vulnerability

Russian-Linked Hackers Breach 80+ Organizations via Roundcube Flaws

by

February 19, 2024 at 12:45AM Belarus and Russia-linked threat actors, identified as Winter Vivern, conducted a cyber espionage campaign exploiting vulnerabilities in Roundcube webmail servers, targeting over 80 organizations in Georgia, Poland, and Ukraine. The campaign aimed to gather intelligence on European political and military activities, demonstrating high sophistication in attack methods. TAG-70 also targeted … Read more

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

by

February 16, 2024 at 11:39AM The U.S. CISA added a now-patched security flaw in Cisco software to its Known Exploited Vulnerabilities catalog due to likely exploitation in Akira ransomware attacks. The flaw, CVE-2020-3259, allows attackers to retrieve device memory contents. Federal agencies must fix vulnerabilities by March 7, 2024. Ransomware is a growing problem, attracting … Read more

CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks

by

February 16, 2024 at 06:57AM The US security agency CISA has added CVE-2020-3259, a vulnerability affecting Cisco ASA and FTD products, to its Known Exploited Vulnerabilities catalog. It allows remote attackers to access sensitive information. CISA urges organizations to address it promptly after evidence suggesting exploitation by the Akira ransomware group emerged. Cisco is advised … Read more

Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug

by

February 15, 2024 at 04:34PM Microsoft identified a critical vulnerability in Exchange Server disclosed in February as a zero-day threat already being exploited. The flaw (CVE-2024-21410) permits attackers to disclose and relay Windows NT Lan Manager hashes, impersonating legitimate users. Microsoft revised its advisory, flagging the exploit as a zero-day. A cumulative update (CU14) protects … Read more

Microsoft Warns of Exploited Exchange Server Zero-Day

by

February 15, 2024 at 06:45AM A critical vulnerability in Exchange Server (CVE-2024-21410) is actively exploited, enabling privilege escalation and NTLM hash relay attacks. Microsoft issued a warning and released Exchange Server 2019 CU14 to address the flaw. Furthermore, Check Point disclosed another critical-severity Outlook vulnerability (CVE-2024-21413) allowing remote code execution through crafted hyperlinks. Both companies … Read more

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

by

February 15, 2024 at 12:21AM Microsoft has confirmed active exploitation of a critical security flaw in Exchange Server, allowing attackers to gain privileges and execute operations. It has released patches to address this and other vulnerabilities in its Patch Tuesday updates. Threat actors, including APT28, have a history of exploiting such flaws for NTLM relay … Read more

Microsoft: New critical Outlook RCE bug exploited as zero-day

by

February 14, 2024 at 03:12PM Microsoft updated a security advisory warning about a critical Outlook bug, tracked as CVE-2024-21413, leading to remote code execution if exploited. The vulnerability allows bypassing Protected View, affecting multiple Office products including Microsoft Outlook 2016 and Office 2019. Check Point researchers discovered the vulnerability called Moniker Link, recommending applying the … Read more

Ubuntu ‘command-not-found’ Tool Could Trick Users into Installing Rogue Packages

by

February 14, 2024 at 08:51AM Cybersecurity researchers discovered a vulnerability in the ‘command-not-found’ utility on Ubuntu systems that could allow threat actors to recommend and install their own malicious packages. The vulnerability stems from the utility’s reliance on the snap repository, potentially leading to deceptive recommendations and software supply chain attacks. Users are urged to … Read more

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

by

February 14, 2024 at 12:51AM Microsoft has released 73 patches to address security flaws in its software lineup for February 2024’s Patch Tuesday updates. This includes 5 Critical, 65 Important, and 3 Moderate vulnerabilities, along with fixes for the Chromium-based Edge browser. Among the critical flaws is a bypass vulnerability in Windows SmartScreen and Internet … Read more

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

by

February 13, 2024 at 03:28PM The provided text contains a list of CVE IDs and their associated vulnerabilities across various Microsoft products. The list spans different severity levels, such as Important, Moderate, and Critical. It outlines vulnerabilities related to .NET, Azure Active Directory, Azure DevOps, Azure File Sync, Microsoft Edge, Microsoft Office, Skype for Business, … Read more