Eine #Schwachstelle im Entpacken von Archiven in WinRAR wurde von Angreifenden ausgenutzt, um Schadware zu verbreiten. Das Öffnen sowie Extrahieren von nicht vertrauenswürdigen Dateien stellt eine Gefahr dar. Die Schwachstellen wurden geschlossen. #PatchNow
https://www.heise.de/news/WinRAR-Luecke-weitreichender-als-gedacht-9283622.html

RT @certbund: Eine Schwachstelle im Entpacken von Archiven in WinRAR wurde von Angreifenden ausgenutzt, um Schadware zu verbreiten. Das Öffnen sowie Extrahieren von nicht vertrauenswürdigen Dateien stellt eine Gefahr dar. Die Schwachstellen wurden geschlossen. #PatchNow
https://t.co/picO6CyHiy

❗️ #CERTWarnung ❗️
In Microsoft Office gibt es eine #ZeroDay #Schwachstelle, zu der bislang kein Patch zur Verfügung steht. Weitere aktiv ausgenutzte Sicherheitslücken wurden mit dem Juli #Patchday von Microsoft geschlossen. #PatchNow
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-248752-1012.html

In dem Datenübertragunsdienst MOVEit befindet sich erneut eine kritische #Schwachstelle. Der Hersteller arbeitet an einem Update, solange wird empfohlen den HTTP(s) Verkehr zur MOVEit-Umgebung als Workaround zu blockieren. #PatchNow
Weitere Informationen: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023

❗️ #CERTWarnung ❗️
Mit dem Juni #Patchday schließt Microsoft wieder zahlreiche Sicherheitslücken. Von besonderer Relevanz für Organisationen könnte dabei eine kritische #Schwachstelle in SharePoint Server sein #PatchNow https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-240436-1032.html

❗️ #CERTWarnung ❗️
In
@Cisco
Switches wurden mehrere kritische #Schwachstellen geschlossen, zu denen bereits PoC Exploit-Code existiert #Patchnow
Einige EoL-Produkte erhalten aber keine Patches mehr - vom Einsatz raten wir ab!
Mehr Infos: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-231640-1031.html

[#PatchNow] Microsoft has released a patch for a critical elevation of privilege #zeroday #vulnerability that has purportedly been used by threat actors linked to Russian Military Intelligence to compromise multiple European organizations over the past year.

According to Microsoft, "The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane."

(External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.)

All supported versions of Microsoft #Outlook for Windows are vulnerable. Online versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.

There is a script to help determine if your organization was targeted by actors attempting to use this vulnerability.

Bottom line: Test and patch this ASAP if your org uses Outlook.

Links to more info: https://exchange.xforce.ibmcloud.com/vulnerabilities/249053

https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2023-23397

#NTLMRelay #PassTheHash

❗️ #CERTWarnung ❗️
Im Rahmen des März-Patchdays hat #Microsoft unter anderem eine bereits ausgenutzte Schwachstelle in #Outlook geschlossen. Diese könnte für NTLM-Relay Angriffe missbraucht werden: https://bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-214328-1032.html
#PatchNow
Zeit für einen Wechsel zu Kerberos.

An exploit of the ZK Framework | #PatchNOW | https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-zk-java-framework-rce-flaw/

#PatchNow

#Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a #zeroday flaw that it said has been actively exploited in the wild.

Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the #WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution.

#cybersecurity #infosec

https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html

[#FYSA] [Vuln] Critical Vulnerabilities in #VMware Aria Operations for Logs: VMware released software to remediate four security vulnerabilities affecting #vRealize Log Insight (aka #AriaOperations for Logs) that could expose users to remote code execution attacks.

Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway.

https://thehackernews.com/2023/01/vmware-releases-patches-for-critical.html | #infosec #patchmanagement #patchnow #vulnerabilitymanagement

🚀​January 2023 Patch Tuesday addresses a massive 98 fixes!! That included 2 #zeroday flaws but only one of them is known to be actively exploited, which is the critical Windows flaw, tracked as CVE-2023-21674. This flaw allows an attacker with local privileges to elevate to system, the highest level of privileges. It has a CVSSv3 severity score of 8.8 out of 10. https://www.zdnet.com/article/microsofts-first-patch-tuesday-of-2023-delivers-a-massive-98-fixes | #infosec #patchtuesday #patchnow #cybersecurity #patchmanagement

[WARNING] Unauthenticated remote arbitrary code execution in #Citrix Application Delivery Controller (ADC) and Gateway (CVE-2022-27518) is widely exploited !!!
#PatchNow

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html #CyberSecurity #Samba #PatchNow

🚨VPN and Remote Access solutions by Fortinet and Citrix are being actively targeted again. Check out our new advisory + how we recently handled similar cases: https://secuinfra.com/en/techtalk/veraltete-vpn-und-remote-access-loesungen-laden-sie-cyberkriminelle-nicht-zu-weihnachten-ein/
#PatchNow, before Christmas 🎅

[#Vuln] [#SPENGO] [#PatchNow] Back in September 2022 a critical Microsoft vulnerability in the SPNEGO Extended Negotiation (#NEGOEX) Security Mechanism was disclosed.

Most recently, IBM X-Force Security Researcher, Valentina Palmiotti (@chompie), discovered that exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.

Due to that discovery, Microsoft has now classified this vulnerability as “Critical.” Test and patch ASAP. Original CVE: CVE-2022-37958 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958

Seems like this community is way more Information Technology (IT) savvy than folks in the Twitter space. But, just in case - it's Microsoft Patch Tuesday, all. This set includes fixes for 6 zero-day exploits. Time to patch if you run Windows.

https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2022-patch-tuesday-fixes-6-exploited-zero-days-68-flaws/

#Windowsisavirus #cyber #cybersecurity #exploits #patch #patchnow

RT @certbund@twitter.com

❗️ #CERTWarnung ❗️

2 #Schwachstellen (CVE-2021-39237 & CVE-2021-39238) in HP-Multifunktionsdruckern ermöglichen XSP-Angriffe, wodurch Angreifende die Kontrolle über die Drucker erlangen, Informationen stehlen oder Netzwerke infiltrieren können. #PatchNow

https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-548868-10M2.html

🐦🔗: https://twitter.com/certbund/status/1466034341662896135

RT @certbund@twitter.com

Am 02.03. (Veröffentlichung der Patches) gab es in Deutschland rund 65.000 #Exchange Server mit offen aus dem Internet erreichbarem #OWA.
Nach aktuellem Kenntnisstand sind davon heute ca. 5.000 nicht mehr aus dem Internet erreichbar und ca. 25.000 weiterhin verwundbar. #PatchNow!

🐦🔗: https://twitter.com/certbund/status/1369692087860465672

RT @HonkHase@twitter.com

Lolwhut?!? 😳

Microsoft saß seit 5.1.2021 schon auf dem #Exchange Cyber-Armageddon...

Wie lang es dann wohl vorher schon im Untergrund bekannt war? O_o

@briankrebs@twitter.com liefert die Timeline
#patchNow
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/

🐦🔗: https://twitter.com/HonkHase/status/1369409740875460608