CyberSecurityBoard
Sponsor Register Login

CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Publication date: Tue, 28 May 2024 00:00:00 +0000


Cyber News related to CVE-2024-24919

Chinese Hackers Exploiting Check Point's VPN Zero-Day Vulnerability - Check Point’s telemetry revealed exploitation attempts beginning in April 2024, with threat actors using stolen credentials to authenticate via VPNs and masquerading as legitimate users. Check Point’s incident response team continues to ...
1 week ago Cybersecuritynews.com CVE-2024-24919 CVE-2024-48248
Check Point releases emergency fix for VPN zero-day exploited in attacks - Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. On Monday, the company first warned about a spike in attacks targeting VPN devices, ...
9 months ago Bleepingcomputer.com CVE-2024-24919
Check Point discovers vulnerability tied to VPN attacks - Check Point Software Technologies disclosed a zero-day vulnerability connected to recent attempted attacks against its VPN technology. The cybersecurity vendor advised customers against using password-only authentication for local accounts and issued ...
9 months ago Techtarget.com CVE-2024-24919 LockBit Akira
Check Point VPN zero-day exploited in attacks since April 30 - Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. Check Point warned ...
9 months ago Bleepingcomputer.com CVE-2024-24919
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
5 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution - RansomLord: Open-source anti-ransomware exploit toolRansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. Attackers are probing Check Point Remote Access VPN devicesAttackers ...
9 months ago Helpnetsecurity.com CVE-2024-24919 CVE-2024-23108 CVE-2023-34992
New NailaoLocker ransomware used against EU healthcare orgs - Orange has shared several hypotheses for the attacks, including false flag operations meant to distract, strategic data theft operations doubled with revenue generation, and, more likely, a Chinese cyberespionage group "moonlighting" on the side to ...
2 weeks ago Bleepingcomputer.com CVE-2024-24919 Dragonfly
Install the Fix to Stay Protected - Over the past week, we've been monitoring attempts to gain unauthorized access to VPNs, which we attributed to CVE-2024-24919. We quickly generated a fix which ensures these attempts are prevented once installed, and we are urging customers to ...
9 months ago Blog.checkpoint.com CVE-2024-24919
CVE-2024-24919 - Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is ...
1 month ago
New NailaoLocker Ransomware Attacking European Healthcare - European healthcare organizations are facing a sophisticated cyber threat from a newly identified ransomware strain called NailaoLocker, deployed as part of a campaign tracked as Green Nailao by Orange Cyberdefense CERT. The Green Nailao campaign ...
2 weeks ago Cybersecuritynews.com CVE-2024-24919
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
11 months ago Cisa.gov
CVE-2021-24919 - The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL ...
3 years ago
CVE-2023-24919 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability ...
1 year ago
CVE-2022-24919 - An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is ...
1 year ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
8 months ago Tenable.com
The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com
CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com
CVE-2024-9255 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com
CVE-2024-9254 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com
CVE-2024-9253 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com
CVE-2024-9252 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com
CVE-2024-9251 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com
CVE-2024-9250 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com
CVE-2024-9246 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
5 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)