Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims’ SharePoint servers, the US government warned.
CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any user interaction, and Redmond fixed the issue as part of its January Patch Tuesday. At the time, the vulnerability was neither publicly known nor exploited, according to Microsoft, which deemed exploitation “less likely.” Fast forward to Wednesday when the US Cybersecurity and Infrastructure Agency added CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog, gave federal agencies just three days to issue a patch..
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New ransomware attacks target your NAS devices, backup storage
December 5, 2019
The number of ransomware strains targeting NAS and backup storage devices is growing, with users “unprepared” for the threat, researchers say. Ransomware comes in many forms and guises. The malware variant is popular with cybercriminals and is used in attacks against the enterprise, critical services — including hospitals and utilities — and individuals. Once deployed on a system, the malware ...
- OpenBSD Hit with Authentication, LPE Bugs
December 5, 2019
An authentication bypass and three local privilege-escalation (LPE) bugs have been uncovered in OpenBSD, the Unix-like open-source operating system known for its security protections. The most severe of the vulnerabilities is the bypass (CVE-2019-19521), which is remotely exploitable. OpenBSD uses BSD authentication, which enables the use of passwords, S/Key challenge-and-response authentication and Yubico YubiKey tokens. In each ...
- New vulnerability lets attackers sniff or hijack VPN connections
December 5, 2019
Academics have disclosed this week a security flaw impacting Linux, Android, macOS, and other Unix-based operating systems that allows an attacker to sniff, hijack, and tamper with VPN-tunneled connections. The vulnerability — tracked as CVE-2019-14899 — resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to ...
- xHunt Actor’s Cheat Sheet
December 4, 2019
Unit42 has been researching the xHunt attack campaign on Kuwaiti organizations for several months. Recently, we found evidence that the developers who created the Sakabota tool, which was previously discussed in the xHunt campaign, had carried out two sets of testing activities in July and August 2018 on Sakabota in an attempt to evade detection. These testing ...
- APAC’s Compromised Domains Fuel Emotet Campaign
December 4, 2019
Discovered in 2014, Emotet is one of the most prolific malware families, infecting computer systems globally through its mass campaigns of spam email that delivers malware (AKA malspam). These campaigns have been widely documented by many organizations, including how Emotet evolved from being a banking Trojan, to a malware loader with modular functionalities. The modular functionality ...
- APT review: what the world’s threat actors got up to in 2019
December 4, 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to approach ...