CVE: CVE-2024-21893 Status: Persistent Threat While patches were rolled out earlier this year, thousands of instances remain unpatched. Threat actors are utilizing "mass exploitation" scripts to compromise VPN gateways, often leading to persistent backdoors that survive factory resets.
Day 1: Identify and isolate systems matching affected software signatures; enable enhanced logging.
Day 2: Apply emergency mitigations/workarounds; enforce password resets for high-risk accounts.
Day 3: Block identified malicious infrastructure in firewalls and proxies; enable MFA enforcement.
Day 4: Scan for indicators across endpoints, servers, and CI systems; remove suspicious packages/commits.
Day 5: Validate and restore clean backups for critical systems; test recovery procedures.
Day 6: Conduct targeted threat hunts for lateral movement and data exfiltration signs.
Day 7: Review and patch with vendor fixes as released; conduct post-incident lessons learned. 0-day and Hitlist Week -06-12-2024-
CVE: CVE-2024-4577
Status: Wormable
This vulnerability affects Windows-based PHP installations. Attackers are exploiting the cgi.force_redirect configuration bypass to execute arbitrary code. and CI systems