Featured Story
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
Atlassian has released software fixes to address four critical flaws in its software that, if exploited, could result in remote code execution. These include vulnerabilities in the SnakeYAML library, Confluence Server, Jira Service Management, and the Atlassian Companion App for macOS.
Atlassian tools are business-critical and often publicly exposed. Fast patching and limited external access are essential. CERT.BE has also issued a concise advisory with mitigation steps.
Other Stories
APT28 Exploiting Outlook Vulnerability to Hijack Microsoft Exchange Accounts
Microsoft warns that Russia-linked APT28 is exploiting CVE-2023-23397 to hijack Outlook accounts via spoofed calendar invites and bypass authentication. This zero-click bug is being actively used against government and energy sectors in Europe and the Middle East.
Many Exchange servers remain unpatched months after disclosure. As exploitation now involves nation-state actors, urgent patching and threat hunting are essential.
Android Zero-Click RCE Patched in December 2023 Security Update
Google patched CVE-2023-40088, a critical zero-click RCE bug affecting Android’s system component. The flaw allows remote code execution without privileges or user interaction.
Zero-click exploits highlight the need to keep Android devices fully updated—even personal ones. Encourage end users to apply patches quickly.
AutoSpill: Android WebView Can Leak Passwords from Popular Managers
Security researchers demonstrated how Android apps using WebView can leak credentials autofilled by major password managers. Dubbed AutoSpill, the flaw impacts top Android password managers and requires no user interaction to exploit.
Though no active exploitation is known, malicious apps could appear soon. Users should download only trusted apps and developers must patch autofill vulnerabilities.
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
CACTUS ransomware is being spread through a new malvertising campaign that drops DanaBot via poisoned Google ads. The malware harvests credentials and enables lateral movement, eventually handing off to the ransomware operators.
Malvertising continues to be an effective method for ransomware operators. EDR and timely alert handling can stop attacks before encryption begins. Approach SOC can help monitor and triage these threats on your behalf.
