Subscribe to NetSec NewsCritical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
Microsoft recently acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. (The Hacker News)
 |
|
“Advanced Persistent Threat (APT) groups continue in their efforts to target vulnerabilities inherent in the on-premises Microsoft Exchange ecosystem. Although on-premises servers afford greater flexibility and control, transitioning to Office 365 offers numerous advantages. Office 365 provides secure authentication across all services, comprehensive threat intelligence, reduced dependency on manual intervention, seamlessly scalable cloud security infrastructure, and a continuous stream of innovative features. Despite these benefits, many large organizations with well-established IT teams may still favor the control offered by on-premises Exchange Servers. For such organizations, implementing a robust and proactive patch management policy is imperative to mitigate the risks posed by Microsoft Exchange Zero-Day Exploits..” – Kenny Buller, Senior SOC Analyst/Tier III at Ingalls Information Security |
WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. (The Hacker News)
Ubuntu ‘command-not-found’ Tool Can Be Abused To Spread Malware
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. The problem arises from the utility's ability to suggest snap packages for installation when they are missing without a validation mechanism to ensure that packages are authentic and safe. (BleepingComputer)
AMD and Intel Patch Over 100 Vulnerabilities
Chipmakers AMD and Intel on Tuesday announced patches for a total of over 100 vulnerabilities, including 21 high-severity bugs leading to privilege escalation, code execution, or denial-of-service (DoS). (SecurityWeek)
ConnectWise ScreenConnect 23.9.8 Security Fix
Vulnerabilities were reported on February 13, 2024, through the ConnectWise vulnerability disclosure channel via the ConnectWise Trust Center. There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks. (ConnectWise)
Ivanti VPN Flaw Exploited to Inject Novel Backdoor; Hundreds Pwned
Threat actors continue to hammer the five security vulnerabilities that have been recently disclosed in Ivanti VPN appliances. This week, researchers said attackers are injecting a never-before-seen backdoor for persistent remote access within target networks — so far compromising 670+ IT infrastructures in a mass-exploitation campaign. (Dark Reading)
Juniper Support Portal Exposed Customer Device Info
The support website for networking equipment vendor Juniper Networks was recently exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts, and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. (KrebsOnSecurity)
FBI, Police Partners Take Down Most Prolific Ransomware Gang to Date
International law enforcement agencies have arrested two members of the notorious ransomware gang LockBit and seized the group's web infrastructure as part of a wide-reaching takedown operation, officials said Monday. (Axios)
Chicago Children’s Hospital Confirms Cyberattack, Continues To Provide Care
Lurie Children’s Hospital confirmed recently its network had been accessed by a “known criminal threat actor,” more than a week after the Chicago-based provider was forced to take its computer systems offline. (Cybersecurity Dive)
