CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site Owner privileges to execute arbitrary code.
Microsoft previously told that « customers who have enabled automatic updates and enable ‘Receive updates for other Microsoft products’ option within their Windows Update settings are already protected. »
Analysis from our SOC team
With evidence of active exploitation in the wild, organizations are advised to prioritize patching this exploit to mitigate the risk of remote code execution.
You can do so by making sure the SharePoint security updates are applied:
Microsoft SharePoint Server Subscription Edition (KB5002390)
Microsoft SharePoint Server 2019 (KB5002389)
Microsoft SharePoint Enterprise Server 2016 (KB5002397)
Our SOC is available to answer questions which you might have around this topic or patch management in general.
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.
The first, tracked as CVE-2024-2887, is a high-severity type confusion weakness in the WebAssembly (Wasm) open standard. The second is tracked as CVE-2024-2886 and allows remote attackers to perform arbitrary reads/writes via crafted HTML pages.
Google fixed the two zero-days in the Google Chrome stable channel, version 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 for Linux users, which will roll out worldwide over the coming days.
Analysis from our SOC team
Users are urged to update to Chrome version 123.0.6312.86/.87 for Windows and Mac, and 123.0.6312.86 for Linux, once available, to mitigate these vulnerabilities.
Zero-day vulnerabilities pose severe risks, making timely updates imperative to mitigate potential exploitation.
The issue, tracked as CVE-2024-1580 and described as an integer overflow leading to out-of-bounds write, impacts the CoreMedia and WebRTC components of both iOS and macOS and could be triggered during image processing.
Apple, which warns that the issue could be exploited to achieve arbitrary code execution during the processing of an image, says it has addressed it with improved input validation.
CVE-2024-1580 is a medium-severity vulnerability. Although it can be exploited from the network with low privileges and no user interaction and has high impact on integrity, the flaw has low impact on confidentiality.
Analysis from our SOC team
Despite its medium-severity rating, the vulnerability’s ability to be exploited remotely with low privileges and no user interaction can be concerning.
It primarily impacts integrity rather than confidentiality, but organizations should still prioritize applying the necessary patches to mitigate potential risks associated with this flaw. Patches for this vulnerability were addressed in:
iOS and iPadOS 17.4.1
iOS and iPadOS 16.7.7
visionOS 1.1.1
macOS Sonoma 14.4.1
macOS Ventura 13.6.6
Safari 17.4.1
Last week, Safeonweb received more than 1,600 reports of a bilingual message that appears to come from itsme. The header reads: « Service notification / Avis de service« .
The message encourages you to click on a link to allegedly perform verification. Under no circumstances do this. The link does not take you to itsme’s website but to a fake website.
Analysis from our SOC team
The tips described in the article is what we would like to emphasize on as well. Do not click on a link in a suspicious message, do not open attachments and do not download applications if you are asked to do so.
Suspicious messages can be forwarded to any of the three email addresses from Safeonweb:
verdacht@safeonweb.be
suspect@safeonweb.be
suspicious@safeonweb.be
Our SOC is also available to assist in case there are any doubts or suspicions about text or mail messages.
