Attack Research

SEARCH

CATEGORIES

TAGS

    Ivanti Endpoint Manager – Multiple Credential Coercion Vulnerabilities

    February 19, 2025
    Critical Ivanti Endpoint Manager vulnerabilities revealed—learn about CVE exploits and mitigation.

    Critical Vulnerabilities in SimpleHelp Remote Support Software

    January 13, 2025
    SimpleHelp remote support software is susceptible to critical vulnerabilities that could allow full takeover of SimpleHelp servers. Users of SimpleHelp should upgrade to the latest version ASAP.

    The Value of Data Pilfering at Scale

    Hackers don’t break in, they log in. This has never been more true – as the demand for data increases, more files than ever are being stored across the enterprise. Local files, file shares, cloud backups, and more are filling up with precious data. And with that, comes increased risk that the data being stored…

    Palo Alto Expedition: From N-Day to Full Compromise

    On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it's advertised as: The purpose of this tool is to help reduce the time and efforts of migrating a configuration from…

    CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive

    On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA's Known Exploited Vulnerability (KEV) catalog two days later on August 15, 2024. The advisory states: SolarWinds Web Help Desk was found to be susceptible to a…

    CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability

    On September 10, 2024, Ivanti released a security advisory for a command injection vulnerability for it's Cloud Service Appliance (CSA) product. Initially, this CVE-2024-8190 seemed uninteresting to us given that Ivanti stated that it was an authenticated vulnerability. Shortly after on September 13, 2024, the vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV). Given…

    CVE-2023-28324 Deep Dive: Ivanti Endpoint Manager AgentPortal Improper Input Validation

    Update: 2024-09-16 We initially wrote this post in reference to CVE-2024-29847, however this post actually describes CVE-2023-28324. We had incorrectly assumed that the SU5 update was comprehensive which resulted in us mistaking CVE-2023-28324 for CVE-2024-29847. The content of this blog has been updated accordingly. Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution…

    NTLM Credential Theft in Python Windows Applications

    August 23, 2024
    This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

    Traccar 5 Remote Code Execution Vulnerabilities

    August 23, 2024
    This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

    Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces

    June 14, 2024
    This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.