Microsoft's January 2024 Windows update patches 48 new vulnerabilities
Vulnerabilities and Exploitation Attempts
Active Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways?
Critical zero-day vulnerabilities in Ivanti Connect Secure and Policy Secure gateways (CVE-2023-46805, CVSS score 8.2, and CVE-2024-21887, CVSS score 9.1) are being actively exploited by attackers, allowing them to remotely hijack affected systems without login credentials. ?
Critical Microsoft SharePoint Bug Now Actively Exploited?
CVE-2023-29357 - a privilege escalation vulnerability in Microsoft SharePoint Server - is being actively exploited by threat actors.
The critical vulnerability was first discovered in June 2023 and was given a 9.8 CVSS score. Researchers have recently detected instances of the vulnerability being exploited in the wild.
Critical RCE Vulnerability in Juniper SRX Firewalls and EX Switches
Juniper Networks issued a security advisory regarding a critical vulnerability in the J-Web component of its Junos OS, specifically affecting the SRX and EX Series. This vulnerability, identified as CVE-2024-21591 (CVSS Score 9.8), is an Out-of-bounds Write issue that allows an unauthenticated, network-based attacker to potentially cause a Denial of Service (DoS) or execute code remotely, gaining root privileges on the affected device.
Critical Account Takeover Vulnerability Affecting GitLab Accounts
GitLab has released new versions for GitLab Community Edition (CE) and Enterprise Edition (EE), fixing several security vulnerabilities. Among them is CVE-2023-7028, a critical account-take-over vulnerability that allows threat actors to take over the GitLab administrator account with no need for user interaction.?
Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities?
In its January 2024 Patch Tuesday updates, Microsoft has addressed a total of 48 security vulnerabilities across its software suite.
Among the 48 vulnerabilities, two carry a critical rating, while the remaining 46 are rated as important in terms of severity. Notably, there is no indication that any of these issues are publicly known or currently under active attack, marking the second consecutive Patch Tuesday without any zero-days.
领英推荐
Identified Trends
Fake Year-End Financial Statements Used to Steal Credentials?
Threat actors are increasingly taking advantage of HR initiatives such as open enrollment, 401k updates, salary adjustments, and employee satisfaction surveys to orchestrate credential theft. These HR-related activities - which employees expect towards the end of the year - are being used as effective lures in social engineering attacks.
MSIX Installer Malware Delivery on the Rise Across Multiple Campaigns?
In July 2023, researchers investigated malware attacks leveraging MSIX files, revealing three clusters of activity stretching until December 2023. In each intrusion, the initial access vector appeared to be malicious advertising or SEO poisoning, using software such as Grammarly, Microsoft Teams, Notion, and Zoom as lures.
Victims span multiple industries, suggesting that the adversary’s attacks are opportunistic and not targeted. Victims of the malware distributed using these MSIX installers are often prime targets for follow-on activity - through persistent access via remote access tools or credential access attempts with stealers.
Atomic Stealer's Enhanced Capabilities and Altered Distribution Tactics?
A new version of Atomic Stealer has recently emerged, showcasing ongoing efforts by threat actors to enhance its capabilities. Implemented in December 2023, this update includes payload encryption to evade detection.
Gain deeper CTI insights!?
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.?
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.