Tag Archives: Wiz

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege - PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script.

The need for authentication and admin access could limit this vulnerability’s impact, but here we have the previous vulnerability Authentication Bypass – PAN-OS (CVE-2024-0012). 😏 Exploitation of this vulnerability chain was noted by Palo Alto on November 17. After November 19, when the watchTowr Labs article was published and exploits appeared, mass attacks began.

On November 21, Shadowserver reported that ~2000 hosts were compromised, mostly in the US and India. According to Wiz, attackers deployed web shells, Sliver implants and cryptominers.

На русском

About Remote Code Execution – NVIDIA Container Toolkit (CVE-2024-0132) vulnerability

About Remote Code Execution - NVIDIA Container Toolkit (CVE-2024-0132) vulnerability

About Remote Code Execution – NVIDIA Container Toolkit (CVE-2024-0132) vulnerability. NVIDIA’s bulletin was released on September 25. The vulnerability was found by researchers from Wiz.

Container Toolkit provides containerized AI applications with access to GPU resources. AI is now almost impossible without the use of video cards. 😏 Therefore, this component is very common.

The essence of the vulnerability is that a launched malicious container image can gain access to the host file system, which, in turn, can lead to the attacker’s code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

If an attacker gains access to a desktop in this way, it’s not so bad, but what if he gains access to Kubernetes nodes or a cluster? 🫣 AI service providers (a la Hugging Face) that launch untrusted images are at risk.

На русском

Vulnerability Management news and publications #1

Vulnerability Management news and publications #1. Hello everyone! In this episode, I will try to revive Security News with a focus on Vulnerability Management.

On the one hand, creating such reviews requires free time, which could be spent more wisely, for example, on open source projects or original research. On the other hand, there are arguments in favor of news reviews. Keeping track of the news is part of our job as vulnerability and security specialists. And preferably not only headlines.

Alternative video link (for Russia): https://vk.com/video-149273431_456239095

I usually follow the news using my automated telegram channel @avleonovnews. And it looks like this: I see something interesting in the channel, I copy it to Saved Messages so that I can read it later. Do I read it later? Well, usually not. Therefore, the creation of news reviews motivates to read and clear Saved Messages. Just like doing Microsoft Patch Tuesday reviews motivates me to watch what’s going on there. In general, it seems it makes sense to make a new attempt. Share in the comments what you think about it. Well, if you want to participate in the selection of news, I will be glad too.

I took 10 news items from Saved Messages and divided them into 5 categories:

  1. Active Vulnerabilities
  2. Data sources
  3. Analytics
  4. VM vendors write about Vulnerability Management
  5. de-Westernization of IT

Continue reading