🧵Last week we (Volexity) identified and reported in-the wild (ITW) exploitation of CVE-2024-3400 affecting Palo Alto GlobalProtect 👇

volexity.com/blog/2024/04/1…

#dfir #ThreatIntel #infosecurity

Our blog with details on the exploitation of CVE-2024-3400 is up! An incredibly fast turn around from our detecting a breach to smashing threat actor capabilities. Huge shout out to our Volexity team and our awesome customers & a great response from the Palo Alto Networks team.

Hmm search results on SoundCloud don’t show the numbers of plays or favorites anymore? 👎 😢 SoundCloud Support

Following Volexity's initial discovery & reporting on recent Ivanti Connect Secure vulnerabilities, Cybersecurity and Infrastructure Security Agency released a joint advisory that warns  #threatactors continue to exploit these vulnerabilities. More details + mitigations here: cisa.gov/news-events/cy…
#dfir #threatintel

This is a crazy wreck. Drove by this on ramp they landed on just a police got there. Car was facing wrong way on the 57A entrance to 50 from 66W. A woman was laying on the ground next to the car. Had no idea 4 other people were in the car, it was stolen, & found with a gun. Wild!

.Volexity consistently observes Iranian #apt group CharmingCypress innovate ways to persistently pursue targets. This blog reviews the group's phishing tactics & malware + investigates an attack with Volexity Volcano: volexity.com/blog/2024/02/1…

#dfir #threatintel #memoryforensics

In this blog post, Michael Ligh (MHL) + Andrew Case break down how Volexity used #memoryforensics to discover two #0days being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices. More details here: volexity.com/blog/2024/02/0…

#dfir #threatintel

.Volexity shares new observations on cont'd widespread exploitation of Ivanti Connect Secure VPN vulnerabilities. Now, 2100+ compromised devices & UTA0178 observed modifying built-in Integrity Checker Tool to evade detection. Details: volexity.com/blog/2024/01/1…

#dfir #threatintel

.Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1…

#dfir #threatintel

Hah just opened up YouTube to see one of those fake your iPhone has a virus ads. This was right at the top of the home page in YouTube. Who would fall for this while scrolling through videos?

Keep dreaming Lowe's LOL. 🌲

PHOTOS: We are asking for the community’s assistance in locating the driver and car involved in a fatal pedestrian hit-and-run in Lanham. The victim is 28-year-old Franklin Membreno Mendez of New Carrollton.
tinyurl.com/2df8f97r

All these messages going around about an active but mysterious and illusive 0day in Signal remind me of the old chain email messages people used to forward around. 😂

Don't miss tlansec's talk at 12:00 BST tomorrow, Oct 5, at #VB2023 in London! He will share Volexity's research + observations of a North Korean #apt using unique, persistent #socialengineering techniques to target victims. More here: virusbulletin.com/conference/vb2…
#threatintel #dfir