TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023
Posted inSecurity NewsLetter

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

1

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending November, 2023

Subscribers favorite #1

PoC Exploit released for Microsoft Bug CVE-2023-36025

A working proof-of-concept exploit has become available for a critical zero-day vulnerability in Windows SmartScreen. During this month Patch Tuesday security update, Microsoft has released a patch, but the bug was already under active exploit at the time as a zero-day. Now, the PoC further heightens the need for organizations to address the bug if they haven’t done so already.

CVE-2023-36025 is a security bypass flaw that gives attackers a way to sneak malicious code past Windows Defender SmartScreen checks without triggering any alerts. To exploit the flaw, an attacker would need to get a user to click on a maliciously crafted Internet shortcut (.URL) or a link pointing to such a file.

Subscribers favorite #2

Zeroday Bugs in Microsoft Exchange disclosed through ZDI

Researchers through Trend Micro’s Zero Day Initiative has disclosed four zero-day vulnerabilities in Microsoft Exchange that can be remotely exploited by an authenticated attacker to execute arbitrary code or disclose sensitive information on vulnerable installs.

The flaws was reported to Microsoft on September 7th and 8th, 2023, but the fix yet to be released by them, despite acknowledging the vulnerabilities. ZDI opted to publicly disclose the vulnerability in compliance with its responsible disclosure policy

  • Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data RCE Vulnerability
  • Microsoft Exchange DownloadDataFromUri SSRF Information Disclosure Vulnerability
  • Microsoft Exchange DownloadDataFromOfficeMarketPlace SSRF Information Disclosure Vulnerability
  • Microsoft Exchange CreateAttachmentFromUri SSRF Information Disclosure Vulnerability 
Advertisements

Subscribers favorite #3

7-Zip Remote Code Execution Vulnerability – CVE-2023-31102

A vulnerability in utility software, 7-Zip could allow attackers to remotely execute code on vulnerable systems. The vulnerability, tracked as CVE-2023-31102 with a CVSS score of 7.8, is an integer underflow vulnerability in the parsing of 7Z files. An attacker can exploit this vulnerability by crafting a malicious 7Z file that, when opened by the victim, will cause the 7-Zip application to overwrite memory with arbitrary code. This code can then be executed, giving the attacker full control over the victim’s system.

This vulnerability can be exploited remotely. An attacker can simply trick the victim into opening a malicious 7Z file, perhaps by sending it to them in an email or uploading it to a malicious website. Once the victim opens the file, the exploit will be executed without any further interaction from the user.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Subscribers favorite #4

SysAid Zeroday Vulnerability Exploit Released- CVE-2023-47246

Security researchers from Huntress published the technical details and will release an exploit targeting a vulnerability chain for gaining remote code execution on unpatched SysAid IT support software.

SysAid, a beacon of support for IT infrastructures, released an advisory that pierced the veil on a previously hidden vulnerability. This disclosure came on the heels of an alert from Microsoft, which revealed that the notorious TA505, also dubbed “Lace Tempest” and linked to the cl0p ransomware syndicate, was exploiting this weakness in the wild

The vulnerability, catalogued as CVE-2023-47246, is a path traversal flaw that can be exploited to execute code within on-premises installations of SysAid’s software – a flaw that has since been sealed off in version 23.3.36 of the platform.

Advertisements

Subscribers favorite #5

Rhysida Gang adds Chinese CEEC to its victims list

The Rhysida ransomware group has added the China Energy Engineering Corporation (CEEC) to the list of victims on its Tor leak site. The CEEC is one of the largest state-owned companies in China that operates in the energy and infrastructure sectors. CEEC actively participates in developing and constructing a diverse range of energy projects, encompassing coal, hydropower, nuclear, and renewable energy initiatives.

The ransomware group claims to have stolen a substantial trove of ‘impressive data’ and is auctioning it for 50 BTC. The ransomware operators plan to sell the stolen data to a single buyer. The gang will publicly release the data over seven days following the announcement.

This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.