#greenbone

Volimance

@volimance.bsky.social

3 weeks ago

The Way Fonda Lee’s “Green Bone Cycle” would be an excellent setting for Blades in the Dark style rules. I mean it almost writes itself. #greenbone #bladesinthedark

@browniiesx.bsky.social

4 months ago

Fast Kaul Hilo I made after reading #TheGreenBoneSaga.
#GreenBone #Kaulhilo #Hilo #fanart

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

6 months ago

OPENVAS B.V. Debuts at Cybersec Netherlands 2025 in Utrecht Utrecht will be the central meeting point for the cybersecurity community on September 10 – 11, 2025. OPENVAS B.V. will make its first ...

#Blog #Benelux #Cyber #Resilience #Cybersec #Netherlands #cybersecurity #Greenbone #it #security […]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

6 months ago

Kim Nguyen (German Federal Printing Office) on AI and Cyber Security: “Trust Is the Locational Advantage of the EU.” Starting August 2025, businesses and administrative bodies must implement in...

#Blog #Artificial #Intelligence #Bundesdruckerei #Compliance #cybersecurity #EU #AI #Act […]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

7 months ago

OPENVAS: The new name for proven Greenbone security more than 15 years, OPENVAS has stood for excellent open source security worldwide – from small businesses to public institutions to operators ...

#Blog #Community #Edition #cybersecurity #Enterprise #Appliances #Greenbone #Open #Source […]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

7 months ago

OPENVAS: The new name for proven Greenbone security More than 15 years, OPENVAS has stood for excellent open source security worldwide – from small businesses to public institutions to operators ...

#Blog #Community #Edition #cybersecurity #Enterprise #Appliances #Greenbone #Open #Source […]

Oakley O.

@oakleyo24.bsky.social

8 months ago

Starting Jade War today! This series is really good so far. What are y’all’s thoughts on the Green Bone Saga? #booksky #greenbone #jadewar

Starting Jade War today! This series is really good so far. What are y’all’s thoughts on the Green Bone Saga? #booksky #greenbone #jadewar

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

9 months ago

Dwell time: Attackers Are Striking Faster and Disguising Themselves Better Security experts are o...

www.greenbone.net/en/blog/dwell-time-attac...

#Blog #Bedrohungserkennung #cybersecurity #Cybersicherheit #Dwell #Time #Greenbone […]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

9 months ago

Dwell time: Attackers Are Striking Faster and Disguising Themselves Better Security experts are o...

www.greenbone.net/en/blog/dwell-time-attac...

#Blog #cybersecurity #Dwell #Time #Greenbone #network #monitoring #Patch-Management […]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

9 months ago

Availability of CVE Vulnerability Data in Greenbone Products Greenbone AG has been consistently c...

www.greenbone.net/en/blog/availability-of-...

#Blog #CSAF #CVE #Cyber #Resilience #Cyberresilienz #cybersecurity #EuVD #Greenbone #it #security […]

OpenSource

@opensource.activitypub.awakari.com.ap.brid.gy

10 months ago

Intuitive and Clear: Complete Overview of the Security Situation of Your IT Infrastructure – for all Decision-Making Levels Our newly developed product OPENVAS REPORT integrates the data from practically any number of Greenbone Enterprise Appliances and brings it into a clearly structured dashboard. The user-friendly and comprehensive interface considerably simplifies the protection and safeguarding of even large networks. Greenbone AG has been developing leading open source technologies for automated vulnerability management since 2008. More than 100,000 installations worldwide rely on the Greenbone community and enterprise editions to strengthen their cyber resilience. ### “OPENVAS REPORT stands for innovation from the open source market leader.” With our new product, we are decisively shortening the path from current security knowledge to the ability to act – faster, clearer and more flexible than ever before,” explains Dr. Jan-Oliver Wagner, CEO of Greenbone AG. ## Recognize Hazardous Situations Faster and More Effectively To protect your digital infrastructures, it is crucial to keep up to date with security-relevant events and to keep the response time to critical incidents as short as possible. OPENVAS REPORT provides a daily updated, complete overview of the security situation of your IT infrastructure – for all decision-making levels. Thanks to the connected Greenbone Enterprise Appliances, OPENVAS REPORT automatically recognizes computers and software in the company. Users can mark these with keywords and group and sort them as required – thus maintaining an overview even in very large networks. ## Modern, User-friendly Dashboard The OPENVAS REPORT Dashboard offers modern, user-friendly and highly flexible access for users who work with it on a daily basis. For example, filtering or sorting according to the general severity or specific risk of the vulnerabilities is possible. Companies can thus put together their own customized views, which always show an up-to-date picture of the risk situation in the company network. ## Complete Overview OPENVAS REPORT allows you to record and evaluate your company’s security situation at a glance. Thanks to its simple, clear user guidance, it prepares even the most complex data in a readable and understandable way, thus speeding up decision-making in critical situations. With flexible and customizable filter options, OPENVAS REPORT considerably simplifies the day-to-day work of administrators and security officers. ## Flexible Interfaces The extensive export functions allow OPENVAS REPORT to be integrated even more deeply into the infrastructure, for example to process external data with OPENVAS REPORT. **Function** | **Added value for your company** ---|--- Comprehensive asset visibility | Complete overview of all IT assets and their vulnerabilities in a single interface – for a complete assessment of your current security situation. User-friendly dashboards | A clearly structured, interactive dashboard makes complex vulnerability information understandable at a glance and accelerates well-founded decisions. Flexible data processing | A wide range of export, API and automation options can be seamlessly integrated into existing workflows and adapted to individual operational requirements. Efficient data consolidation | Aggregates results from multiple scanners and locations in a central database – reduces administrative effort and improves response time. Customizable classification of vulnerabilities | The severity levels and freely definable tags make it possible to precisely map internal compliance and risk models. Extended reporting functions | Target group-specific reports (C-Level, Audit, Operations) can be generated at the touch of a button: filters and drill-down links provide focused insights into critical security problems. ## Learn More Are you interested in a demo or a quote? Contact our sales team and find out more about OPENVAS REPORT. Write to us:sales@greenbone.net or contact us directly. We will be happy to help you! Contact Test Now Buy Here Back to Overview

Intuitive and Clear: Complete Overview of the Security Situation of Your IT Infrastructure – fo...

https://www.greenbone.net/en/blog/openvas-report/

#Blog #Cyber #Resilience #Dashboard #Enterprise #Appliances #Greenbone #it #security #network #monitoring

Result Details

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

10 months ago

Greenbone Detection Stays Strong Despite NIST NVD Outage Despite the NVD (National Vulnerability Database) outage of the NIST (National Institute of Standards and Technology), Greenbone’s detection engine remains fully operational, offering reliable, vulnerability scanning without relying on missing CVE enrichment data. Since 1999 The MITRE Corporation’s Common Vulnerabilities and Exposures (CVE) has provided free public vulnerability intelligence by publishing and managing information about software flaws. NIST has diligently enriched these CVE reports since 2005; adding context to enhance their use for cyber risk assessment. In early 2024, the cybersecurity community was caught off guard as the NIST NVD ground to a halt. Now roughly one year later, the outage had not been fully resolved [1][2]. With an increasing number of CVE submissions each year, NIST’s struggles have left a large percentage without context such as a severity score (CVSS), affected product lists (CPE) and weakness classifications (CWE). Recent policy shifts pushed by the Trump administration have created further uncertainty about the future of vulnerability information sharing and the many security providers that depend upon it. The FY 2025 budget for CISA includes notable reductions in specific areas such as a 49.8 million Dollar decrease in Procurement, Construction and Improvements and a 4.7 million Dollar cut in Research and Development. In response to the funding challenges, CISA has taken actions to reduce spending, including adjustments to contracts and procurement strategies. ​To be clear, there has been no outage of the CVE program yet. On April 16, the CISA issued a last minute directive to extend its contract with MITRE to ensure the operation of the CVE Program for an additional 11 months just hours before the contract was set to expire. However, nobody can predict how future events will unfold. The potential impact to intelligence sharing is alarming, perhaps signaling a new dimension to a “Cold Cyberwar” of sorts. This article includes a brief overview of how the CVE program operates, and how Greenbone’s detection capabilities remain strong throughout the NIST NVD outage. ## An Overview of the CVE Program Operations The MITRE Corporation is a non-profit tasked with supporting US homeland security on multiple fronts including defensive research to protect critical infrastructure and cybersecurity. MITRE operates the CVE program, acting as the Primary CNA (CVE Numbering Authority) and maintaining the central infrastructure for CVE ID assignment, record publication, communication workflows among all CNAs and ADPs (Authorized Data Publishers) and program governance. MITRE provides CVE data to the public through its CVE.org website and the cvelistV5 GitHub repository, which contains all CVE Records in structured JSON format. The result has been highly efficient, standardized vulnerability reporting and seamless data sharing across the cybersecurity ecosystem. After a vulnerability description is submitted to MITRE by a CNA, NIST has historically added: * **CVSS (Common Vulnerability Scoring System):** A severity score and detailed vector string that includes the risk context for Attack Complexity (AC), Impact to Confidentiality (C), Integrity (I), and Availability (A), as well as other factors. * **CPE (Common Platform Enumeration):** A specially formatted string that acts to identify affected products by relaying the product name, vendor, versions, and other architectural specifications. * **CWE (Common Weakness Enumeration):** A root-cause classification according to the type of software flaw involved. CVSS allows organizations to more easily determine the degree of risk posed by a particular vulnerability and strategically conduct remediation accordingly. Also, because initial CVE reports only require a non-standardized affected product declaration, NIST’s addition of CPE allows vulnerability management platforms to conduct CPE matching as a fast, although somewhat unreliable way to determine whether a CVE exists within an organization’s infrastructure or not. For a more detailed perspective on how the vulnerability disclosure process works and how CSAF 2.0 offers a decentralized alternative to MITRE’s CVE program, check out our article: How CSAF 2.0 Advances Automated Vulnerability Management. Next, let’s take a closer look at the NIST NVD outage and understand what makes Greenbone’s detection capabilities resilient against the NIST NVD outage. ## The NIST NVD Outage: What Happened? Starting on February 12, 2024, the NVD drastically reduced its enrichment of Common Vulnerabilities and Exposures (CVEs) with critical metadata such as CVSS, CPE and CWE product identifiers. The issue was first identified by Anchore’s VP of Security. As of May 2024, roughly 93% of CVEs added after February 12 were unenriched. By September 2024, NIST had failed to meet its self-imposed deadline; 72.4% of CVEs and 46.7% of new additions to CISA’s Known Exploited Vulnerabilities (KEVs) were still unenriched [3]. The slowdown in NVD’s enrichment process had significant repercussions for the cybersecurity community not only because enriched data is critical for defenders to effectively prioritize security threats, but also because some vulnerability scanners depend on this enriched data to implement their detection techniques. As a cybersecurity defender, it’s worthwhile asking: was Greenbone affected by the NIST NVD outage? The short answer is no. Read on to find out why Greenbone’s detection capabilities are resilient against the NIST NVD outage. ## Greenbone Detection Strong Despite the NVD Outage Without enriched CVE data, some vulnerability management solutions become ineffective because they rely on CPE matching to determine if a vulnerability exists within an organization’s infrastructure. However, Greenbone is resilient against the NIST NVD outage because our products do not depend on CPE matching. Greenbone’s OPENVAS vulnerability tests can be built from un-enriched CVE description. In fact, Greenbone can and does include detection for known vulnerabilities and misconfigurations that don’t even have CVEs such as CIS compliance benchmarks [4][5]. To build Vulnerability Tests (VT) Greenbone employs a dedicated team of software engineers who identify the underlying technical aspects of vulnerabilities. Greenbone does include a CVE Scanner feature capable of traditional CPE matching. However, unlike solutions that rely solely on CPE data from NIST NVD to identify vulnerabilities, Greenbone employs detection techniques that extend far beyond basic CPE matching. Therefore, Greenbone’s vulnerability detection capabilities remain robust even in the face of challenges such as the recent outage of the NIST NVD. To achieve highly resilient, industry leading vulnerability detection, Greenbone’s OPENVAS Scanner component actively interacts with exposed network services to construct a detailed map of a target network’s attack surface. This includes identifying services that are accessible via network connections, probing them to determine products, and executing individual Vulnerability Tests (VT) for each CVE or non-CVE security flaw to actively verify whether they are present. Greenbone’s Enterprise Vulnerability Feed contains over 180,000 VTs, updated daily, to detect the latest disclosed vulnerabilities, ensuring rapid detection of the newest threats. In addition to its active scanning capabilities, Greenbone supports agentless data collection via authenticated scans. Gathering detailed information from endpoints, Greenbone evaluates installed software packages against issued CVEs. This method provides precise vulnerability detection without depending on enriched CPE data from the NVD. ### Key Takeways: * **Independence from enriched CVE data:** Greenbone’s vulnerability detection does not rely on enriched CVE data provided by NIST’s NVD, ensuring uninterrupted performance during outages. A basic description of a vulnerability allows Greenbone’s vulnerability test engineers to develop a detection module. * **Detection beyond CPE matching:** While Greenbone includes a CVE Scanner feature for CPE matching, its detection capabilities extend far beyond this basic approach, utilizing several methods that actively interact with scan targets. * **Attack surface mapping:** The OPENVAS Scanner actively interacts with exposed services to map network attack surface, identifying all network reachable services. Greenbone also performs authenticated scans to gather data directly from endpoint internals. This information is processed to identify vulnerable packages. Enriched CVE data such as CPE is not required. * **Resilience to NVD enrichment outages:** Greenbone’s detection methods remain effective even without NVD enrichment, leveraging CVE descriptions provided by CNAs to create accurate active checks and version-based vulnerability assessments. ## Greenbone’s Approach is Practical, Effective and Resilient Greenbone exemplifies the gold standard of practicality, effectiveness and resilience, achieving a benchmark that IT security teams should be striving to achieve. By leveraging active network mapping, authenticated scans and actively interacting with target infrastructure, Greenbone ensures reliable, resilient detection capabilities in diverse environments. This higher standard enables organizations to confidently address vulnerabilities, even in complex and dynamic threat landscapes. Even in the absence of NVD enrichment, Greenbone’s detection methods remain effective. With only a general description Greenbone’s VT engineers can develop accurate active checks and product version-based vulnerability assessments. Through a fundamentally resilient approach to vulnerability detection, Greenbone ensures reliable vulnerability management, setting itself apart in the cybersecurity landscape. ## NVD / NIST / MITRE Alternatives The MITRE issue is a wake-up call for digital sovereignty, and the EU has already (and fast) reacted. A long-awaited alternative, the EuVD by the ENISA, the European Union Agency for Cybersecurity, is there, and will be covered in one of our upcoming blog posts. Contact Test Now Buy Here Back to Overview

Greenbone Detection Stays Strong Despite NIST NVD Outage Despite the NVD (National Vulnerability ...

www.greenbone.net/en/blog/greenbone-detect...

#Blog #CPE #CSAF #2.0 #CVE #CVSS #CWE #cybersecurity #Cybersicherheit #Greenbone #NVD

Result Details

Kubernetes

@kubernetes.activitypub.awakari.com.ap.brid.gy

11 months ago

March 2025 Threat Report: Who Do You Trust? When it comes to protecting your organization from digital threats, who should you trust? Reality dictates that high-resilience IT security is forged from a network of strong partnerships, defense in depth; layered security controls, and regular auditing. Defensive posture needs to be monitored, measured and continuously improved. While vulnerability management has always been a core security control, it is nonetheless a fast moving target. In 2025, continuous and prioritized mitigation of security threats can have a big impact on security outcomes as adversarial time-to-exploit diminishes. In March 2025’s monthly Threat Report, we will highlight the importance of vulnerability management and Greenbone’s industry leading vulnerability detection by reviewing the most recent critical threats. But these new threats only scratch the surface. In March 2025, Greenbone added 5,283 new vulnerability tests to our Enterprise Feed. Let’s jump into some of the important insights from a highly active threat landscape. ## The US Treasury Breach: How Did It Happen? In late December 2024, the U.S. Treasury Department disclosed that its network was breached by Chinese state-backed hackers and subsequently leveraged sanctions in early January 2025. Forensic investigations have tracked the root-cause to a stolen BeyondTrust API key. The vendor has acknowledged 17 other customers breached by this flaw. Deeper investigation has revealed that the API key was stolen via a flaw in a PostgreSQL built-in function for escaping untrusted input. When invalid two-byte UTF-8 characters are submitted to a vulnerable PostgreSQL function, only the first byte is escaped, allowing a single quote to pass through unsanitized which can be leveraged to trigger an SQL Injection [CWE-89] attack. The exploitable functions are PQescapeLiteral(), PQescapeIdentifier(), PQescapeString() und PQescapeStringConn(). All versions of PostgreSQL before 17.3, 16.7, 15.11, 14.16, and 13.19 are affected as well as numerous products that depend on these functions. CVE-2024-12356, (CVSS 9.8) and CVE-2024-12686, (CVSS 7.2) have been issued for BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) and CVE-2025-1094 (CVSS 8.1) addresses the flaw in PostgreSQL. The issue is the subject of several national CERT advisories including Germany’s BSI Cert-Bund (WID-SEC-2024-3726) and the Canadian Centre for Cybersecurity (AV25-084). The flaw has been added to CISA’s known exploited vulnerabilities (KEV) list, and a Metasploit module that exploits vulnerable BeyondTrust products is available, increasing the risk. Greenbone is able to detect the CVEs (Common Vulnerabilities and Exposures) discussed above both in BeyondTrust products or instances of PostgreSQL vulnerable to CVE-2025-1094. ## Advanced fined 3.1 Million Pound for Lack of Technical Controls This month, the UK’s Information Commissioner’s Office (ICO) imposed a 3.07 million Pound fine on Advanced Computer Software Group Ltd. under the UK GDPR for security failures. The case is evidence of how the financial damage caused by a ransomware attack can be further exacerbated by regulatory fines. The initial proposed amount was even higher at 6.09 million Pound. However, since the victim exhibited post-incident cooperation with the NCSC (National Cyber Security Centre), NCA (National Crime Agency) and NHS (National Health Service), a voluntary settlement of 3,076,320 Pound was approved. While operational costs and extortion payments have not been publicly disclosed, they likely add between 10 to 20 million Pound to the incident’s total costs. Advanced is a major IT and software provider to healthcare organizations including the NHS. In August 2022, Advanced was compromised, attackers gained access to its health and care subsidiary resulting in a serious ransomware incident. The breach disrupted critical services including NHS 111 and prevented healthcare staff from accessing personal data on 79,404 individuals, including sensitive care information. The ICO concluded that Advanced had incomplete MFA coverage, lacked comprehensive vulnerability scanning and had deficient patch management practices at the time of the incident – factors that collectively represented a failure to implement appropriate technical and organizational measures. Organizations processing sensitive data must treat security controls as non-negotiable. Inadequate patch management remains one of the most exploited gaps in modern attack chains. ## Double Trouble: Backups Are Critical to Ransomware Mitigation Backups are an organization’s last defense against ransomware and most sophisticated advanced persistent threat (APT) actors are known to target their victim’s backups. If a victim’s backups are compromised, submission to ransom demands is more likely. In 2025, this could mean multi-million Dollar losses. In March 2025, two new significant threats to backup services were revealed; CVE-2025-23120, a new critical severity flaw in Veeam was disclosed, and campaigns targeting CVE-2024-48248 in NAKIVO Backup & Replication were observed. Identifying affected systems and patching them is therefore an urgent matter. In October 2024, our threat report alerted about another vulnerability in Veeam (CVE-2024-40711) being used in ransomware attacks. Overall, CVEs in Veeam Backup and Replication have a high conversion rate for active exploitation, PoC (Proof of Concept) exploits, and use in ransomware attacks. Here are the details for both emerging threats: * **CVE-2024-48248 (CVSS 8.6):** Versions of NAKIVO Backup & Replication before 11.0.0.88174 allow unauthorized Remote Code Execution (RCE) via a function called **getImageByPath** which allows files to be read remotely. This includes database files containing cleartext credentials for each system that NAKIVO connects to and backs up. A full technical description and proof-of-concept is available and this vulnerability is now tracked as actively exploited. * **CVE-2025-23120 (CVSS 9.9):** Attackers with domain user access can trigger deserialization of attacker-controlled data through the .NET Remoting Channel. Veeam attempts to restrict dangerous types via a blacklist, but researchers discovered exploitable classes (xmlFrameworkDs and BackupSummary) not on the list. These extend .NET’s DataSet class – a well-known RCE vector – allowing arbitrary code execution as SYSTEM on the backup server. The flaw is the subject of national CERT alerts globally including HK, CERT.be, and CERT-In. As per Veeam’s advisory, upgrading to version 12.3.1 is the recommended way to mitigate the vulnerability. Greenbone is able to detect vulnerable NAKIVO and Veeam instances. Our Enterprise Feed has an active check [1] and version check [2] for CVE-2024-48248 in NAKIVO Backup & Replication, and a remote version check [3] for the Veeam flaw. ## IngressNightmare: Unauthenticated Takeover in 43% of Kubernetes Clusters Kubernetes is the most popular enterprise container orchestration tool globally. Its Ingress feature is a networking component that manages external access to services within a cluster, typically HTTP and HTTPS traffic. A vulnerability dubbed IngressNightmare has exposed an estimated 43% of Kubernetes clusters to unauthenticated remote access – approximately 6,500 clusters, including Fortune 500 companies. The root-cause is excessive default privileges [CWE-250] and unrestricted network accessibility [CWE-284] in the Ingress-NGINX Controller tool, based on NGINX reverse proxy. IngressNightmare allows attackers to gain complete unauthorized control over workloads, APIs or sensitive resources in multi-tenant and production-grade clusters. A full technical analysis is available from the researchers at Wiz, who pointed out that K8 Admission Controllers are directly accessible without authentication by default, presenting an appealing attack surface to hackers. The full attack trajectory to achieve arbitrary RCE against an affected K8 instance requires exploiting Ingress-NGINX. First, CVE-2025-1974 (CVSS 9.8) to upload a binary payload as the request body. It should be larger than 8kb in size while specifying a Content-Length header larger than the actual content size. This triggers NGINX to store the request body as a file, and the incorrect Content-Length header means the file will not be deleted as the server waits for more data [CWE-459]. The second stage of this attack requires exploiting CVE-2025-1097, CVE-2025-1098, or CVE-2025-24514 (CVSS 8.8). These CVEs all similarly fail to properly sanitize input [CWE-20] submitted to Admission Controllers. Ingress-NGINX converts Ingress objects to configuration files and validates them with the nginx -t command, allowing attackers to execute a limited set of NGINX configuration directives. Researchers found the ssl_engine module can be triggered to load the shared library binary payload uploaded in the first stage. Although exploitation is not trivial and no public PoC code exists yet, sophisticated threat actors will easily convert the technical analysis into effective exploits. The Canadian Centre for Cyber Security has issued a CERT advisory (AV25-161) for IngressNightmare. Patched Ingress-NGINX versions 1.12.1 and 1.11.5 are available and users should upgrade as soon as possible. If upgrading the Ingress NGINX Controller is not immediately possible, temporary workarounds can help reduce risk. Strict network policies can restrict access to a cluster’s Admission Controllers allowing access to only the Kubernetes API Server. Alternatively, the Admission Controller component of Ingress-NGINX can be disabled entirely. Greenbone is able to detect IngressNightmare vulnerabilities with an active check that verifies the presence of all CVEs mentioned above [1][2]. ## CVE-2025-29927: Next.js Framework Under Attack A new vulnerability in Next.js, CVE-2025-29927 (CVSS 9.4) is considered high risk due the framework’s popularity and the simplicity of exploitation [1][2]. Adding to the risk, PoC exploit code is publicly available and Akamai researchers have observed active scans probing the Internet for vulnerable apps. Several national CERTs (Computer Emergency Response Teams) have issued alerts for the issue including CERT.NZ, Australian Signals Directorate (ASD), Germany’s BSI Cert-Bund (WID-SEC-2025-062), and the Canadian Centre for Cyber Security (AV25-162). Next.js is a React middleware framework for building full-stack web applications. Middleware refers to components that sit between two or more systems and handle communication and orchestration. For web-applications, middleware converts incoming HTTP requests into responses and is often also responsible for authentication and authorization. Due to CVE-2025-29927, attackers can bypass Next.js middleware authentication and authorization simply by setting a malicious HTTP header. If using HTTP headers seems like a bad idea for managing a web application’s internal process flow, CVE-2025-29927 is the evidence. Considering user-provided headers were not correctly distinguished from internal ones, this vulnerability should attain the status of egregious negligence. Attackers can bypass authentication by simply adding the `x‑middleware‑subrequest` header to a request and overloading it with at least as many values as the MAX_RECURSION_DEPTH which is 5. For example: `x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware` The flaw is fixed in Next.js versions 15.2.3, 14.2.25, 13.5.9 and 12.3.5, and users should follow the vendor’s upgrade guide. If upgrading is infeasible, it is recommended to filter the `x-middleware-subrequest` header from HTTP requests. Greenbone is able to detect vulnerable instances of Next.js with an active check and a version check. ## Summary The March 2025 threat landscape was shaped by vulnerable and actively exploited backup systems, unforgivably weak authentication logic, high-profile regulatory fines and numerous other critical software vulnerabilities. From the U.S. Treasury breach to the Advanced ransomware fallout, the theme is clear: trust doesn’t grow on trees. Cybersecurity resilience must be earned; forged through layered security controls and backed up by accountability. Greenbone continues to play a vital role by providing timely detection tests for new emerging threats and standardized compliance audits that support a wide array of enterprise architectures. Organizations that want to stay ahead of cyber crime need to proactively scan their infrastructure and close security gaps as they appear. Contact Test Now Buy Here Back to Overview Joseph Lee Joseph has had a varied and passionate background in IT and cyber security since the late 1980s. His early technical experience included working on an IBM PS/2, assembling PCs and programming in C++. He also pursued academic studies in computer and systems engineering, anthropology and an MBA in technology forecasting. Joseph has worked in data analytics, software development and, in particular, enterprise IT security. He specialises in vulnerability management, encryption and penetration testing. LinkedIn

March 2025 Threat Report: Who Do You Trust? When it comes to protecting your organization from di...

www.greenbone.net/en/blog/march-2025-threa...

#Blog #backup #security #Bedrohungsanalyse #CERT #CVE #cyber #attack #data #protection #Greenbone

Event Attributes

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

11 months ago

Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows CVE-2024-4577 (CVSS 9.8 Critica...

www.greenbone.net/en/blog/escalating-attac...

#Blog #CVE-2024-4577 #cybersecurity #Exploit #Exploitation #FastCGI #Greenbone #Patch #PHP […]

cyb3rint3l

@cyb3rint3l.bsky.social

11 months ago

The image displays the Feed Status page from Greenbone Security Assistant (GSA), which is part of the Greenbone Vulnerability Management (GVM) / OpenVAS security scanner.

#thingsthatmakemesmile #openvas #greenbone #vulnerabilityassessment

John C.

@cachookie.bsky.social

1 year ago

My Saturday morning read! About 75% done and this book is straight 🔥 @fondalee.bsky.social does amazing character work and is masterfully setting the stage for the rest of the series. I am getting the Godfather vibes that so many people reference in their reviews, super fun! #booksky 💙📚 #greenbone

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

February 2025 Threat Report: Tectonic Technology Cyber threats are evolving at breakneck speed, but the fundamental weaknesses attackers exploit remain strikingly unchanged. So far in 2025, many analysts have published landscape reviews of 2024 and outlooks for 2025. The cost of cyber breaches is ticking upwards, but overall, cyber breach root-causes have not changed. Phishing [T1566] and exploiting known software vulnerabilities [T1190] continue to top the list. Another key observation is that attackers are weaponizing public information faster, converting CVE (Common Vulnerabilities and Exposures) disclosures into viable exploit code within days or even hours. Once inside a victim’s network, they are executing precision second-stage objectives faster too, deploying ransomware within minutes. In this month’s edition of the Greenbone Threat Report, we will briefly review the disclosed chats of the Black Basta ransomware group and highlight Greenbone’s coverage of their now exposed techniques. We will also review a report from Greynoise about mass exploitation attacks, a new actively exploited vulnerability in Zimbra Collaboration Suite and new threats to edge networking devices. ## The Era of Tectonic Technology If security crises are like earthquakes, then the global tech ecosystem is the underlying tectonic plates. The global technology ecosystem would be best represented as the Paleozoic Era of geological history. Rapid innovative and competitive market forces are pushing and pulling at the fabric of IT security like the colliding supercontinents of Pangea; continuous earthquakes constantly forcing continental shift. Entirely new paradigms of computing such as generative AI and quantum computing are creating advantages and risks; volcanoes of value and unstable ground. Global governments and tech giants are wresting for access to citizen’s sensitive personal data, adding gravity. These struggles have significant implications for privacy, security and how society will evolve. Here are some of the major forces destabilizing IT security today: * Rapidly evolving technologies are driving innovation, forcing technical change. * Organizations are both forced to change as technologies and standards depreciate and motivated to change to remain competitive. * Fierce market competition has accelerated product development and release cycles. * Strategic planned obsolescence has been normalized as a business strategy for reaping financial gain. * Pervasive lack of accountability for software vendors has led to prioritization of performance over “security-first” design principles. * Nation-states weaponize technology for Cyber Warfare, Information Warfare and Electronic Warfare. Due to these forces, well-resourced and well-organized cyber criminals find a virtually unlimited number of security gaps to exploit. The Paleozoic Era lasted 300 million years. Hopefully, we won’t have to wait that long for product vendors to show accountability and employ secure design principles [1][2][3] to prevent so-called “unforgivable” vulnerabilities of negligence [4][5]. The takeaway is that organizations need to develop technical agility and efficient patch management programs. Continuous prioritized vulnerability management is a must. ## Black Basta Tactics Revealed: Greenbone Has Coverage Leaked internal chat logs belonging to Black Basta ransomware group have provided insight into the group’s tactics and inner workings. The logs were leaked by an individual using the alias “ExploitWhispers” who claimed the release was in response to Black Basta’s controversial targeting of Russian banks, allegedly creating internal conflicts within the group. Since its emergence in April 2022, Black Basta has reportedly amassed over $100 million in ransom payments from more than 300 victims worldwide. 62 CVEs referenced in leaked documents reveal the group’s tactics for exploiting known vulnerabilities. Of these 62, Greenbone maintains detection tests for 61, covering 98% of the CVEs. ## The Greynoise 2025 Mass Exploitation Report Mass exploitation attacks are fully automated network attacks against services that are accessible via internet. This month, Greynoise published a comprehensive report summarizing the mass exploitation landscape including the top CVEs attacked by the largest botnets (unique IPs), the most exploited product vendors and top CVEs included in the CISA’s (Cybersecurity and Infrastructure Security Agency) KEV (Known Exploited Vulnerabilities) catalog and exploited by botnets. Greenbone Enterprise Feed has detection tests for 86% of all CVEs (86 total) referenced in the report. When considering only CVEs issued in 2020 or later (66 total), our Enterprise Feed has 90% detection coverage. Additional findings include: * 60% of CVEs exploited in mass exploitation attacks were published in 2020 or later. * Attackers are exploiting vulnerabilities within hours of disclosure. * 28% of vulnerabilities in CISA KEV are exploited by ransomware threat actors. ## Zimbra Collaboration Suite **CVE-2023-34192 (CVSS 9.0)** is a high-severity Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) version 8.8.15. The flaw allows authenticated remote attackers to execute arbitrary code via crafted scripts targeting the **`/h/autoSaveDraft`** function. CISA added CVE-2023-34192 to its KEV catalog, indicating that it has been actively exploited in real-world attacks. Proof-of-concept (PoC) exploit code is publicly available, allowing low-skilled attackers to join the fray. CVE-2023-34192 has held a very high EPSS since its disclosure in 2023. For defenders leveraging EPSS for remediation prioritization, this indicates a high priority to patch. Zimbra Collaboration Suite (ZCS) is an open-source office productivity platform that integrates email, calendar, contacts, tasks and collaboration tools but holds a niche market share of less than 1% of all email and messaging platforms. ## Living on the Edge: New Critical Networking Device Flaws In our monthly threat report we have been tracking the persistent threat to edge network devices. Earlier this-month, we reported on a perfect security storm affecting end-of-life (EOL) Zyxel routers and firewalls. In this section we will review new security risks that fall into the “edge networking” category. Greenbone has detection capabilities for all CVEs discussed below. ### Chinese Hackers Exploit Palo Alto’s PAN-OS for Ransomware CVE-2024-0012 (CVSS 9.8), a vulnerability in Palo Alto PAN-OS disclosed last November, is considered one of the most exploited vulnerabilities of 2024. The CVE is also reportedly being used by Chinese state-backed threat actors for ransomware attacks. Another new flaw affecting PAN-OS, CVE-2025-0108 (CVSS 9.1), was just disclosed this month and immediately tagged as actively exploited by CISA. CVE-2025-0108 is an authentication bypass in the management web-interface and can be chained together with CVE-2024-9474 (CVSS 7.2), a separate privilege escalation vulnerability to gain unauthenticated root control over an unpatched PAN-OS device. ### SonicWall Patches a Critical Actively Exploited CVE in SonicOS **CVE-2024-53704** , a critical severity vulnerability in SonicWall devices, has been recently added to CISA’s KEV list. Astoundingly, CISA lists 8 SonicWall CVEs that are known to be actively exploited in ransomware attacks. **CVE-2024-53704 (CVSS 9.8)** is an Improper Authentication vulnerability [CWE-287] in the SSLVPN authentication mechanism of SonicWall’s SonicOS versions 7.1.1-7058 and older, 7.1.2-7019, and 8.0.0-8035. It allows remote attackers to bypass authentication and and hijack active SSL VPN sessions, potentially gaining unauthorized network access. A full technical analysis is available from BishopFox. An advisory from SonicWall also names additional high severity CVEs in SonicOS that have been patched along with CVE-2024-53704. ### Sophos’ CyberroamOS and EOL XG Firewalls Actively Exploited Sophos, which acquired Cyberoam in 2014, has issued an alert and patch for CVE-2020-29574. CyberoamOS is part of Sophos’ product ecosystem. Aside from this CVE, Sophos XG Firewall, soon to be EOL, is also the subject of an active exploitation alert. * **CVE-2020-29574 (CVSS 9.8):** A critical SQL injection [CWE-89] vulnerability identified in the WebAdmin interface of CyberoamOS versions up to December 4, 2020. This flaw allows unauthenticated attackers to remotely execute arbitrary SQL statements, potentially gaining complete administrative access to the device. A hotfix patch has been issued, which also extends to some affected end-of-life (EOL) products. * **CVE-2020-15069 (CVSS 9.8)** is a critical Buffer Overflow vulnerability in Sophos XG Firewall versions 17.x through v17.5 MR12, allowing unauthenticated RCE via the HTTP/S Bookmarks feature for clientless access. This vulnerability, published in 2020 is now being actively exploited and has been added to CISA KEV indicating heightened risk. Sophos released an advisory in 2020 when the vulnerability was disclosed, along with a hotfix affected firewalls. The XG Series hardware appliances are soon scheduled to reach end-of-life (EOL) on March 31, 2025. ### PrivEsc and Auth Bypasses in Fortinet FortiOS and FortiProxy Fortinet disclosed two critical vulnerabilities, both affecting FortiOS and FortiProxy. The Canadian Center for Cybersecurity and the Belgian Center for Cybersecurity have issued advisories. Fortinet acknowledges active exploitation of CVE-2024-55591 and has released official guidance that includes details on affected versions and recommended updates. ​ * **CVE-2024-55591 (CVSS 9.8):** An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. Multiple PoC exploits are available [1][2] increasing the risk of exploitation by low-skilled attackers. * **CVE-2024-40591 (CVSS 8.8):** Allows an authenticated administrator with Security Fabric permissions to escalate their privileges to super-admin by connecting the targeted FortiGate device to a malicious upstream FortiGate under their control. ### Cisco Flaws Implicated as Initial Access Vectors in Telecom Hacks In the past few months, China’s Salt Typhoon espionage group has routinely exploited at least two critical vulnerabilities in Cisco IOS XE devices to gain persistent access to telecommunications networks. Victims include Italian ISP, a South African telecom, and a large Thai telecom, and twelve universities worldwide including UCLA, Indonesia’s Universitas Negeri Malang and Mexico’s UNAM among others. Previously, Salt Typhoon had compromised at least nine U.S. telecoms, including Verizon, AT&T and Lumen Technologies. U.S. authorities claim Salt Typhoon’s goal is surveilling high-profile individuals, political figures and officials related to Chinese political interests. CVEs exploited by Salt Typhoon include: * **CVE-2023-20198 (CVSS 10):** A privilege escalation flaw in Cisco IOS XE’s web interface. Used for initial access, allowing attackers to create an admin account. * **CVE-2023-20273 (CVSS 7.2):** Another privilege escalation flaw, used after gaining admin access to escalate privileges to root and establish a GRE (Generic Routing Encapsulation) tunnel for persistence. Also, two other CVEs in Cisco products entered the radar in February 2025: * **CVE-2023-20118 (CVSS 7.2):** A command injection vulnerability in the web-based management interface of Cisco Small Business Routers allows authenticated, remote attackers to execute arbitrary commands with root-level privileges by sending crafted HTTP requests. CISA added CVE-2023-20118 to its KEV catalog, indicating evidence of active exploitation. * **CVE-2023-20026 (CVSS 7.2):** A command injection vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series allows authenticated, remote attackers with valid administrative credentials to execute arbitrary commands on the device. The flaw is due to improper validation of user input within incoming HTTP packets. While CVE-2023-20026 is not known to be exploited in any active campaigns, Cisco’s Product Security Incident Response Team (PSIRT) is aware that PoC exploit code for this vulnerability exists. ### Ivanti Patches Four Critical Flaws Four critical vulnerabilities were identified, affecting Ivanti Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA). No reports of active attacks in the wild or PoC exploits have emerged yet. Ivanti advises users to promptly update to the newest versions to address these critical vulnerabilities. Here is a brief technical summary: * **CVE-2025-22467 (CVSS 8.8):** Attackers with credentials can achieve remote code execution (RCE) due to a stack-based buffer overflow [CWE-121] flaw in ICS versions prior to 22.7R2.6. * **CVE-2024-38657 (CVSS 9.1):** Attackers with credentials can write arbitrary files due to an external control of file name vulnerability in ICS versions before 22.7R2.4 and IPS versions before 22.7R1.3. * **CVE-2024-10644 (CVSS 9.1):** A code injection flaw in ICS (pre-22.7R2.4) and IPS (pre-22.7R1.3), allows arbitrary RCE to authenticated administrators. ​ * **CVE-2024-47908 (CVSS 7.2):** An operating system command injection vulnerability [CWE-78] in CSA’s admin web console (versions before 5.0.5), allows arbitrary RCE to authenticated administrators. ## Summary This month’s Threat Report highlights key cybersecurity developments, including the evolving tactics of ransomware groups like Black Basta and the pervasive critical threat to edge network devices. With the support of AI tools, attackers are exploiting vulnerabilities faster-sometimes within hours of disclosure. Organizations must remain vigilant by adopting proactive security measures, continuously updating their defenses and leveraging threat intelligence to stay ahead of emerging threats. Contact Test Now Buy Here Back to Overview Joseph Lee Joseph has had a varied and passionate background in IT and cyber security since the late 1980s. His early technical experience included working on an IBM PS/2, assembling PCs and programming in C++. He also pursued academic studies in computer and systems engineering, anthropology and an MBA in technology forecasting. Joseph has worked in data analytics, software development and, in particular, enterprise IT security. He specialises in vulnerability management, encryption and penetration testing. LinkedIn

February 2025 Threat Report: Tectonic Technology Cyber threats are evolving at breakneck speed, b...

www.greenbone.net/en/blog/february-2025-th...

#Blog #Black #Basta #Cisco #CVE #cyber #threats #cybersecurity #cyberwar #Fortinet #Greenbone

Event Attributes

@vshieldz.bsky.social

1 year ago

Most #vulnerabilities have been known for over a year. With our solutions, you can reduce your attack surface by 99.9%.

Would you like to know more about #Greenbone and how vulnerability management works? Please let us #vShieldz know if you want to see it.

@vshieldz.bsky.social

1 year ago

Major Release: Greenbone Enterprise Appliance 24.10 with Hot New Features - Greenbone Greenbone Enterprise Appliance (GEA) 24.10: New features, AI-based prioritization & compliance-focused reports.

Không chỉ gói gọn trong các tiêu chuẩn bảo mật như #ISO27000 và #PCIDSS giờ đây các doanh nghiệp phải bắt đầu tìm hiểu thêm các tiêu chuẩn bảo mật mới của liên minh Châu Âu như #DORA, #NIS2, #CRA.

Với #Greenbone chúng tôi #vShieldz hỗ trợ các loại report này.

www.greenbone.net/en/blog/majo...

linux

@linux.activitypub.awakari.com.ap.brid.gy

1 year ago

Greenbone Expands Detection Coverage for Huawei Linux Distributions We’re thrilled to announce ...

www.greenbone.net/en/blog/greenbone-expand...

#Blog #cybersecurity #EulerOS #Greenbone #Huawei #Linux […]

[Original post on greenbone.net]

Doom Disco!

@doom-disco.bsky.social

1 year ago

Jade Legacy book cover

As I said, #FondaLee takes a while to build momentum in the first two volumes. In #JadeLegacy, she finally lets her hellhounds right off the leash.
Her #GreenBone saga just catapulted onto my list of favorite #fantasy #books next to Martin’s #ASoIaF 1-3. I still have half a book to go, my gosh!