January 12, 2024 at 02:49PM Security experts have warned about a ransomware group exploiting a critical Microsoft SharePoint vulnerability, CVE-2023-29357, which can lead to remote code execution. This vulnerability was added to the US’s must-patch list, giving agencies three weeks to patch it. The exploit chain has been a concern, and patching is crucial to … Read more
January 12, 2024 at 09:18AM Suspected nation-state actors exploited two zero-day vulnerabilities in Ivanti Connect Secure VPN, deploying multiple malware families to gain backdoor access to devices. The attacks, attributed to a Chinese espionage actor, targeted less than 10 customers and are expected to be highly-targeted. Patches are anticipated on January 22. Mandiant identified the … Read more
January 12, 2024 at 02:03AM The U.S. CISA added a critical security vulnerability in Microsoft SharePoint Server to its catalog, noting evidence of active exploitation and the availability of patches from Microsoft. Security researcher Nguyễn Tiến Giang demonstrated an exploit at a hacking contest, with federal agencies advised to apply the patches by January 31, … Read more
January 11, 2024 at 09:21AM CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All … Read more
January 10, 2024 at 08:33AM Kyocera Device Manager vulnerability enables attackers to capture credentials and compromise accounts. As a result, enterprise credentials are exposed, posing a security risk. Based on the meeting notes, it appears that there is an improper input validation flaw in the Kyocera Device Manager. This vulnerability allows attackers to capture credentials … Read more
January 10, 2024 at 01:06AM In January 2024, Microsoft addressed 48 security flaws in its software, with 2 rated Critical and 46 Important. No evidence indicates active attacks, marking the second consecutive Patch Tuesday with no zero-days. This includes fixes for vulnerabilities in the Chromium-based Edge browser. Other vendors have also released security updates to … Read more
January 8, 2024 at 12:50PM SonicWall has observed thousands of daily exploitation attempts targeting the Apache OFBiz zero-day vulnerability. The severity is near-maximum, with a 9.8 rating, allowing attackers to bypass authentication and execute arbitrary code. They urge immediate upgrading to OFBiz version 18.12.11 to address this and another equally serious vulnerability. Apache OFBiz has … Read more
January 4, 2024 at 04:46PM Ivanti resolved a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM), impacting all supported versions. Attackers on internal networks can exploit the flaw without requiring privileges or user interaction. Ivanti has prevented public access to full details on the vulnerability, aiming to provide customers with time … Read more
January 1, 2024 at 09:18AM Security researchers have uncovered a new DLL search order hijacking technique that allows threat actors to execute malicious code on Windows 10 and 11. By leveraging trusted WinSxS folder executables, adversaries can bypass security mechanisms and introduce potentially vulnerable binaries into the attack chain. Security Joes urges organizations to closely … Read more
December 28, 2023 at 06:00AM Mandiant disclosed zero-day attacks targeting Barracuda Email Security Gateway (ESG) appliances, exploiting CVE-2023-7102 to execute malicious code in Excel email attachments. The China-linked threat actor UNC4841 used this vulnerability to target government, IT, and high-tech organizations. Barracuda promptly deployed updates and urged customers to follow the recommended guidance. UNC4841 has … Read more