According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.
CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. The 9.8-rated SQL injection vulnerability exists in Microsoft Configuration Manager, which IT admins use to manage organizations’ Windows-based servers and laptops.
Read more…
Source: There Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws
May 10, 2018
Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, ...
- Sierra Wireless Patches Critical Vulns in Range of Wireless Routers
May 8, 2018
Sierra Wireless has patched two critical vulnerabilities for its range of wireless gateways that would leave the enterprise devices helpless to an array of remote threats, including the charms of the Reaper IoT botnet. The more critical of the two (with a 9.4 CVSSv3 Temp Score) is a privilege-escalation bug (CVE-2018-10251), which could allow a remote attacker ...
- First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection
May 7, 2018
Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection. The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS, including Windows 10. Read more… Source: The ...
- Report: Intel Facing New Spectre-Like Security Flaws
May 4, 2018
Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a new report alleges. The report comes months after the Spectre and Meltdown flaws first rocked the silicon industry in early 2018. German magazine c’t reported on Thursday that the new security flaws in Intel CPUs have been reported to the manufacturer by many ...
- GLitch: New ‘Rowhammer’ Attack Can Remotely Hijack Android Phones
May 3, 2018
For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely. Dubbed GLitch, the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded graphics processing units (GPUs) to carry out a Rowhammer attack against Android smartphones. Rowhammer is a problem ...
- Millions of Home Fiber Routers Vulnerable to Complete Takeover
May 1, 2018
Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities (including being able to view full browsing histories). A comprehensive assessment of various GPON home routers by vpnMentor has ...