Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/catc0n/statuses/113662633470258921">Caitlin Condon (catc0n@infosec.exchange)'s status on Monday, 16-Dec-2024 23:57:30 JST</a><a href="https://infosec.exchange/@catc0n" title="catc0n@infosec.exchange"><img src="https://gnusocial.jp/avatar/237167-48-20240121172844.webp" width="48" height="48" alt="Caitlin Condon" style="position: absolute; left: 0; top: 0;">Caitlin Condon</a><div><ul><li></ul></div></section><article><p>Full Rapid7 analysis of <a href="https://infosec.exchange/tags/Cleo" rel="tag">#Cleo</a> CVE-2024-55956 now available c/o <a href="https://bird.makeup/users/stephenfewer">@stephenfewer</a>. It's neither a patch bypass of CVE-2024-50623 nor part of a chain after all — totally new bug, different exploitation strategies across the two issues (though the same endpoint gets used either way). </p><p>I'm not sure it's been mentioned much yet that Cleo evidently released IOCs related to CVE-2024-50623 in October 2024, implying the older bug's been exploited for a minute. Would sure be helpful to know more about who was doing that exploiting, particularly now that Cl0p has claimed credit for last week's attack. </p><p><a href="https://attackerkb.com/topics/geR0H8dgrE/cve-2024-55956/rapid7-analysis" rel="nofollow noreferrer">https://attackerkb.com/topics/geR0H8dgrE/cve-2024-55956/rapid7-analysis</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4196744#notice-8202296">In conversation</a><time datetime="2024-12-16T23:57:30+09:00" title="Monday, 16-Dec-2024 23:57:30 JST">about 5 months ago</time> <span>from <span><a href="https://infosec.exchange/@catc0n/113662633470258921" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@catc0n/113662633470258921">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3711286">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Monday, 16-Dec-2024 23:57:30 JSTCaitlin Condon
- Stephen Fewer
Full Rapid7 analysis of #Cleo CVE-2024-55956 now available c/o @stephenfewer. It's neither a patch bypass of CVE-2024-50623 nor part of a chain after all — totally new bug, different exploitation strategies across the two issues (though the same endpoint gets used either way).
I'm not sure it's been mentioned much yet that Cleo evidently released IOCs related to CVE-2024-50623 in October 2024, implying the older bug's been exploited for a minute. Would sure be helpful to know more about who was doing that exploiting, particularly now that Cl0p has claimed credit for last week's attack.
https://attackerkb.com/topics/geR0H8dgrE/cve-2024-55956/rapid7-analysis
In conversationabout 5 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice