Exploited: Cisco, SharePoint, Chrome vulnerabilities

Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few da… Continue reading Exploited: Cisco, SharePoint, Chrome vulnerabilities

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (CVE… Continue reading Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. Continue reading Patch Tuesday, May 2024 Edition

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buf… Continue reading May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

Microsoft SharePoint Exploits Pose Risk of Document Theft

Cybersecurity researchers have discovered two new techniques that could enable hackers to steal data from Microsoft SharePoint. Microsoft SharePoint is a web-based platform used for collaboration, content management, and business process automation within organizations. It integrates with other Microsoft products like Office 365. According to a report from Varonis Threat Labs, these methods cybercriminals could…

The post Microsoft SharePoint Exploits Pose Risk of Document Theft appeared first on Petri IT Knowledgebase.

Continue reading Microsoft SharePoint Exploits Pose Risk of Document Theft

New covert SharePoint data exfiltration techniques revealed

Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditio… Continue reading New covert SharePoint data exfiltration techniques revealed

CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks

CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild.
The post CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks appeared first on SecurityWeek.
Continue reading CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks

Critical Microsoft SharePoint Flaw Exploited: CISA Issues Warning for Organizations to Act Swiftly

The Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about the active exploitation of a critical vulnerability in Microsoft SharePoint. The security flaw (tracked as CVE-2023-29357) allows unauthenticated attackers to gain administrative privileges on unpatched servers. The Microsoft SharePoint vulnerability was first discovered by STAR Labs researcher Nguyễn Tiến Giang (Jang) during Vancouver’s Pwn2Own…

The post Critical Microsoft SharePoint Flaw Exploited: CISA Issues Warning for Organizations to Act Swiftly appeared first on Petri IT Knowledgebase.

Continue reading Critical Microsoft SharePoint Flaw Exploited: CISA Issues Warning for Organizations to Act Swiftly