Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 13 – 2024

Publication date

29.03.2024

Featured Story

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

Microsoft SharePoint vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalogue based on evidence of active exploitation in the wild.

The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site Owner privileges to execute arbitrary code.

Microsoft previously stated that customers who have enabled automatic updates and selected “Receive updates for other Microsoft products” in their Windows Update settings are already protected.

SOC Analysis: With evidence of active exploitation in the wild, organizations are advised to prioritize patching this exploit to mitigate the risk of remote code execution.

You can do so by making sure the SharePoint security updates are applied:
– Microsoft SharePoint Server Subscription Edition (KB5002390)
– Microsoft SharePoint Server 2019 (KB5002389)
– Microsoft SharePoint Enterprise Server 2016 (KB5002397)

Our SOC is available to answer any questions you might have around this topic or patch management in general.


Other Stories

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Google addressed seven security vulnerabilities in Chrome, including two zero-days exploited at the Pwn2Own Vancouver 2024 event. CVE-2024-2887 affects WebAssembly and CVE-2024-2886 enables arbitrary memory operations via crafted HTML. Updates are being rolled out to Windows, Mac, and Linux users in version 123.0.6312.86/.87.

SOC Analysis: Users are urged to update to Chrome version 123.0.6312.86/.87 for Windows and Mac, and 123.0.6312.86 for Linux, once available. Zero-day vulnerabilities pose severe risks, making timely updates imperative to mitigate potential exploitation.

Apple Patches Code Execution Vulnerability in iOS, macOS

Apple patched CVE-2024-1580, an integer overflow issue leading to out-of-bounds write in CoreMedia and WebRTC components. The flaw could allow arbitrary code execution during image processing and affects various OS versions, including iOS, macOS, visionOS, and Safari.

SOC Analysis: Despite its medium-severity rating, the vulnerability’s ability to be exploited remotely with low privileges and no user interaction can be concerning. Organizations should prioritize applying the necessary patches to reduce risk exposure.

Beware of phishing message appearing to come from itsme

Safeonweb received over 1,600 reports of a bilingual phishing message impersonating itsme. The email claims to be a service notification prompting users to click a verification link, which leads to a fake website designed to steal credentials.

SOC Analysis: Never click on links in suspicious messages or download attachments. Instead, navigate to official websites manually. Forward suspicious messages to:
verdacht@safeonweb.be
suspect@safeonweb.be
suspicious@safeonweb.be

Our SOC is available to assist with any questions or concerns about suspicious communications.


Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?