October 2, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, July 15, 2023.

1. CVE-2023-36884 – Microsoft Zeroday Exploited in Wild

Microsoft warns that threat actors are actively exploiting an unpatched zero-day present in several Windows and Office products. The bug enables malicious actors to gain remote code execution via malicious Office documents.The campaign was seen in Europe and North America, with vulnerability observed in attacks targeting organizations that attended the NATO Summit in Vilnius.Threat actors impersonated the Ukrainian World Congress organization to trick the victims into accessing malicious documents.

The phishing campaign attempting to spread the malicious files is conducted by a threat actor tracked as Storm-0978, also known as RomCom. Storm-0978 or RomCom is a Russian-based threat group and is known as sophisticated attacks.

2. VMware Warning on Aria Vulnerability

VMware has come up with a stern warning to its customers about an availability of exploit code for a critical vulnerability in the VMware Aria Operations for Logs analysis tool,

The flaw tracked as CVE-2023-20864 is a deserialization weakness patched in April, and it allows unauthenticated attackers to gain remote execution on unpatched appliances. Successful exploitation enables threat actors to run arbitrary code as root following low-complexity attacks that don’t require user interaction.


3. CVE-2023-20214: Cisco SDWAN API Vulnerability

Cisco is warning that the vManage software that ships with its SD-WAN has an authentication vulnerability in its REST API.The critical-rated vulnerability, tracked as CVE-2023-20214, has a CVSS score of 9.1, because it can give an unauthenticated remote attacker read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

Cisco’s advisory states that the REST API has “insufficient request validation”.  An attacker send a crafted API request to the vManage instance and could subsequently read and send information to the affected instance.


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

4. TPG Acquires Forcepoint Government Business

TPG Capital said it will acquire the government business of Forcepoint for $2.45 billion, higher than what the entirety of Forcepoint was acquired for by Francisco Partners.

TPG is buying a unit of Forcepoint known as “G2CI,” which caters to government and critical infrastructure customers. G2CI primarily serves U.S. government and federal agencies and commercial customers who transact directly with the government.

Francisco Partners will retain a minority stake in Forcepoint G2CI while continuing to manage the firm’s commercial cybersecurity business as a separate entity after the acquisition completes.


5. Safe Security Acquires RiskLens

AI driven risk assessment company Safe Securities has acquired risk management startup RiskLens. for an undisclosed price. RiskLens offers cyber risk management software designed to empower risk, and CISO manage their cyber risk from a business perspective by quantifying it financially. The platform allows for the management of digital risk by helping users understand risks in financial terms to improve decision-making across the C-suite and board.

The platform prioritizes cybersecurity projects relative to the risk they reduce, measuring their value and optimizing spending, all while improving the quality, consistency, and scalability of cyber risk management programs.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Leave a Reply

%d bloggers like this: