0-day And Hitlist Week -02-21-2024- [portable]

The "0-day and Hitlist Week" of February 21, 2024, featured new digital comic releases from major publishers like DC and Marvel, alongside IDW's

• The Flaw: An authentication bypass vulnerability allowing for improper access control.
• The Impact: This vulnerability allows unauthenticated attackers to create administrative accounts, effectively granting full control over the management console. Because ScreenConnect is widely used by Managed Service Providers (MSPs) and IT departments, this has a high potential for supply-chain impact.
• Status: PoC code is publicly available, and active exploitation in the wild is confirmed. This is rated as "Critical" (CVSS 10.0).

Defensive implications

| Target Category | Examples | |----------------|----------| | Edge devices | Fortinet SSL-VPN, Citrix ADC, Ivanti Connect Secure | | Email gateways | Proofpoint, Mimecast, Microsoft Exchange | | Remote access | AnyDesk, TeamViewer, LogMeIn | | Critical CVEs from late 2023/early 2024 | CVE-2023-46805, CVE-2024-21887 (Ivanti), CVE-2024-21410 (Exchange) | 0-day and Hitlist Week -02-21-2024-

"Week 02-21-2024 is live," his partner, Sarah, whispered over the comms. "It’s big, Elias. They aren't targeting banks this time. They’ve breached the Global Seed Vault’s climate control API." The "0-day and Hitlist Week" of February 21,

Immediate Actions Required:

Defenders should prioritize the following: Defensive implications | Target Category | Examples |

• Suspicious user agents – python-requests, curl, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 with abnormal URI length.
• URI patterns:

  Tools and Resources