The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the privileges of the current user. (The Hacker News)
“Adobe Acrobat, being a widely used PDF management software solution, has faced vulnerabilities seemingly since its inception. Historically, many allow for code execution, attracting the attention of both cybersecurity researchers and malicious actors alike, as is evident by a quick search through exploit-db. Adobe has actively addressed these continual concerns with patches and updates. However, given Acrobat's extensive usage, it remains a prime target. This once again highlights the importance of regular software updates, vigilant security practices, and overall defense in depth to safeguard against the exploitation of vulnerabilities.”
– Jessica Owens, Tier 1 SOC Analyst at Ingalls Information Security
The City of Dallas, Texas, said that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account.
Royal gained access to the City's network using a stolen domain service account in early April and maintained access to the compromised systems between April 7 and May 4. (BleepingComputer)
An Internet-wide security vulnerability is at the root of a zero-day attack dubbed "HTTP/2 Rapid Reset," which resulted in a distributed denial-of-service (DDoS) flood that was orders of magnitude larger than any previous attack ever recorded. It marks a new chapter in the evolution of DDoS threats, researchers noted. (Dark Reading)
One Out of Five Organizations Must Improve Their Security Posture to be Eligible for Cyber Insurance
As insurers become more educated on what a “secure organization” looks like, they are tightening their requirements which puts the onus on organizations to be more secure. (KnowBe4)
Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. Although the ZeroFont phishing technique has been used in the past, this is the first time it has been documented as used in this way. (BleepingComputer)
On Tuesday Microsoft issued security updates for more than 100 newly discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. (Krebs on Security)