Featured Story
Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
Microsoft has issued patches for 132 vulnerabilities, including six zero-days under active exploitation. Among them is CVE-2023-36884, a critical vulnerability leveraged in targeted attacks against defense and government entities using malicious Office documents. This zero-day currently has no patch.
The attacks are attributed to Russian-linked actor Storm-0978. Microsoft recommends enabling the “Block all Office applications from creating child processes” ASR rule as a temporary defense.
The most dangerous zero-day (CVE-2023-36884) lacks a patch. We recommend testing the ASR rule in audit mode before full deployment. Apply all other updates promptly and contact our SOC for detection and response support.
Other Stories
Apple Re-Releases Rapid Security Response to Fix Zero-Day Bug
Apple reissued updates for iOS, iPadOS, and macOS to address CVE-2023-37450. The update fixes a WebKit flaw that could be exploited via malicious web content. The re-release was necessary after initial patches caused Safari browsing issues.
Ensure devices are on:
- macOS Ventura 13.4.1 (c)
- iOS 16.5.1 (c)
- iPadOS 16.5.1 (c)
Our SOC can assist with patch validation across fleets.
Fortinet: Critical RCE Vulnerability CVE-2023-33308 – Patch Immediately
CERT.be warns of CVE-2023-33308, a critical unauthenticated RCE vulnerability in FortiOS and FortiProxy. Although no public exploitation is confirmed yet, similar flaws have been rapidly abused in the past.
Immediate patching is recommended. If patching is delayed, apply mitigation steps from Fortinet’s advisory. Our SOC can assist with vulnerability scanning and segmentation checks.
Python-Based PyLoose Fileless Malware Targets Cloud Workloads
A new fileless malware called PyLoose is abusing misconfigured Jupyter Notebook services to execute Python-based cryptocurrency mining code entirely in memory. At least 200 incidents have been observed so far.
Limit public exposure of cloud services. Harden accessible endpoints and ensure all cloud workloads have EDR coverage and logging. Our SOC can help map attack surfaces and recommend monitoring solutions.
Beware of Fake Message Using Safeonweb Name and itsme Logo
A phishing email claiming a temporary eID block is spoofing Safeonweb and misusing the itsme logo. It links to a malicious domain. Do not click the link and report the message immediately.
Always verify suspicious messages manually. Forward suspicious emails to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
We’re available to help investigate phishing attempts and secure affected accounts.
