May 2, 2024

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, February 3rd, 10th, 17th, 2024

PoC for Oracle WebLogic RCE Flaw -CVE-2024-20931

PoC exploit has been published for Oracle WebLogic Server vulnerability, CVE-2024-20931 with a CVSS of 7.5, leading to arbitrary code execution and affects the Oracle WebLogic Server, particularly its T3/IIOP protocol. This revelation comes as part of Oracle’s January 2024 patch update, aiming to fortify its defenses against a new class of cyber threats.

The vulnerability was first reported to Oracle in October 2023, manifesting as a bypass for a previously identified vulnerability (CVE-2023-21839). This previous vulnerability, also within the Oracle WebLogic Server, laid the groundwork for the discovery of CVE-2024-20931.

Microsoft Exchange Server Vulnerability Actively Exploited – CVE-2024-21410

Microsoft has raised the alarm on a critical security vulnerability within the Exchange Server  that is tracked as CVE-2024-21410CVSS 9.8 that has already been exploited in the wild before this month’s Patch Tuesday fixes. This flaw offers remote, unauthenticated threat actors a pathway to privilege escalation through NTLM relay attacks.

This vulnerability targets weaknesses in the NTLM protocol. Attackers can leverage NTLM credential leaks on clients and relay these credentials against vulnerable Exchange Servers, effectively impersonating the targeted user. Successful exploitation grants attackers elevated privileges, paving the way for further malicious activity.

Advertisements

Fortinet fixes critical vulnerabilities in FortiSIEM

Fortinet has warned that two critical-severity vulnerabilities in FortiSIEM could lead to remote code execution. The issues, tracked as CVE-2024-23108 and CVE-2024-23109 both has a CVSS score of 10, as they can be exploited without authentication.

Each of these bugs is described as “improper neutralization of special elements”, and both appear linked to CVE-2023-34992 (CVSS score of 9.8), which was addressed in October 2023. Fortinet has merged both the flaws into the initial advisory on CVE-2023-34992, which suggests that the three issues might be connected or that they are variations of the same vulnerability.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

AnyDesk Data Exposure leads to data available on DarkWeb

Researchers from Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web. This information acts as a source of new attacks, including targeted phishing campaigns, and the probability of a successful compromise could increase significantly.

The sources and methods of acquiring such data may vary and depend on the particular bad actors’ TTPs. By gaining access to the AnyDesk portal, threat actors could learn details about used license key, number of active connections, duration of sessions, customer ID and contact information, email associated with the account, and the total number of hosts with remote access management software activated, along with their online or offline status and IDs.

Microsoft Azure Environment targeted by malicious campaign

Proofpoint has observed a new malicious campaign targeting dozens of Microsoft Azure environments. The campaign started in November 2023 and is still active, Proofpoint warned in a security advisory published February 12, 2024

Threat actors have targeted hundreds of individuals with multiple operational and executive roles across different organizations. The threat actors send their victims to spear phishing lures that include shared documents.

Advertisements

Microsoft Patch Tuesday – February -2024 Valentine Day Special

Microsoft has released patches for 73 CVEs in its February Patch Tuesday release, with five rated critical, 66 rated as important and two rated as moderate.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

1 thought on “TheCyberThrone Security Week In Review – February 17, 2024

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Post

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – April, 2024

May 1, 2024

TheCyberThrone Security Week In Review – April 27, 2024

April 28, 2024

You may have missed

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – April, 2024

May 1, 2024

CISA adds CVE-2024-29988 to its KEV catalog

May 1, 2024

CISA releases guidelines on AI Based attacks

May 1, 2024

Synopsys introduced AI Powered Polaris Assist

April 30, 2024

Palo Alto Bug CVE-2024-3400 Exploited to install XMRig Malware

April 30, 2024

QNAP Releases Patches for Critical Vulnerabilities -CVE-2024-32766 & CVE-2024-32764

April 29, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading