According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.
CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. The 9.8-rated SQL injection vulnerability exists in Microsoft Configuration Manager, which IT admins use to manage organizations’ Windows-based servers and laptops.
Read more…
Source: There Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Android Phones Can Get Hacked Just by Looking at a PNG Image
February 6, 2019
Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google’s mobile ...
- Your New Car Is A Hacker Magnet — Automotive Industry Disconnect To Blame
February 6, 2019
The car that you drive today is a far cry from those of just a decade ago and in many ways is now an internet-connected computer on wheels. This push towards connectivity and smart-motoring has seen the automotive manufacturing industry shift towards becoming as much about software as they are transportation. And that means it ...
- iOS 12.1.4 is coming to fix the worst iPhone and iPad bug to date
February 2, 2019
If you’re running iOS 12.1 or later on your iPhone, then the iOS 12.1.4 patch that’s coming next week is a must-have because it patches what the worst iOS bug to hit iPhone and iPad users to date. According to Apple, this patch will land “next week.” iOS 12.1.4 will fix a FaceTime bug that offered ...
- Hackers are going after Cisco RV320/RV325 routers using a new exploit
January 27, 2019
Security researchers have observed ongoing internet scans and exploitation attempts against Cisco RV320 and RV325 WAN VPN routers, two models very popular among internet service providers and large enterprises. ttacks started on Friday, January 25, after security researcher David Davidson published a proof-of-concept exploit for two Cisco RV320 and RV325 vulnerabilities. The vulnerabilities are: CVE-2019-1653 – allows a remote attacker to get sensitive device configuration details ...
- LabKey Vulnerabilities Threaten Medical Research Data
January 25, 2019
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible. A trio of vulnerabilities in a popular open source medical data collaboration tool leaves important healthcare research data and potentially subject information open to multiple cross site scripting (XSS) attacks. The flaws are serious as they ...
- ‘Chaos’ iPhone X Attack Alleges Remote Jailbreak
January 25, 2019
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS. A Chinese security researcher has published what he claims is a proof-of-concept exploit that would allow a remote attacker to jailbreak an iPhoneX, unbeknownst to the user – allowing them to gain access to a victim’s data, processing power ...