Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims’ SharePoint servers, the US government warned.
CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any user interaction, and Redmond fixed the issue as part of its January Patch Tuesday. At the time, the vulnerability was neither publicly known nor exploited, according to Microsoft, which deemed exploitation “less likely.” Fast forward to Wednesday when the US Cybersecurity and Infrastructure Agency added CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog, gave federal agencies just three days to issue a patch..
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Israeli companies targeted with new Pay2Key ransomware
November 16, 2020
Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained to Israel. “As days go ...
- What Is SCM (Security Configuration Management)?
November 16, 2020
The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their ...
- Lazarus malware strikes South Korean supply chains
November 16, 2020
Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. On Monday, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups — including offshoot entities ...
- Malicious Actors Target Comm Apps such as Zoom, Slack, Discord
November 16, 2020
In our 2020 midyear report, we discussed how the Covid-19 pandemic had forced many organizations to shift from physical offices to virtual ones — a change that also led to the rise of messaging and video conferencing apps as indispensable tools for communication. While these apps have provided businesses a way of maintaining communication between ...
- DarkSide ransomware’s Iranian hosting raises U.S. sanction concerns
November 15, 2020
Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran. When the DarkSide ransomware operation encrypts a network, their affiliates steal unencrypted files, which they threaten to release if a ransom is not paid. This double-extortion strategy is always under attack by ...
- New TroubleGrabber Discord malware steals passwords, system info
November 13, 2020
TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. Its capabilities are similar to another malware strain dubbed ...