Threat Intel: Thursday, March 28

Threat Intel Thursdays are a chance for you to keep your finger on the pulse of the cybersecurity landscape. Here we share items that are serious but did not rise to the level of an immediate threat intelligence email blast.

Stay safe and stay vigilant out there!

Our Thursday threat roundup:

End-of-Life Exchange Servers Still Experiencing Major Vulnerabilities: A phishing operation has been discovered using reputable document sharing platforms like Dropbox and Google Drive. These malicious documents are designed to bypass traditional email filters, tricking recipients into surrendering login details and spreading malware. Tightening email controls is advisable to mitigate these risks.  Threat Roundup:

Windows Releases an Emergency Fix for Domain Controller Crashes: Last week we addressed a recent Windows Security update for Windows Server machines that caused domain controllers everywhere to crash due to memory exhaustion. Since then, Windows has released an urgent security update addressing this issue. If affected, you can download the most recent update here.

Atlassian Patches Critical Vulnerability (CVE-2024-1597): Atlassian has addressed a severe security flaw that could allow hackers to execute code remotely, potentially taking control of affected systems. It’s crucial to update affected software promptly to safeguard against exploitation.

Critical Flaw Found in Fortinet FortiClient EMS: A critical vulnerability has been identified in Fortinet’s FortiClient EMS. This flaw could let attackers gain unauthorized access to the network. Updating to the latest version is recommended to close this security gap.

GitHub Account Hijackings: There’s a wave of attacks targeting GitHub accounts, exploiting compromised credentials to gain unauthorized access. Strengthening account security with multi-factor authentication and regular password changes is advised.

‘Darcula’ Smishing Attacks on the Rise: Smishing campaigns, dubbed ‘Darcula,’ are targeting postal service users, including USPS, with fraudulent messages. Being cautious of unsolicited texts and verifying through official channels can help avoid falling victim.

Active Exploitation of SharePoint RCE Bug: A remote code execution bug in Microsoft SharePoint is being actively exploited. Immediate patching is essential to prevent attackers from compromising systems remotely.

As we conclude this week’s insights, remember that staying informed and proactive can significantly reduce the impact of these threats.

Staying informed and implementing the right preventive measures, such as timely software updates and adopting a strong cybersecurity posture, are key steps in protecting your systems from potential threats.

Leave a Reply