Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

October 9, 2024 at 03:27AM Microsoft has issued security updates for 118 vulnerabilities, including two under active exploitation. Key vulnerabilities include CVE-2024-43572 and CVE-2024-43573, both related to remote code execution and spoofing. The U.S. CISA has added these to its catalog, mandating fixes by October 29, 2024. ### Meeting Takeaways – Microsoft Security Updates (Oct … Read more

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

October 8, 2024 at 01:15PM Ivanti has warned about three new security vulnerabilities in its Cloud Service Appliance (CSA) actively exploited in the wild. The zero-day flaws, when combined with a previously patched flaw, can allow attackers to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution. The company advises taking measures to … Read more

Rackspace monitoring systems hit by zero-day

September 30, 2024 at 07:18PM Rackspace recently faced a security breach when intruders exploited a zero-day bug in a third-party application, impacting its internal performance monitoring system. This led to temporary suspension of its monitoring dashboard. Although some customer information was accessed, Rackspace promptly isolated the affected equipment and worked on a patch in collaboration … Read more

Progress urges admins to patch critical WhatsUp Gold bugs ASAP

September 27, 2024 at 08:02AM Progress Software recently identified and warned customers about six vulnerabilities in WhatsUp Gold, urging them to upgrade to version 24.0.1 to address these issues. The vulnerabilities, including SQL injection and remote code execution flaws, were reported by various security researchers and have been exploited by attackers. Progress has released patches … Read more

CISA warns of Windows flaw used in infostealer malware attacks

September 16, 2024 at 03:56PM CISA orders U.S. federal agencies to secure systems against a Windows MSHTML spoofing bug exploited by the Void Banshee APT group. The vulnerability (CVE-2024-43461) was exploited before being fixed, allowing attackers to execute code on unpatched Windows systems. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, and … Read more

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day

September 16, 2024 at 07:39AM Microsoft identified and addressed a high-severity CVE-2024-43461 security flaw through September 2024 updates, following its exploitation as a zero-day in Internet Explorer. This spoofing bug in MSHTML can execute arbitrary code when a user interacts with a malicious page or file. It was part of an attack chain exploited by … Read more

Adobe fixes Acrobat Reader zero-day with public PoC exploit

September 11, 2024 at 01:44PM A critical “use after free” vulnerability (CVE-2024-41869) in Adobe Acrobat Reader could lead to remote code execution through specially crafted PDF documents. Discovered in June, a security fix was initially ineffective, but a new release has addressed the issue. This discovery stems from cybersecurity researcher Haifei Li’s EXPMON platform, aiming … Read more

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

August 31, 2024 at 12:06PM North Korean threat actors exploited a recently patched security flaw in Google Chrome and Chromium web browsers to deploy the FudModule rootkit. Microsoft attributed this activity to a group known as Citrine Sleet, part of the Lazarus Group, targeting financial institutions involved in cryptocurrency. The attack involved a zero-day exploit … Read more

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day

August 30, 2024 at 04:51PM Microsoft’s threat intelligence team identified a North Korean hacking team exploiting a Chrome vulnerability, marked as actively exploited. The flaw, CVE-2024-7971, was used for targeting the cryptocurrency sector for financial gain. The hacker group, known as ‘Citrine Sleet,’ has been linked to North Korea’s Reconnaissance General Bureau, and was observed … Read more

North Korean hackers exploit Chrome zero-day to deploy rootkit

August 30, 2024 at 01:06PM North Korean hackers utilized a patched Google Chrome zero-day to distribute the FudModule rootkit, gaining SYSTEM privileges through a Windows Kernel exploit. Microsoft attributed the attacks to the North Korean threat actor Citrine Sleet, known for targeting the cryptocurrency sector for financial gain. The group is also associated with other … Read more