Featured Story
Researchers Release Details of New RCE Exploit Chain for SharePoint Server
Security researchers have disclosed an exploit chain combining CVE-2023-29357 (privilege escalation) and CVE-2023-24955 (remote code execution) that enables unauthenticated RCE on Microsoft SharePoint Server. Proof-of-concept code is already available on GitHub. Microsoft has patched both vulnerabilities earlier this year.
Exploits targeting SharePoint are often used in targeted attacks. We urge administrators to:
- Patch all SharePoint servers immediately
- Restrict external access where not needed
- Monitor for unusual authentication behavior
Our SOC can assist with patch validation and threat monitoring.
Other Stories
Critical libwebp Vulnerability Under Active Exploitation – CVE-2023-5129
A critical bug in the libwebp image library (used across Chrome, Firefox, and other platforms) is now tracked as CVE-2023-5129. It received a CVSS score of 10.0 and allows arbitrary code execution through malicious images. All major vendors have released emergency patches.
Apply patches as soon as available across browsers and image-processing tools. We recommend a company-wide update push and alert review for potentially malicious image content.
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server
Progress Software disclosed critical vulnerabilities (CVE-2023-40044 and CVE-2023-40045) in its WS_FTP Server product. These allow pre-auth RCE and may lead to further exploits, similar to the MOVEit attacks earlier this year.
Patch WS_FTP servers immediately. Limit access to these services via firewall rules or VPNs. For high-risk deployments, conduct external threat scans and enforce MFA for admin panels.
Xenomorph Malware Expands Its List of Targets
Xenomorph, a powerful Android banking trojan, is back. Distributed via phishing pages posing as Chrome updates, it now targets institutions in the US, Portugal, Belgium, and multiple crypto wallets. It uses overlays to steal login data and financial credentials.
Deploy antivirus and mobile EDR tools via your MDM. Provide ongoing awareness training about fake updates and mobile phishing. Personal devices can be entry points into the corporate network.
ZenRAT Malware Found in Fake Bitwarden Installers
Proofpoint discovered a new strain of malware called ZenRAT masquerading as Bitwarden password manager for Windows. Delivered through deceptive websites, ZenRAT is a modular Remote Access Trojan designed for credential and browser data theft.
Emphasize downloading only from official vendor domains. EDR and DNS filtering tools can help catch SEO poisoning and redirections. Contact us to assess your endpoint and domain protections.
