
Overview The SonicWall Capture Labs threat research team became aware of an account takeover via password reset vulnerability in GitLab, assessed its impact and developed mitigation measures for the vulnerability. GitLab, an open-source code-sharing platform, […]
This post is also available in: Portuguese (Brazil) French German Japanese Korean Spanish