Featured Story
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Microsoft has released security updates for 97 flaws across its product suite. One flaw, CVE-2023-28252, is already being exploited in the wild to deliver ransomware. Another, CVE-2023-21554 (“QueueJumper”), affects MSMQ and has a CVSS score of 9.8.
Exchange server installations may automatically enable MSMQ, exposing organizations. Admins should check for mqsvc.exe and block port 1801 externally until patched or removed.
Both CVEs represent critical risks. CVE-2023-28252 is already exploited; CVE-2023-21554 is highly likely to follow. If MSMQ isn’t used, remove it to reduce your attack surface. For those using Exchange, review your configurations and apply patches urgently.
Other Stories
Two Known Exploited Critical Vulnerabilities Fixed in Apple Products
Apple has patched CVE-2023-28205 and CVE-2023-28206 — two actively exploited zero-days impacting iOS, iPadOS, macOS, and Safari. These flaws allow attackers to execute code with kernel privileges or via crafted web content.
Since exploitation is confirmed, update all Apple devices ASAP. Use MDM to enforce version updates across your fleet. Affected versions include iOS 15.7.5/16.4.1, iPadOS, macOS Ventura 13.3.1, and Safari 16.4.1.
Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse
Security researchers have revealed a method to exploit Azure’s shared key authorization feature for full access to storage accounts and privilege escalation. This issue affects the default key model for new accounts.
Azure shared key authorization should be disabled where possible. Follow the principle of least privilege and Microsoft’s latest best practices to reduce attack surfaces in cloud deployments.
Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign
Since 2017, the Balada Injector malware has infected over one million WordPress sites by exploiting plugin and theme vulnerabilities. The campaign continues in waves, often leveraging flaws in popular third-party tools.
Protecting WordPress sites requires more than basic plugins. EDR, antivirus, and a strong WAF are essential. Approach offers SOC monitoring and WAF services tailored to secure WordPress environments.
Watch Out for Emails Pretending to Be from the Police
Safeonweb warns of a new phishing scam where criminals pose as the Federal Police or Europol, claiming users are summoned for serious offenses. The goal is to scare recipients into paying or disclosing sensitive data.
These scare tactics are on the rise. Do not engage. Forward such emails to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
Approach provides managed phishing simulations and email triage support to reduce internal overhead and improve resilience.
