Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims’ SharePoint servers, the US government warned.
CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any user interaction, and Redmond fixed the issue as part of its January Patch Tuesday. At the time, the vulnerability was neither publicly known nor exploited, according to Microsoft, which deemed exploitation “less likely.” Fast forward to Wednesday when the US Cybersecurity and Infrastructure Agency added CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog, gave federal agencies just three days to issue a patch..
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Overlay Malware Leverages Chrome Browser, Targets Banks and Heads to Spain
April 14, 2020
Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image when victim accesses their online banking account. In the background, meanwhile, the ...
- APT41 Using New Speculoos Backdoor to Target Organizations Globally
April 13, 2020
On March 25, 2020, FireEye published a research blog regarding a global attack campaign operated by an espionage motivated adversary group known as APT41. This attack campaign was thought to have operated between January 20 and March 11, specifically targeting Citrix, Cisco, and Zoho network appliances via exploitation of recently disclosed vulnerabilities. Based on WildFire and AutoFocus ...
- “Twin Flower” Campaign Jacks Up Network Traffic, Downloads Files, Steals Data
April 13, 2020
A campaign dubbed as “Twin Flower” (rough translation from Chinese) has been detected by Jinshan security researchers in a report published in Chinese. Trend Micro also analyzed related samples, which are detected as PUA.Win32.BoxMini.A, Trojan.JS.TWINFLOWER.A, and TrojanSpy.JS.TWINFLOWER.A. The files are believed to be downloaded unknowingly by users when visiting malicious sites or dropped into the system by ...
- Hackers struggle morally and economically over Coronavirus
April 9, 2020
With the Coronavirus pandemic in full swing, threat actors are torn about how they should operate during the pandemic, and like everyone else, are also seeing a downturn in the underground hacker marketplace. In mid-March, BleepingComputer asked numerous ransomware operators whether they would stop targeting health care companies during the Coronavirus pandemic. Some operators stated they would no ...
- Unique P2P Architecture Gives DDG Botnet ‘Unstoppable’ Status
April 9, 2020
The coin-mining botnet known as DDG has seen a flurry of activity since the beginning of the year, releasing 16 different updates over the course of the past three months. Most notably, its operators have adopted a proprietary peer-to-peer (P2P) mechanism that has turned the DDG into a highly sophisticated, “seemingly unstoppable” threat, according to ...
- Copycat Site Serves Up Raccoon Stealer
April 9, 2020
Someone is targeting web denizens with a malicious, copycat Malwarebytes website, which serves up the Raccoon information stealer malware to unsuspecting visitors. According to the security firm itself, the attackers set up the domain “malwarebytes-freecom” with a domain registrar in Russia in late March. “We don’t expect to hear from either the registrar or hosting provider,” ...