Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 15, 2023

Wednesday

Microsoft Releases Fixes for 80 New Security Vulnerabilities, Two of Which Are Active Attacks

Microsoft is releasing patches for 80 security issues in its Patch Tuesday release for March 2023, two of which are now being actively exploited in the wild.


Eight of the 80 defects are classified as Critical, 71 as Important, and one as Moderate. The improvements come on top of the 29 bugs the tech giant recently resolved in its Edge browser, which is based on Chromium.


The two flaws that have been actively attacked are a Windows SmartScreen security feature bypass and a privilege escalation bug in Microsoft Outlook (CVE-2023-23397, CVSS score: 9.8). (CVE-2023-24880, CVSS score: 5.1).


The CVE-2023-23397 vulnerability is activated when an attacker delivers a message with an extended MAPI attribute with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server, according to a stand-alone advisory from Microsoft.


By sending a carefully prepared email, a threat actor might take advantage of this vulnerability, activating it when the Outlook client for Windows retrieves and processes it.

NEWS 1
Microsoft Releases Fixes for 80 New Security Vulnerabilities, Two of Which Are Active Attacks

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Kubernetes is the target of the first-known Dero crypto jacking operation.

An insecure Kubernetes container orchestrator infrastructure with accessible APIs has been the target of the first documented crypto-jacking operation that mines the Dero coin.

Dero is a privacy coin that is positioned as a stronger anonymity protection option to Monero.

Dero promises faster and greater financial mining returns than Monero or other cryptocurrencies, which is possibly why threat actors are interested in it.

According to the researchers, the assaults begin with the threat actors scanning unprotected, exposed Kubernetes clusters that have authentication configured to —anonymous-auth=true, giving anyone anonymous access to the Kubernetes API.

The newly installed miners will be added to a Dero mining pool, where each participant contributes hashing power and participates in any winnings.

The effort appears to be entirely driven by financial gain, as Crowdstrike’s researchers have observed no attempt by the threat actors to migrate laterally, disrupt the cluster operation, steal data, or inflict more harm.

The second threat actor carried out a considerably more aggressive takeover of the cluster, using a privileged pod and mounting a “host” directory in an attempt to exit the container, after deleting the “proxy-API” DaemonSet used by the Dero campaign.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 15, 2023 /

Wednesday

Hackerzhome News

2

Have you heard?
Microsoft Issues Warning About Widespread Usage Of Phishing Kits For Daily Millions Of Emails Know more!

SAP publishes security upgrades that address five serious flaws.

SAP publishes security upgrades that address five serious flaws.

SAP, a software manufacturer, has provided security fixes for 19 vulnerabilities, five of which are classified as the serious, necessitating immediate application by administrators in order to reduce risks.

Many products were affected by the issues that were resolved this month, but SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver were the two most severely affected.

More specifically, the following five issues have been resolved this time:CVE-2023-25616: Critical severity (CVSS v3: 9.9), CVE-2023-27269: Critical severity (CVSS v3: 9.6), CVE-2023-23857: Critical severity (CVSS v3: 9.8), CVE-2023-27500: Critical severity (CVSS v3: 9.6), and, CVE-2023-25617: Critical severity (CVSS v3: 9.0).

Because SAP products are widely utilized by large enterprises globally and can operate as entry points to incredibly valuable systems, they make good targets for threat actors.

With 425,000 clients in 180 countries and a 24% market share globally, SAP is the largest ERP provider in the world. Its ERP, SCM, PLM, and CRM products are used by more than 90% of the Forbes Global 2000.

In order to avoid data theft, ransomware attacks, and the disruption of mission-critical operations and processes, the US Cybersecurity and Infrastructure Security Agency (CISA) recommended admins patch a number of serious vulnerabilities affecting SAP business apps in February 2022.

NEWS 3

Reddit's massive outage prevents access to the site and mobile applications.

Reddit's massive outage prevents access to the site and mobile applications.
NEWS 4

Reddit is looking into a significant outage that is preventing users from accessing its mobile apps and website globally.

Users currently see “Our CDN was unable to contact our servers” and “All of our servers are busy right now. Please try once more in a moment.” errors.

According to its official status page, Reddit’s website and applications are now unavailable, and its engineers are attempting to determine the problem.

Currently, Reddit is unavailable. According to the company’s incident report, which was posted 21 minutes ago at 12:18 PDT, we’re trying to figure out the problem.

Reddit has not yet determined what is causing these connection problems, however, the errors that impacted users are now reporting seem to indicate persistent CDN configuration problems.

A recent partial outage on February 10 that lasted over four hours on the social network also had an impact, leaving desktop users with a substantially diminished search experience and stale subreddit feeds.

On February 15, five days later, Reddit experienced a significant outage that “prevented comments, awards, and karma from displaying or processing correctly” for about 30 minutes.

SVB collapse is used by cybercriminals to steal money and data.

Although the March 10, 2023, failure of the Silicon Valley Bank (SVB) has caused upheaval throughout the whole global financial system, hackers, con artists, and phishing schemes are taking full advantage of the situation.

Threat actors are already registering strange domains, creating phishing pages, and preparing for business email compromise (BEC) attacks, according to various security researchers.

SVB was the largest bank by deposits in Silicon Valley, California, and a U.S.-based commercial bank that ranked 16th nationwide.

The bank went under on March 10, 2023, as a result of a run on its deposits. This failure was the second-biggest in American history and the greatest bank failure since the financial crisis of 2007–2008.

According to yesterday’s revelation by security researcher Johannes Ulrich, threat actors are seizing the chance and registering dubious domains with ties to SVB that will almost certainly be utilized in attacks.

Ulrich said that con artists would try to get in touch with former SVB customers and offer them a support package, legal counsel, loans, or other fake services related to the bank’s failure.

NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: