0day And Hitlist Week 01102024 Work -

The chaos of 0day and hitlist week 01102024 work taught the industry three hard lessons:

Perhaps the loudest event of week 01102024 was the public disclosure (and immediate exploitation) of a pre-authentication command injection in Ivanti ICS appliances. This 0day allowed unauthenticated attackers to run curl commands to fetch second-stage implants. 0day and hitlist week 01102024 work

Security teams scrambled to implement "virtual patching" via WAF rules. The hitlist for this vulnerability was shocking: it included over 1,500 unique IP addresses belonging to defense contractors and energy grids. The chaos of 0day and hitlist week 01102024

While we are still waiting for full disclosure, on October 5th, the CISA KEV catalog quietly added CVE-2024-9352 affecting a popular network attached storage (NAS) device from a major vendor (name withheld until coordinated disclosure). Evidence shows this 0day was used in a targeted "living off the land" attack against a European energy firm. Response :

Work Required: Immediate isolation of affected NAS devices from the internet until the vendor releases a hotfix (expected next week).

Preparation:

Response: