Read Time:3 Second
Mandiant lifts the lid on new espionage campaign
Daily Archives: June 16, 2023
Cyber-Criminals Are Using Mining Pools to Launder Crypto
A vulnerability in MOVEit Transfer Could Allow for Elevated Privileges and Unauthorized Access
Read Time:46 Second
A Vulnerability has been discovered in Progress Moveit Transfer, which could allow for could allow for elevated privileges and unauthorized access. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
On June 16th, after the MS-ISAC’s initial advisory, a CVE was assigned to this new critical vulnerability (CVE-2023-35708) and additional remediation and patching steps were recommended. According to the updated Progress Community bulletin, the MOVEit patch released on June 15th must be applied to remediate CVE-2023-35708.
#InfosecurityEurope: How DORA Will Force Financial Firms to Adopt Cyber Resilience
Read Time:8 Second
Many discussions within the cyber community are shifting from cybersecurity to cyber resilience. The EU’s Digital Operational Resilience Act is the first regulation to embrace this concept
Clop Starts MOVEit Extortion as New Bug is Discovered
ZDI-23-881: Microsoft Exchange Command Class Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability.
ZDI-23-882: (Pwn2Own) Microsoft SharePoint ValidateTokenIssuer Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability.
ZDI-23-883: (Pwn2Own) Microsoft SharePoint GenerateProxyAssembly Code Injection Remote Code Execution Vulnerability
Read Time:9 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-23-884: (Pwn2Own) Microsoft SharePoint userphoto Information Disclosure Vulnerability
Read Time:9 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-23-885: (Pwn2Own) Microsoft Windows mskssrv Driver Untrusted Pointer Dereference Local Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.