According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.
CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. The 9.8-rated SQL injection vulnerability exists in Microsoft Configuration Manager, which IT admins use to manage organizations’ Windows-based servers and laptops.
Read more…
Source: There Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests
May 16, 2018
Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access (RDMA) channels. However, a separate team of security researchers has now demonstrated a second network-based remote Rowhammer technique that can be used to attack systems using uncached memory or ...
- This new type of DDoS attack takes advantage of an old vulnerability
May 15, 2018
A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions. Attacks are launched from irregular source ports, making it difficult to determine their origin and blacklist the ports in order ...
- Ex-CIA man named as suspect in Vault 7 leak
May 15, 2018
A former CIA employee has been named as the prime suspect in last year’s dump of thousands of documents on the agency’s hacking practices. A report from The Washington Post cites court documents that name Joshua Adam Schulte as the person authorities think to be behind the massive Vault7 data dump. Read more… Source: The Register
- Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
May 15, 2018
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they’ve uploaded a weaponized PDF file to a public malware scanning engine. The zero-days where spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months. Anton Cherepanov, ...
- Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext
May 13, 2018
An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of European security researchers has released a warning about a set of critical vulnerabilities discovered in PGP and S/Mime encryption tools that could reveal your encrypted emails in plaintext. What’s worse? The vulnerabilities also impact encrypted emails you sent in ...
- Operating Systems Hit By Major Security Flaw
May 10, 2018
Windows, macOS, Linux, VMware, Xen, KVM and others are affected by issues caused by their misinterpretation of chip documentation Most major operating systems are vulnerable to a “serious” security bug caused by developers’ misinterpretation of documentation on debugging features in Intel and AMD chips. The problem is unusual in its scale, affecting Windows, Apple’s macOS, most major ...