Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims’ SharePoint servers, the US government warned.
CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any user interaction, and Redmond fixed the issue as part of its January Patch Tuesday. At the time, the vulnerability was neither publicly known nor exploited, according to Microsoft, which deemed exploitation “less likely.” Fast forward to Wednesday when the US Cybersecurity and Infrastructure Agency added CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog, gave federal agencies just three days to issue a patch..
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The remote-working rush is creating a playground for spies and cybercrooks
April 5, 2020
Hundreds of millions of people are now working from home as a result of the ongoing COVID-19 coronavirus outbreak. Most organisations have a disaster recovery plan and a business continuity strategy in place to cope with the more predictable catastrophes, like a main office being unavailable for weeks or months. Far fewer are prepared for a crisis requiring ...
- Investigation into a Nefilim Attack Shows Signs of Lateral Movement, Possible Data Exfiltration
April 3, 2020
Trend Micro’s Managed XDR (MxDR) and Incident Response (IR) teams recently investigated an incident involving a company that was hit by the Nefilim ransomware, which was initially discovered in March 2020. What makes Nefilim especially devious is that the threat actors behind the attack threaten to release the victim’s stolen data on an online leak site. This represents a ...
- Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer
April 3, 2020
Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization (WHO) with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure. Researchers at FortiGuard Labs on March 27 first observed the malicious COVID-19-themed scam, which claims to ...
- Hacking forum gets hacked for the second time in a year
April 3, 2020
OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year. “It appears that someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database dating April 2, 2020,” said ...
- Firefox gets fixes for two zero-days exploited in the wild
April 3, 2020
Firefox users are advised to update their browsers to patch two bugs that are being exploited in the real world by hackers. The fixes are available in Firefox 74.0.1, released earlier today. This new Firefox version includes fixes for CVE-2020-6819 and CVE-2020-6820, two bugs that reside in the way Firefox manages its memory space. The bugs are so-called user-after-free vulnerabilities, ...
- FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG
April 2, 2020
As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of which our users are often unaware. In this blog post, ...