Solutions: Threat Remediation

Michelle Drolet

What You Need to Know: In response to attacks aimed at hacking iPhones, iPads, and Macs, Apple issued urgent security updates that address two vulnerabilities, one of which is a zero-day vulnerability. The first vulnerability, tracked as CVE-2023-23529 [1,2], is a WebKit confusion zero-day that can lead to OS crashes and the execution of arbitrary

Michelle Drolet

What You Need to Know: A vulnerability was found in the open source JsonWebToken (JWT) library. According to Palo Alto Networks Unit 42, CVE-2022-23529 it could allow an attacker to achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token request. The vulnerability impacts JsonWebToken package version 8.5.1 and earlier.

Michelle Drolet

What You Need to Know: There are two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 is a vulnerability that allows for remote code execution when PowerShell is accessible to a threat actor. Microsoft stated that the current attacks are limited but the

Michelle Drolet

What You Need to Know: Apple released security updates for vulnerabilities found in iOS, iPadOS, MacOS Big Sur, and macOS Monterey. CVE-2022-32894 and CVE-2022-32893 are zero-day flaws that have code execution vulnerabilities being exploited by attackers in the wild. There are few details surrounding the vulnerabilities or how they were used, but the flaws are

Michelle Drolet

What You Need to Know: A large-scale phishing campaign was disclosed by ThreatLabz this week. The researchers observed the use of advanced phishing kits in a large campaign primarily targeting corporate enterprise users of Microsoft email servers. The threat actors behind the campaign have not been identified, but researchers observed the attackers using an adversary-in-the

Michelle Drolet

What You Need to Know: A hardcoded credentials vulnerability was found in the Questions for Confluence app and is under active exploitation. The vulnerability allows remote, unauthenticated attackers that know the hardcoded password for specific accounts in the app, to gain access to non-restricted pages in Confluence. CVE-2022-26138 was observed to be under active exploitation

Michelle Drolet

What You Need to Know: A zero-day vulnerability was found in the latest Widows 11 and Windows Server 2022 releases. CVE-2022-22047 is a local privilege escalation vulnerability found in the Windows Client and Windows Server Runtime Subsystem. Although Microsoft has issued a patch, the vulnerability is actively being exploited by attackers and has a CVSS

Michelle Drolet

What You Need to Know: Over the Fourth of July weekend, Google released a patch for a high-severity zero-day Chrome vulnerability. The vulnerability is being exploited in the wild and affects Google Chrome and other chromium-based browsers. The heap-based buffer overflow vulnerability is found in the WebRTC (Web-Real-Time Communications) component. The vulnerability is being tracked

Michelle Drolet

What You Need to Know: A ransomware attack was deployed against an unnamed target, using Mitel’s VoIP appliance an entry point. CVE-2022-29499 is actively being used by attackers to achieve remote code execution and to gain initial access to their victim’s environment. The vulnerability is rated 9.8 in severity on the CVSS vulnerability scoring system.

Michelle Drolet

What You Need to Know: Today, VMware issued patches for two security flaws discovered in Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerabilities are tracked as CVE-2022-22972 and CVE-2022-22973 and could be exploited to backdoor enterprise networks. The first vulnerability, CVE-2022-22972 has a critical CVSS score of 9.8 and is an authentication bypass