#Windows: PoC Exploit Released for Zero-Click Critical #Vulnerability CVE-2024-49112 in Windows (dubbed "LDAP Nightmare"). This vulnerability affects all unpatched versions of Windows Server, from Windows Server 2019 to 2022:
👇
https://securityonline.info/poc-exploit-released-for-zero-click-vulnerability-cve-2024-49112-in-windows/

@NosirrahSec Late but I happened across this toot again somehow: https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/

@screaminggoat @NosirrahSec Good catch. Same account earlier this morning:

As someone asked for clarification, to avoid confusion, the PoC by SafeBreach that they named "LDAPNightmare" is not CVE-2024-49112 but another LDAP information leak bug fixed in the same month

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112 #infosec
https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/

Detect exploitation attempts of CVE-2024-49112, a critical LDAP Remote Code Execution (RCE) vulnerability that can severely impact unpatched Windows servers, with a set of Sigma rules from SOC Prime.
https://socprime.com/blog/cve-2024-49112-exploitation-attempts-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=cert-ua&utm_content=blog-post

🚨LDAP Nightmare: Exploiting CVE-2024-49112 in Windows Servers

A new RCE vulnerability has been discovered in Windows Domain Controllers.

https://reynardsec.com/en/ldap-nightmare-exploiting-cve-2024-49112-in-windows-servers/

#cybersecurity #activedirectory #windowsserver #infosec #rce #vulnerabilitymanagement #ldap #zeroday #patchtuesday #windows

"Exploit DoS para LDAP Nightmare (CVE-2024-49112)"

https://blog.elhacker.net/2025/01/exploit-dos-para-ldap-nightmare-cve-2024-49112.html

Investigadores de SafeBreach publican un exploit para LDAPNightmare, mientras Lumen bloquea al grupo de hackers Salt Typhoon. Además, surge el ataque "DoubleClickjacking" que elude protecciones, y las violaciones de datos aumentan sus costos operativos. Conoce también los retos de seguridad en APIs y un perdón presidencial intrigante. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 02/01/25 📆 |====

🔒 LDAPNIGHTMARE: SAFE breach PUBLICA PRIMER EXPLOIT PoC (CVE-2024-49112)
Investigadores de SafeBreach han desarrollado un exploit PoC innovador para LDAPNightmare (CVE-2024-49112), que tiene el potencial de comprometer servidores Windows que no han sido parchados. Esta prueba de concepto resalta la importancia de mantener los sistemas actualizados y reforzar las medidas de seguridad necesarias. ¡Descubre todos los detalles! 👉 https://djar.co/WX39

🕵️‍♂️ DE PEGASUS A PREDATOR: LA EVOLUCIÓN DEL SPYWARE COMERCIAL EN iOS
En esta fascinante charla, se analiza la evolución del spyware en iOS desde el descubrimiento de Pegasus en 2016 hasta las últimas amenazas de 2024. Un recorrido indispensable para entender el panorama actual de la ciberseguridad móvil. No te lo pierdas, infórmate aquí 👉 https://djar.co/KR1we

🚫 LUMEN INFORMA: GRUPO SALT TYPHOON BLOQUEADO
Lumen ha comunicado que logró bloquear al grupo de hackers Salt Typhoon, responsable de ataques a al menos nueve empresas de telecomunicaciones en EE.UU. Este evento subraya la necesidad de una vigilancia constante en la infraestructura crítica. Entérate de más sobre este importante desarrollo 👉 https://djar.co/MTYDsk

🖱️ NUEVO EXPLOIT "DOUBLECLICKJACKING" ELUDE PROTECCIONES
Un nuevo ataque, denominado "DoubleClickjacking", ha sido identificado como capaz de esquivar las protecciones contra clickjacking que implementan importantes sitios web. Este exploit aprovecha intervalos de tiempo entre clics dobles, facilitando la toma de control de cuentas. Aprende más sobre esta amenaza emergente 👉 https://djar.co/Ro0S

💳 EL VERDADERO COSTO DE LAS VIOLACIONES DE DATOS PARA LAS EMPRESAS
Un reciente informe de 2024 revela que las violaciones de datos requieren más tiempo que nunca para ser resueltas, lo que impacta significativamente en los costos operativos de las empresas afectadas. Este artículo proporciona información vital para comprender cómo estas infracciones afectan el negocio. Lee más aquí 👉 https://djar.co/V6eTPn

🔍 OWASP API SECURITY TOP 10 EXPLICADO
En esta publicación exhaustiva, se analizan los principales diez desafíos de seguridad de API según OWASP, ofreciendo una guía esencial para cualquier profesional de seguridad informática. Profundiza en cada uno de los puntos críticos y refuerza tus conocimientos de ciberseguridad. No te lo pierdas 👉 https://djar.co/OCT1Rm

⚖️ UN EJECUTIVO DE CIBERSEGURIDAD PERDONADO POR TRUMP: MISTERIO DESVELADO
Documentos judiciales recientemente desclasificados revelan el motivo detrás del perdón otorgado por Donald Trump a un ejecutivo de ciberseguridad en 2020, por un crimen que permanecía en la sombra. Este caso intrigante ofrece lecciones sobre la intersección entre política y ciberseguridad. Descubre toda la historia 👉 https://djar.co/7LtQJ

CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.

A crashing PoC has been published.

#ldap #microsoft #vulnerability #vulnerabilities #cybersecurity

🔗 PoC https://github.com/Dliv3/CVE-2024-49112 (I didn't test it, so review it)
🔗 https://vulnerability.circl.lu/vuln/CVE-2024-49112#sightings
🔗 https://www.zerodayinitiative.com/blog/2024/12/10/the-december-2024-security-update-review (ZDI PoV)

@screaminggoat @hrbrmstr Another D-Link vuln: https://nvd.nist.gov/vuln/detail/CVE-2024-13107

CVSS rates it a sev:MED but the description says sev:CRIT:

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Claimed PoC: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2LocalAclEditcfg.md

Sharing because any time the vendor severity is much higher than the CVSS is interesting, and there's apparently a public PoC, and because it's another vuln in a *link* product.

@wdormann my VM SME and I were just talking about this today when off memory I pulled the Intel cards for 12, not 13, but the article conflated the two.

Palo had something similar last year where CVE-2024-0012 was the one in the news, but there were also associated 0011 and 0013.

Security researchers reveal #activeexploitation of a vulnerability in #FourFaith routers

The vulnerability is tracked as CVE-2024-12856, and when exploited, allows an attacker to inject commands

Administrators are advised to reach out to their Four-Faith contacts for mitigation steps

#cybersecurity

https://www.bleepingcomputer.com/news/security/hackers-exploit-four-faith-router-flaw-to-open-reverse-shells/

Seriously… stay away from Palo Alto Firewalls…

CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

https://security.paloaltonetworks.com/CVE-2024-3393

gosh the second CVE-2025-# of 2025 is also super lame https://cve-timeline.hrbrmstr.app/?cve=CVE-2025-22214?source=direct

https://github.com/CVEProject/cvelistV5/blob/main/cves/2025/22xxx/CVE-2025-22214.json

Cyber 2025 seems to be underachieving already.

Progress security advisory: WhatsUp Gold Security Bulletin December 2024
@cR0w Progress allegedly published this advisory 12 December 2024, but the page wasn't available from Google search results (thank Gemini AI ✨ for being useless) and Progress doesn't maintain a dedicated security advisories section on their website. Anyway, this page hasn't been updated with new information since 12 December so it's also useless. Here are the three vulnerabilities:

• CVE-2024-12105 (6.5 medium) authenticated information disclosure via specially crafted HTTP request
• CVE-2024-12106 (9.4 critical) unauthenticated attacker can configure LDAP settings
• CVE-2024-12108 (9.6 critical) an attacker can gain access to the WhatsUp Gold server via the public API

No mention of exploitation. Patched in WhatsUp Gold version 24.0.2

#infosec #progress #whatsupgold #cve #vulnerability #cybersecurity

Progress security advisory: WhatsUp Gold Security Bulletin December 2024
@cR0w Progress allegedly published this advisory 12 December 2024, but the page wasn't available from Google search results (thank Gemini AI ✨ for being useless) and Progress doesn't maintain a dedicated security advisories section on their website. Anyway, this page hasn't been updated with new information since 12 December so it's also useless. Here are the three vulnerabilities:

• CVE-2024-12105 (6.5 medium) authenticated information disclosure via specially crafted HTTP request
• CVE-2024-12106 (9.4 critical) unauthenticated attacker can configure LDAP settings
• CVE-2024-12108 (9.6 critical) an attacker can gain access to the WhatsUp Gold server via the public API

No mention of exploitation. Patched in WhatsUp Gold version 24.0.2

#infosec #progress #whatsupgold #cve #vulnerability #cybersecurity

Progress security advisory: WhatsUp Gold Security Bulletin December 2024
@cR0w Progress allegedly published this advisory 12 December 2024, but the page wasn't available from Google search results (thank Gemini AI ✨ for being useless) and Progress doesn't maintain a dedicated security advisories section on their website. Anyway, this page hasn't been updated with new information since 12 December so it's also useless. Here are the three vulnerabilities:

• CVE-2024-12105 (6.5 medium) authenticated information disclosure via specially crafted HTTP request
• CVE-2024-12106 (9.4 critical) unauthenticated attacker can configure LDAP settings
• CVE-2024-12108 (9.6 critical) an attacker can gain access to the WhatsUp Gold server via the public API

No mention of exploitation. Patched in WhatsUp Gold version 24.0.2

#infosec #progress #whatsupgold #cve #vulnerability #cybersecurity

CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.

A crashing PoC has been published.

#ldap #microsoft #vulnerability #vulnerabilities #cybersecurity

🔗 PoC https://github.com/Dliv3/CVE-2024-49112 (I didn't test it, so review it)
🔗 https://vulnerability.circl.lu/vuln/CVE-2024-49112#sightings
🔗 https://www.zerodayinitiative.com/blog/2024/12/10/the-december-2024-security-update-review (ZDI PoV)

@todb you want some freebies?
Fortinet says Botnets like FICORA, a Mirai variant, and CAPSAICIN, a Kaiten variant, are exploiting CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. Only CVE-2015-2051 is in CISA's KEV Catalog.
https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities

@todb you want some freebies?
Fortinet says Botnets like FICORA, a Mirai variant, and CAPSAICIN, a Kaiten variant, are exploiting CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. Only CVE-2015-2051 is in CISA's KEV Catalog.
https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities