CheckPoint released a report about the Magnet Goblin group, which was noted for its rapid exploitation of vulnerabilities in services accessible from the Internet. At the time of exploitation, these vulnerabilities already have patches (that’s why they are 1-day, not 0-day). But because companies tend to be slow to update their systems, Magnet Goblin attackers have been successful in their attacks. 🤷♂️
The report mentions the following vulnerabilities exploited by Magnet Goblin:
🔻 Magento (open source e-commerce platform) – CVE-2022-24086
🔻 Qlik Sense (data analytics solution) – CVE-2023-41265, CVE-2023-41266, and CVE-2023-48365
🔻 Ivanti Connect Secure (tool for remote access to infrastructure) – CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893.
🔻 Apache ActiveMQ (message broker) – CheckPoint write that it is “possible” and do not provide CVE, but this is probably about CVE-2023-46604.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.