Featured Story
Microsoft Patch Tuesday – January 2024
Microsoft’s latest Patch Tuesday addressed 48 vulnerabilities, including 2 critical and 46 important-rated issues across its software and services.
Timely patching is crucial to ensure systems are protected. While patches fix vulnerabilities for future exploitation, they do not mitigate past compromises. Upscale detection and monitoring accordingly.
Contact our SOC for help with patching, detection, or incident response.
Other Stories
Zero-Day Vulnerabilities in Ivanti Connect & Policy Secure
Two zero-day vulnerabilities (CVE-2023-46805 & CVE-2024-21887) affecting Ivanti VPN and NAC appliances are actively being exploited in the wild. They can be chained for unauthenticated remote command injection.
Run Ivanti’s latest external integrity checker (ICT) and ensure logging is still functional. Patch or apply mitigation as recommended, and consider the potential of historical compromise dating back to Dec 3, 2023.
Microsoft SharePoint Vulnerability Actively Exploited
CISA warns of active exploitation of CVE-2023-29357, a critical privilege escalation flaw in Microsoft SharePoint. Though patched in June 2023, many systems remain vulnerable.
Timely patching remains key. Patch, monitor, and detect anomalies to minimize exposure. Apply CISA’s recommended mitigation by Jan 31, 2024.
Pikabot Used as Qakbot Replacement in Black Basta Attacks
A new phishing campaign drops the Pikabot loader — similar to Qakbot — linked to Black Basta ransomware. Delivered via spam, it enables threat actors to drop Cobalt Strike and exfiltrate data.
Ensure your email filtering solutions are configured properly. Provide user awareness training and implement a reporting process for suspicious emails. Layered defense is vital.
‘Federal Fine’ Phishing Emails on the Rise
Safeonweb warns of fake emails claiming to issue a ‘federal fine’ via a Europol-signed PDF. The goal is to scare recipients into contacting the attacker for extortion.
– Don’t open attachments or reply
– Mark as spam, block sender, and delete
– Report to suspicious@safeonweb.be or its other aliases
Our SOC team is available if you need help validating suspicious emails.