Memory Security Weekly Report No.167
Anxinsec Technology
AI-Empowered Cybersecurity Solution and Service Provider for Governments and Enterprises
The US financial regulator SEC says its official @SECGov account was “compromised,” resulting in an “unauthorized” post about the status of Bitcoin ETFs.
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. The most critical among the flaws patched this month are as follows :
CVE-2024-20674 (CVSS score: 9.0) - Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-20700 (CVSS score: 7.5) - Windows Hyper-V Remote Code Execution Vulnerability。
Saudi Ministry exposed sensitive data for 15 months. MIM is a government body responsible for industry and mineral resources operations. It was established in 2019 to diversify Saudi Arabia’s economy away from oil and gas.According to the team, the first time the env. file was indexed by IoT search engines was in March 2022, meaning that the data was exposed for at least 15 months. The file has since been closed and is no longer accessible to the public.
A critical vulnerability has been identified in the AI Engine plugin for WordPress, specifically affecting its free version with over 50,000 active installations. The plugin is widely recognized for its diverse AI-related functionalities, allowing users to create chatbots, manage content and utilize various AI tools such as translation, SEO and more. The vulnerability permits any unauthenticated user to upload arbitrary files, including potentially malicious PHP files, which could lead to remote code execution on the affected system.