Solutions: Physical Security Assessment

  Last week, Microsoft patched two zero-day vulnerabilities (CVE-2023-36884 and CVE-2023-38180). These vulnerabilities are part of Microsoft’s August 2023 Patch Tuesday, which also includes security updates for 87 vulnerabilities. Both of these vulnerabilities were exploited in cyberattacks, and one of them was publicly disclosed prior to the patch release. CVE-2023-36884 CVE-2023-36884 is a remote code

What You Need to Know: A zero-day vulnerability (CVE-2023-28252) was found in the Windows Common Log File System (CLFS) and is being actively exploited. The vulnerability allows attackers to gain SYSTEM privileges on target Windows systems and deploy Nokoyawa ransomware payloads. CISA’s Known Exploited Vulnerabilities catalog now includes CVE-2023-28252, which impacts all versions of supported

What You Need to Know: In response to attacks aimed at hacking iPhones, iPads, and Macs, Apple issued urgent security updates that address two vulnerabilities, one of which is a zero-day vulnerability. The first vulnerability, tracked as CVE-2023-23529 [1,2], is a WebKit confusion zero-day that can lead to OS crashes and the execution of arbitrary

What You Need to Know: A vulnerability was found in the open source JsonWebToken (JWT) library. According to Palo Alto Networks Unit 42, CVE-2022-23529 it could allow an attacker to achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token request. The vulnerability impacts JsonWebToken package version 8.5.1 and earlier.

What You Need to Know: There are two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 is a vulnerability that allows for remote code execution when PowerShell is accessible to a threat actor. Microsoft stated that the current attacks are limited but the

What You Need to Know: Apple released security updates for vulnerabilities found in iOS, iPadOS, MacOS Big Sur, and macOS Monterey. CVE-2022-32894 and CVE-2022-32893 are zero-day flaws that have code execution vulnerabilities being exploited by attackers in the wild. There are few details surrounding the vulnerabilities or how they were used, but the flaws are

What You Need to Know: A large-scale phishing campaign was disclosed by ThreatLabz this week. The researchers observed the use of advanced phishing kits in a large campaign primarily targeting corporate enterprise users of Microsoft email servers. The threat actors behind the campaign have not been identified, but researchers observed the attackers using an adversary-in-the

What You Need to Know: A hardcoded credentials vulnerability was found in the Questions for Confluence app and is under active exploitation. The vulnerability allows remote, unauthenticated attackers that know the hardcoded password for specific accounts in the app, to gain access to non-restricted pages in Confluence. CVE-2022-26138 was observed to be under active exploitation

What You Need to Know: A zero-day vulnerability was found in the latest Widows 11 and Windows Server 2022 releases. CVE-2022-22047 is a local privilege escalation vulnerability found in the Windows Client and Windows Server Runtime Subsystem. Although Microsoft has issued a patch, the vulnerability is actively being exploited by attackers and has a CVSS

What You Need to Know: Over the Fourth of July weekend, Google released a patch for a high-severity zero-day Chrome vulnerability. The vulnerability is being exploited in the wild and affects Google Chrome and other chromium-based browsers. The heap-based buffer overflow vulnerability is found in the WebRTC (Web-Real-Time Communications) component. The vulnerability is being tracked