A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday.
Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as digital gatekeepers to protect company networks from unauthorized access.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Update now! Microsoft patches 3 actively exploited zero-days
November 15, 2023
Another important update round for this month’s Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it is publicly disclosed or actively exploited with no official fix available. ...
- Executing from Memory Using ActiveMQ CVE-2023-46604
November 15, 2023
Huntress Labs, Rapid7, and ArticWolf all recently published reports of threat actors exploiting ActiveMQ CVE-2023-46604 to drop ransomware onto the victim host. The attackers used CVE-2023-46604 to invoke cmd.exe followed by curl.exe or msiexec.exe in order to download and execute their ransomware. The attackers were very obvious and caught the aforementioned companies’ attention, all of which ...
- In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584
November 13, 2023
During their analysis of a July 2023 campaign targeting groups supporting Ukraine’s admission into NATO, Unit 42 researchers discovered a new vulnerability for bypassing Microsoft’s Mark-of-the-Web (MotW) security feature. This activity has been attributed by the community to the pro-Russian APT group known as Storm-0978 (also known as the RomCom Group, in reference to their use ...
- Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
November 10, 2023
On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Center and Server. Initially reported to cause data loss, it was eventually revealed that exploiting this vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, allowing them to perform all admin privileges available to ...
- Maine government says data breach affects 1.3 million people
November 10, 2023
The government of Maine has confirmed over a million individuals had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used the vulnerability ...
- CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
November 10, 2023
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. CVSS · HIGH · 8.6/10 · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Scoring scenario: GENERAL AattackVector: NETWORK AttackComplexity: LOW PrivilegesRequired: NONE Read more… Source: Rapid7