Month: November 2024

  • Don’t Be a CVE Dummy

    Don’t Be a CVE Dummy

    One of the aspects of vulnerability intelligence is monitoring various public sources for new vulnerabilities, especially ones with a Common Vulnerabilities and Exposures (CVE) ID. These numbers are designed to help communicate details about a specific vulnerability. “Hey, remember that remote code execution in Fortinet in May?”  Unfortunately, that isn’t very specific as there were…

  • Was It Really GPAC? (No!) Getting a CVE Removed from CISA KEV

    Was It Really GPAC? (No!) Getting a CVE Removed from CISA KEV

    On October 3, 2024, Aquasec published a report about newly discovered malware named “perfctl”, targeting Linux servers. In it they cite the malware taking advantage of misconfigurations, as well as attempting to “exploit the Polkit vulnerability (CVE-2021-4043) to escalate privileges.”  Only problem is that CVE-2021-4043 isn’t “the Polkit vulnerability”, which in itself is problematic since…