Dimitris Papapetros

“[un]prompted” is a new AI security conference for practitioners (https://t.co/xKR1ZZKmkG). The first event was held in San Francisco earlier this month and the recordings are now live: https://t.co/9UGtUSQl2M

A reminder of what’s possible when public and private sector efforts align effectively. https://t.co/RyJoDdAwy9

"We cannot solve our problems with the same thinking we used when we created them." Albert Einstein

One more Ivanti CVE released today: CVE-2024-22024 https://t.co/c2d6wbY7Xj

CVE-2024-21893 (SSRF) can be chained to CVE-2024-21887 for unauthenticated command injection with root privileges (bypassing previous fix). Take Ivanti hosts offline, rebuild and upgrade to the latest version that addresses all known vulnerabilities.

References: https://t.co/wsGrUWkFHY https://t.co/C15Xrg5Ocb https://t.co/AIusQfxUF2

Another advisory about potential unauthorized access, this time recommending disabling all HTTP and HTTPs traffic to MOVEit Transfer: https://t.co/RjzKgUWsVh

Internet facing MOVEit Transfer hosts are being actively exploited via a critical 0day vulnerability (CVE-2023-34362), look for indicators of compromise. - https://t.co/57x8mVguGn - https://t.co/mt1Emj24mr - https://t.co/ebEKlxbDh5

New advisory and patches released for new critical MOVEit Transfer vulnerabilities: https://t.co/KesNUmjpCR

Log4j 2.17.1 patches an RCE vulnerability (CVE-2021-44832, CVSS 6.6) affecting all versions from 2.0-alpha7 to 2.17.0 (excl.2.3.2 & 2.12.4). The attack requires permission to modify the logging configuration file, if that happens you have more things to worry about.

🚨RCE 0-day in log4j: https://t.co/AwhnWShDI9 https://t.co/M8ZWrwNedj

Log4j 2.17.0 has been released in order to patch a high severity DoS vulnerability (CVE-2021-45105, CVSS 7.5) affecting all versions from 2.0-beta9 to 2.16.0. https://t.co/F5ackjEbQD