Some of the vulnerabilities mentioned in the logs are old, but widespread, such as the CVE-2022-30190 remote code execution flaw in Microsoft Office remote template feature, also known as the Follina flaw, that has been widely exploited via malicious Word attachments. Other well known flaws include Log4Shell (CVE-2021-44228), Spring4Shell (CVE-2022-22965), and ProxyNotShell (CVE-2022-41028, CVE-2022-41040).
However, according to the communication logs, Black Basta is also generally quick to discuss newly released vulnerabilities, several of which the group seems to have had access to before official publication: Fortinet FortiOS (CVE-2024-23113), Bricks Builder WordPress Theme (CVE-2024-25600), and Exim Email (CVE-2023-42115).
“Within days of new security advisories being issued, members discussed vulnerabilities related to products such as Citrix NetScaler, Check Point Quantum Security Gateways, ConnectWise ScreenConnect, Microsoft Office Outlook, Fortinet FortiSIEM, Palo Alto Networks PAN-OS, Atlassian Confluence Server and Data Center, Cisco IOS XE Web UI, Microsoft Windows, GitLab CE/EE, and Fortinet FortiOS,” the VulnCheck researchers found.
