1. Home
  2. Live Updates
  3. Volexity threat research

Live Breaking News & Updates on Volexity threat research

Stay informed with the latest breaking news from Volexity threat research on our comprehensive webpage. Get up-to-the-minute updates on local events, politics, business, entertainment, and more. Our dedicated team of journalists delivers timely and reliable news, ensuring you're always in the know. Discover firsthand accounts, expert analysis, and exclusive interviews, all in one convenient destination. Don't miss a beat — visit our webpage for real-time breaking news in Volexity threat research and stay connected to the pulse of your community

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. Volexity received alerts regarding suspect network traffic emanating from the customer’s firewall. A subsequent investigation determined the device had been compromised. The following day, April 11, 2024, Volexity observed further, identical exploitation at another one of its NSM customers by the same threat actor.

Volexity-github , Volexity-network-security-monitoring , Palo-alto-network-globalprotect , Palo-alto-networks-globalprotect , Volexity-threat-research , Palo-alto-networks , Network-traffic-analysis , Lateral-movement-data , Zero-day-exploitation , Volexity-threat , Alto-networks

Zero-Day Exploitation of Atlassian Confluence

Note: There is currently no available patch or fix for the issue described in this blog post. Volexity strongly recommends that all organizations block external access to their Confluence Server instances immediately until an update is provided by Atlassian. Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk. Volexity immediately used Volexity Surge Collect Pro to collect system memory and key files from the Confluence Server systems for analysis. After a thorough review of the collected data, Volexity was able to determine the server compromise stemmed from an attacker launching an exploit to achieve remote code execution. Volexity was subsequently able to recreate that exploit and identify […]

China , United-states , Sean-koessel , Steven-adair , Thomas-lancaster , Data-center , Volexity-threat-research , Network-indicators-attribution , Zero-day-exploitation , Andrew-case , Volexity-threat , Confluence-server