Week 01102024 Work — 0day And Hitlist

On October 3rd, a security researcher in Vietnam uploaded a proof-of-concept for an authentication bypass affecting enterprise web applications built on ZK (a popular Java framework for ERP systems). The vulnerability allowed unauthenticated attackers to execute arbitrary code via crafted serialized objects in the rmi binding.

In this deep dive, we reconstruct the timeline, examine the technical nuances of the 0days disclosed, and analyze the hitlist methodology observed during the first week of October 2024. The week commencing October 1, 2024, saw three major 0day vulnerabilities added to the Known Exploited Vulnerabilities (KEV) catalog. Concurrently, threat intelligence feeds picked up a surge in "hitlist" chatter on underground forums—specifically targeting the transportation, energy, and legal sectors. 0day and hitlist week 01102024 work

This week was not about theoretical risks. It was about active work —specifically, the work required to identify, validate, and mitigate previously unknown vulnerabilities (0days) while simultaneously defending against adversaries who publish explicit "hitlists" of targets. On October 3rd, a security researcher in Vietnam

Date: October 6, 2024 Author: Threat Intelligence Desk The week commencing October 1, 2024, saw three

The Hitlist Connection: This 0day was immediately added to several hitlists targeting US healthcare providers still running legacy ERP portals.