GreyNoise’s internet-wide telemetry identified exploitation activity for 23 CVEs, including high-severity flaws in Palo Alto Networks PAN-OS, Cisco IOS XE, and Microsoft Exchange Server. These vulnerabilities span enterprise software, security appliances, and widely deployed web applications, with several critical flaws exploited as recently as the past 24 hours. Juniper’s Junos OS vulnerabilities (CVE-2023-36845 and CVE-2023-36844) continue to be exploited through PHP variable manipulation, enabling remote code execution on EX Series switches. GreyNoise has confirmed active exploitation of 23 out of 62 vulnerabilities referenced in internal chat logs attributed to the Black Basta ransomware group. High-traffic web platforms remain vulnerable, with CVE-2023-22515 (Atlassian Confluence access control bypass) and CVE-2022-26134 (Confluence Server remote code execution) actively exploited. With ransomware groups increasingly automating vulnerability exploitation, continuous monitoring, and infrastructure hardening have become non-negotiable components of modern cybersecurity programs. Notably, CVE-2023-6875, a missing authorization vulnerability in the WordPress plugin “Post SMTP Mailer,” has seen exploitation despite lacking KEV designation, highlighting the limitations of static vulnerability lists. Network appliances from Palo Alto, Cisco, and Juniper dominate the exploited vulnerabilities list. Microsoft Exchange Server vulnerabilities CVE-2021-26855 (ProxyLogon) and CVE-2022-41082 persist in attacker playbooks, enabling mailbox infiltration and server compromise. These exploits frequently precede ransomware deployment, with attackers leveraging initial access to disable security tools and exfiltrate data. The findings underscore the persistent targeting of known vulnerabilities, even those absent from government advisories like CISA’s Known Exploited Vulnerabilities (KEV) catalog. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The leaked logs, initially compiled by cybersecurity firm VulnCheck, provided a rare window into the vulnerabilities prioritized by ransomware operators. CVE-2024-3400, a command injection flaw in Palo Alto’s PAN-OS, enables unauthenticated attackers to execute arbitrary code with root privileges. The ConnectWise ScreenConnect flaw (CVE-2024-1709) has become particularly prevalent, with attackers exploiting authentication bypasses to implant remote access trojans. The reappearance of CVE-2021-44228 (Log4Shell) in exploitation attempts underscores the challenge of eradicating this ubiquitous logging library vulnerability. The operational tempo of attackers remains alarming, with 12 CVEs exploited within the past 24 hours alone. Similarly, CVE-2023-20198 in Cisco IOS XE’s web UI has resurfaced as a prime target, allowing attackers to create privileged accounts and deploy malicious implants.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Feb 2025 04:05:38 +0000