Microsoft recently acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. (The Hacker News)
| “Advanced Persistent Threat (APT) groups continue in their efforts to target vulnerabilities inherent in the on-premises Microsoft Exchange ecosystem. Although on-premises servers afford greater flexibility and control, transitioning to Office 365 offers numerous advantages. Office 365 provides secure authentication across all services, comprehensive threat intelligence, reduced dependency on manual intervention, seamlessly scalable cloud security infrastructure, and a continuous stream of innovative features. Despite these benefits, many large organizations with well-established IT teams may still favor the control offered by on-premises Exchange Servers. For such organizations, implementing a robust and proactive patch management policy is imperative to mitigate the risks posed by Microsoft Exchange Zero-Day Exploits..” – Kenny Buller, Senior SOC Analyst/Tier III at Ingalls Information Security |
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. (The Hacker News)
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. The problem arises from the utility's ability to suggest snap packages for installation when they are missing without a validation mechanism to ensure that packages are authentic and safe. (BleepingComputer)
Chipmakers AMD and Intel on Tuesday announced patches for a total of over 100 vulnerabilities, including 21 high-severity bugs leading to privilege escalation, code execution, or denial-of-service (DoS). (SecurityWeek)
Vulnerabilities were reported on February 13, 2024, through the ConnectWise vulnerability disclosure channel via the ConnectWise Trust Center. There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks. (ConnectWise)
Threat actors continue to hammer the five security vulnerabilities that have been recently disclosed in Ivanti VPN appliances. This week, researchers said attackers are injecting a never-before-seen backdoor for persistent remote access within target networks — so far compromising 670+ IT infrastructures in a mass-exploitation campaign. (Dark Reading)
The support website for networking equipment vendor Juniper Networks was recently exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts, and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. (KrebsOnSecurity)
International law enforcement agencies have arrested two members of the notorious ransomware gang LockBit and seized the group's web infrastructure as part of a wide-reaching takedown operation, officials said Monday. (Axios)
Lurie Children’s Hospital confirmed recently its network had been accessed by a “known criminal threat actor,” more than a week after the Chicago-based provider was forced to take its computer systems offline. (Cybersecurity Dive)