March 27, 2024 at 12:30PM CISA warns of attackers exploiting a Microsoft SharePoint vulnerability, enabling remote code execution and admin privilege takeover. Nguyễn Tiến Giang earned $100,000 for demonstrating its exploitation. Multiple proof-of-concept exploits have emerged, prompting CISA to order patching by January 31. This poses a significant risk, emphasizing the need for quick patching … Read more
March 27, 2024 at 06:42AM CISA added the CVE-2023-24955 SharePoint flaw, part of an exploit chain for unauthenticated remote code execution, to its Known Exploited Vulnerabilities list, after it was demonstrated at Pwn2Own. Microsoft patched this flaw in May 2023. CISA’s catalog now holds four exploited SharePoint vulnerabilities, with CVE-2023-24955 requiring attention by government organizations … Read more
January 12, 2024 at 02:03AM The U.S. CISA added a critical security vulnerability in Microsoft SharePoint Server to its catalog, noting evidence of active exploitation and the availability of patches from Microsoft. Security researcher Nguyễn Tiến Giang demonstrated an exploit at a hacking contest, with federal agencies advised to apply the patches by January 31, … Read more
January 11, 2024 at 09:21AM CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All … Read more
October 12, 2023 at 04:59PM A threat actor is using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a malware associated with information theft, keylogging, cryptocurrency mining, and ransomware. The campaign targets organizations in the Americas, and the developer of DarkGate is advertising it on underground forums and leasing it out as a service … Read more
October 12, 2023 at 01:36PM Microsoft has introduced a new AI bounty program for the AI-driven Bing experience, offering rewards up to $15,000. The program covers vulnerabilities found in AI-powered Bing experiences across various services and products, including bing.com, Microsoft Edge, Microsoft Start Application, and Skype Mobile Application. Qualified submissions are eligible for bounty rewards … Read more
October 11, 2023 at 09:09AM Microsoft introduced Patch Tuesday in October 2003, a monthly release of software fixes on the second Tuesday of each month. The change brought predictability and stability for IT administrators, who previously faced chaotic patching processes. The number of patches has increased significantly over the years, and other vendors have joined … Read more