TheCyberThrone Security Week In Review – November 25, 2023
Posted inSecurity NewsLetter

TheCyberThrone Security Week In Review – November 25, 2023

1

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, November 25, 2023.

PoC Exploit released for Microsoft Bug CVE-2023-36025

A working proof-of-concept exploit has become available for a critical zero-day vulnerability in Windows SmartScreen. During this month Patch Tuesday security update, Microsoft has released a patch, but the bug was already under active exploit at the time as a zero-day. Now, the PoC further heightens the need for organizations to address the bug if they haven’t done so already.

CVE-2023-36025 is a security bypass flaw that gives attackers a way to sneak malicious code past Windows Defender SmartScreen checks without triggering any alerts. To exploit the flaw, an attacker would need to get a user to click on a maliciously crafted Internet shortcut (.URL) or a link pointing to such a file.

Fidelity National Financial Discloses a data breach – BlackCat claims responsibility

Fidelity National Financial data breach emerged when the Fortune 500 giant disclosed its encounter with a significant cybersecurity challenge.

In a swift move to address this breach, the company not only initiated a comprehensive investigation but also engaged leading cybersecurity experts. Furthermore, Fidelity National Financial promptly informed law enforcement and implemented strategic measures to assess and control the incident, as reported to the Securities and Exchange Commission (SEC).

Advertisements

PoC Released for the Visual Studio RCE Vulnerability – CVE-2023-36742

Security researchers have disclosed technical details for a Visual Studio Code remote code execution vulnerability and a public proof-of-concept (PoC) exploit.

The vulnerability tracked as CVE-2023-36742 with a CVSS score of 7.8 resides in VS Code versions 1.82.0 and earlier. The vulnerability manifests when working in a maliciously crafted package.json file, resulting in the execution of commands locally. The exploitation scenario unfolds as an attacker entices a VS Code user to open a malicious project and interact with malformed entries in the dependency’s sections of the package.json file.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Sophos Vulnerability Exploited in Wild -CVE 2023-1671

CISA has added a critical vulnerability tracked as CVE-2023-1671 in Sophos Web Appliance that has been patched by the company in April 2023. The vulnerability is a pre-auth command injection flaw in the warn-proceed handler of Sophos Web Appliance that allows attackers to execute arbitrary code.

The vulnerability was disclosed in early April by an external security researcher through the Sophos bug bounty program . It affected all versions of the appliances prior to version 4.3.10.4.

Atlassian Fixes Remote Code Execution Vulnerabilities in its Products

A critical remote code execution vulnerability has been identified in Atlassian Crowd, a popular user management and access control platform. The vulnerability tracked as CVE-2023-22521 with a CVSS score of 8.0 manifests as a Remote Code Execution (RCE) vulnerability, a type of security flaw that grants an attacker the ability to remotely execute arbitrary code on a vulnerable system. This capability empowers attackers to seize control of the system, potentially causing extensive damage to data confidentiality, integrity, and availability.

Atlassian has disclosed a critical remote code execution vulnerability affecting Bamboo Data Center and Server versions 8.1.0 through 9.3.0. The vulnerability tracked as CVE-2023-22516 with a CVSS score of 8.5 manifests as a Remote Code Execution (RCE) vulnerability, a type of security flaw that grants an attacker the ability to remotely execute arbitrary code on a vulnerable system. This capability empowers attackers to seize control of the system, potentially causing extensive damage to data confidentiality, integrity, and availability.

Advertisements

Taj Hotels unfazing a Breach Incident

Indian Hotels Company Limited (IHCL) is investigating a data breach incident which resulted in loss of data pertaining to 1.5 million customers.

As per the statement, “We have been made aware of someone claiming possession of a limited customer data set which is of non-sensitive nature. Safety and security of our customers’ data is of paramount importance to us. We are investigating this claim and have notified the relevant authorities,”.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.