Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 2 – 2024

Publication date

12.01.2024

Featured Story

Microsoft Patch Tuesday – January 2024

Patch Tuesday

Microsoft’s latest Patch Tuesday addressed 48 vulnerabilities, including 2 critical and 46 important-rated issues across its software and services.

Analysis from our SOC team:
Timely patching is crucial to ensure systems are protected. While patches fix vulnerabilities for future exploitation, they do not mitigate past compromises. Upscale detection and monitoring accordingly.

Contact our SOC for help with patching, detection, or incident response.


Other Stories

Zero-Day Vulnerabilities in Ivanti Connect & Policy Secure

Two zero-day vulnerabilities (CVE-2023-46805 & CVE-2024-21887) affecting Ivanti VPN and NAC appliances are actively being exploited in the wild. They can be chained for unauthenticated remote command injection.

Analysis from our SOC team:
Run Ivanti’s latest external integrity checker (ICT) and ensure logging is still functional. Patch or apply mitigation as recommended, and consider the potential of historical compromise dating back to Dec 3, 2023.

Microsoft SharePoint Vulnerability Actively Exploited

CISA warns of active exploitation of CVE-2023-29357, a critical privilege escalation flaw in Microsoft SharePoint. Though patched in June 2023, many systems remain vulnerable.

Analysis from our SOC team:
Timely patching remains key. Patch, monitor, and detect anomalies to minimize exposure. Apply CISA’s recommended mitigation by Jan 31, 2024.

Pikabot Used as Qakbot Replacement in Black Basta Attacks

A new phishing campaign drops the Pikabot loader — similar to Qakbot — linked to Black Basta ransomware. Delivered via spam, it enables threat actors to drop Cobalt Strike and exfiltrate data.

Analysis from our SOC team:
Ensure your email filtering solutions are configured properly. Provide user awareness training and implement a reporting process for suspicious emails. Layered defense is vital.

‘Federal Fine’ Phishing Emails on the Rise

Safeonweb warns of fake emails claiming to issue a ‘federal fine’ via a Europol-signed PDF. The goal is to scare recipients into contacting the attacker for extortion.

Analysis from our SOC team:
– Don’t open attachments or reply
– Mark as spam, block sender, and delete
– Report to suspicious@safeonweb.be or its other aliases

Our SOC team is available if you need help validating suspicious emails.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?