Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440
Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall.
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782)
Legacy Driver Exploitation Through Bypassing Certificate Verification
Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses.
https://asec.ahnlab.com/en/86881/)
Synology Vulnerability Updates
Synology updates some security advisories it release last year adding addition details and vulnerable systems.
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20)
https://www.synology.com/en-global/security/advisory/Synology_SA_24_24)
