Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, April 27, 2024.
Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058
Google has addressed four vulnerabilities in its Chrome browser. The most critical vulnerability, designated CVE-2024-4058. This flaw resides within ANGLE, a component of Chrome that translates graphics commands. If successfully exploited, it could allow attackers to execute arbitrary code on a victim’s machine, potentially leading to data theft, malware installation, or further system compromise.
Two other “high” severity vulnerabilities were also patched in this release. CVE-2024-4059 and CVE-2024-4060……
ArcaneDoor Exploits Cisco ASA and FTD
Cisco has warned about a national-state actor who has been actively targeting two previously unknown security vulnerabilities in Cisco products since November to breach government networks. The campaign, dubbed ArcaneDoor and tracked as UAT4356, was first detected by Cisco when it was contacted by a customer earlier this year. The customer reported suspicious activity on its Cisco Adaptive Security Appliances.
Cisco has yet to identify the initial attack vector employed by the attacks, but during the investigation, it found that the threat actor was exploiting the two so-called zero-day vulnerabilities……
Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111
Security researcher has published a PoC exploit for a vulnerability in Oracle VirtualBox. This vulnerability plagues VirtualBox versions before 7.0.16 and allows attackers with basic access to a Windows system running VirtualBox to escalate their privileges.
The vulnerability tracked as CVE-2024-21111 exploits a flaw in how VirtualBox manages log files. Attackers can trick VirtualBox into misusing its high-level system privileges for deleting or moving files. This grants attackers the ability to manipulate critical files and potentially take complete control of the affected system……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
CISA KEV Update April 2024 – Part II
The US. CISA has issued a high-priority alert for federal agencies to patch two critical vulnerabilities found in Cisco products and one in the widely used file transfer tool, CrushFTP…….
Microsoft Office Zeroday Exploited -CVE-2017-8570
Threat actors are seen leveraging an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine.
The attack begins with the exploitation of CVE-2017-8570, a vulnerability first identified in 2017 that allows attackers to execute arbitrary code via specially crafted files for making initial access…..
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
