CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.8.FEB.24

Everything is on fire

PreviousCCTR.9.FEB.24NextCCTR.7.FEB.24

Last updated 1 year ago

Monday morning Cyber coffee read CCTR.8.FEB.24. It appears that many things are quite dynamic and lively at the moment (AKA Everything is on fire).

CVE-2024-21410 (CVSS 9.8): Microsoft Exchange Server vulnerability is Actively Exploited. Organisations running Exchange Server 2019 CU13 or earlier, with NTLM credentials Relay Protections enabled, are safeguarded against this vulnerability. Nevertheless, Microsoft highly recommends the installation of the latest cumulative update.

Ref https://www.malwarebytes.com/blog/news/2024/02/microsoft-exchange-vulnerability-actively-exploited

CVE-2024-21413 (CVSS 9.8): Microsoft Outlook Remote Code Execution Vulnerability. Threat actors without authentication can remotely exploit this vulnerability with simple attacks that don't require user interaction. This vulnerability affects several Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019. Having said that, this vulnerability may not only exist in Outlook family, but it may also exist in and affect other software that uses the affected APIs in an insecure way.

Ref https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/

CVE-2024-24691 (CVSS 9.6): This vulnerability in the Zoom client allows an unauthenticated threat actor to escalate privileges through network access. The brief description provided by Zoom lacks details, but the CVSS vector suggests it requires user interaction. This interaction may include actions such as clicking a link or opening a message attachment. Zoom has also issued patches to address six additional vulnerabilities.

Ref https://www.bleepingcomputer.com/news/security/zoom-patches-critical-privilege-elevation-flaw-in-windows-apps/

CVE-2024-21412 (CVSS 7.5): Microsoft Defender SmartScreen bypass vulnerability was exploited by a threat group known as Water Hydra (aka DarkCasino) that targeted financial market traders. They leveraged the vulnerability to bypass Microsoft Defender SmartScreen and infect victims with the DarkMe malware. Water Hydra exploited CVE-2023-38831 (WinRAR RCE) as a zero-day in April 2023 to target cryptocurrency traders. In January 2024, they updated their infection process, using CVE-2024-21412 (another 0day). This highlights a broader industry trend, indicating how APT threat actors can navigate around narrow patches by identifying new attack vectors around patched software.

Ref https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html

bleepingcomputer.com