Post Content Read More
Related Posts
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
[[{“value”:”Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient.
"They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," the tech giant said in its latest report on East Asia hacking groups.
The company”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
CISA Warns Active Exploitation of Microsoft SharePoint Vulnerability
CISA Warns Active Exploitation of Microsoft SharePoint Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities Catalog following evidence of its active exploitation.
CVE-2024-38094 vulnerability affects Microsoft SharePoint and is categorized as a deserialization vulnerability.
Malicious cyber actors often target this type of security flaw because it can allow unauthorized remote code execution.
The vulnerability was initially disclosed on July 9, 2024, and has been assigned a maximum severity rating of “Important” by Microsoft, with a CVSS score of 7.2.
National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now
The weakness stems from the deserialization of untrusted data, classified under CWE-502.
Attackers can exploit such vulnerabilities to execute arbitrary code on affected systems, posing significant risks to organizations that rely on SharePoint for collaboration and data management.
CISA’s inclusion of this vulnerability in its catalog underscores its potential threat to the federal enterprise.
Under Binding Operational Directive (BOD) 22-01, federal agencies must address these known vulnerabilities by specified deadlines to safeguard their networks against active threats.
The directive emphasizes the importance of timely remediation as part of comprehensive vulnerability management practices.
While BOD 22-01 targets explicitly Federal Civilian Executive Branch (FCEB) agencies, CISA strongly advises all organizations to prioritize the remediation of cataloged vulnerabilities.
This proactive approach is crucial for reducing cyberattack exposure and protecting sensitive information.
CISA’s ongoing efforts to update the Known Exploited Vulnerabilities Catalog reflect its commitment to enhancing national cybersecurity resilience.
Organizations are encouraged to stay informed about emerging threats and implement robust security measures to mitigate risks associated with exploited vulnerabilities.
By addressing vulnerabilities like CVE-2024-38094 promptly, organizations can better defend against potential attacks and ensure the integrity and security of their digital assets.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
The post CISA Warns Active Exploitation of Microsoft SharePoint Vulnerability appeared first on Cyber Security News.
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn
An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar.
That’s according to a new report from Zimperium, which discovered more than 200 malicious apps associated with the malicious operation, with the threat actor also observed carrying out phishing attacks against the targeted financial institutions. Read More
The Hacker News | #1 Trusted Cybersecurity News Site