Tag Archives: exploited

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild.

About CVE-2024-21412 and CVE-2024-21351

CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files.

In late December 2023, Trend Micro researcher Peter Girnus and his colleagues in the ZDI Threat Hunting team discovered the Water Hydra APT leveraging the flaw to infect victims with the DarkMe malware.

(Several other researchers, including two from Google’s Threat Analysis Group, reported the same vulnerability to Microsoft.)

“Water Hydra deployed a spearphishing campaign on forex trading…


Source link

Malicious actors exploited Microsoft Exchange to hack US defense infrastructure

















Malicious actors exploited Microsoft Exchange to hack US defense infrastructure | Security Magazine





Source link

Top web hosting platforms can easily be exploited using these threats

Cyber ​​security Researchers have successfully conducted remote code execution (RCE) and privilege escalation attacks on popular ones. Web hosting Control platform cPanel & WHM exploits a saved cross-site scripting (XSS) vulnerability.

in the meantime cPanel Is limited to managing a single hosting account, and cPanel and WHM allow administrators to manage the whole thing. server..


Source link

Top web hosting platform could be easily exploited using these threats

Cybersecurity researchers have successfully conducted remote code execution (RCE) and privilege escalation attacks on popular web hosting control platform cPanel & WHM by exploiting a stored cross-site scripting (XSS) vulnerability.

While cPanel is limited to managing a single hosting account, cPanel & WHM allows admins to manage the entire server


Source link

Top web hosting platform could be easily exploited using these threats

Cybersecurity researchers have successfully conducted remote code execution (RCE) and privilege escalation attacks on popular web hosting control platform cPanel & WHM by exploiting a stored cross-site scripting (XSS) vulnerability.

While cPanel is limited to managing a single hosting account, cPanel & WHM allows admins to manage the entire server


Source link