2024.02
Features/Enhancements
New Portal Features
Sticky Table Headers: To enhance data readability, especially in large tables, sticky headers have been implemented across the portal. Now, as users scroll down a table, headers remain visible at the top, eliminating the need to scroll back up to recall column meanings.
Vertical and Horizontal Dashboard: A new toggle under user settings allows for switching the dashboard view between vertical and horizontal layouts:
In the Vertical View, dashboards and charts are displayed side-by-side, with charts on the left and tables occupying a broader screen space for easier scrolling:
In vertical mode, all bars in charts are displayed without the need for scrolling. Additionally, the fixed height on the bar container is removed to improve visibility on the side.
Cookie Consent for GDPR: The EU instance of the Portal now features a cookie consent prompt, ensuring GDPR compliance while respecting user privacy. Visitors can accept or manage cookies for a customized browsing experience.
New Attack Content
- CVE-2024-21893: This vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows server-side request forgery in the SAML component, enabling unauthorized access to restricted resources. Combined with CVE-2024-21887, attackers can fully compromise the system. CISA advises disconnecting and rebuilding affected Ivanti appliances. For further details, refer to our blog post.
- CVE-2023-7028 GitLab Account Takeover: A critical flaw in GitLab enabling attackers to reset user passwords and potentially take over accounts.
- ConnectWise SecureConnect Advisory: ConnectWise issued an advisory for a critical vulnerability in their SecureConnect software, affecting authentication and path traversal. This vulnerability could lead to administrative control over the ConnectWise server and code execution on connected endpoints. Patching instructions can be found here.
- Azure and AWS Enhancements: NodeZero now can create Azure users and elevate them to Global Admins.
- RAT Enhancements: The RAT has been extended for broader implantation capabilities, including Linux hosts and harvesting AWS Metadata Service credentials.
- Attack Path Chaining: NodeZero also now includes functionality to pilfer through S3 buckets for sensitive information.
Other Updates & Improvements
- Increased the maximum number of phished credentials in a pentest from 100 to 10,000.
Fixed Bugs
- Resolved an issue in the s3 subdomain takeover process, allowing for direct takeover of subdomains pointed to by DNS records or CloudFront distributions.
- Corrected the ordering of credential insights in the Injected/Phished Credentials Summary.