January 17, 2024 at 03:39PM Microsoft warns that an Iranian hacker group, linked to the IRGC, is targeting high-profile individuals in research organizations and universities in Europe and the US using spearphishing attacks. The attackers use custom-tailored phishing emails and new backdoor malware called MediaPl to steal sensitive data and gather intelligence aligning with Iranian … Read more
January 15, 2024 at 07:48AM A Windows SmartScreen vulnerability (CVE-2023-36025) is being actively exploited to deliver Phemedrone Stealer malware, as reported by Trend Micro. Despite patches being released, threat actors continue to exploit the bug to bypass Windows Defender SmartScreen protection, leading to infections. The malware, written in C#, can steal a wide range of … Read more
January 12, 2024 at 02:03AM The U.S. CISA added a critical security vulnerability in Microsoft SharePoint Server to its catalog, noting evidence of active exploitation and the availability of patches from Microsoft. Security researcher Nguyễn Tiến Giang demonstrated an exploit at a hacking contest, with federal agencies advised to apply the patches by January 31, … Read more
January 11, 2024 at 09:21AM CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All … Read more
January 10, 2024 at 11:49AM Microsoft announced the end of mainstream support for Exchange Server 2019 on January 9, 2023, and will no longer accept bug fix requests. However, it will release patches for security issues and two cumulative updates, including support for TLS 1.3 and additional fixes. No details have been provided about the … Read more
January 10, 2024 at 01:06AM In January 2024, Microsoft addressed 48 security flaws in its software, with 2 rated Critical and 46 Important. No evidence indicates active attacks, marking the second consecutive Patch Tuesday with no zero-days. This includes fixes for vulnerabilities in the Chromium-based Edge browser. Other vendors have also released security updates to … Read more
January 9, 2024 at 05:35PM Microsoft’s recent Patch Tuesday brought 49 Windows security updates and four high-severity Chrome flaws for Edge. Although there’s no active exploitation, two critical CVEs are listed as “exploitation more likely.” Adobe and SAP also released patches for their products, while Google’s Android Security Bulletin addressed 59 CVEs. No prior exploits … Read more
January 9, 2024 at 02:55PM Microsoft released KB5034122 cumulative update for Windows 10 21H2 and 22H2, containing January 2024 security updates. It’s mandatory, with limited fixes due to the holiday season. After manual installation or ‘Check for Updates,’ it’ll automatically start but can be scheduled for restart. New update for Win 10, addressing issues and … Read more
January 9, 2024 at 02:00PM Microsoft issued urgent patches for critical, remote code execution vulnerabilities affecting Windows Kerberos and Hyper-V. The company’s latest “Patch Tuesday” aimed to address these significant security threats. (47 words) It looks like the meeting notes are highlighting the urgency of the critical vulnerabilities in Windows Kerberos and Windows Hyper-V that … Read more