The influence of individual countries has evolved drastically due to the rapid advancements in digital technologies. Geographical constraints are no longer the sole determinants of power. In this episode, experts discuss how modern forces are reshaping global spheres of influence and impacting elections in major powers around the world. Chinese and Russian pragmatism is challenging […]
Florida Pediatric Associates (FPA) has disclosed that a data breach at Bowden Barlow Law may have impacted FPA health information. Fortunately, FPA’s systems were not affected as the breach was contained within Bowden Barlow’s environment. On December 27, 2023, Bowden Barlow notified FPA of a potential data security incident, indicating that certain patient data from […]
Recent research has shown that Magnet Goblin, a financially motivated threat actor group, exploits one-day vulnerabilities as a preliminary infection vector. The group predominantly targets public-facing servers and deploys Nerbian malware, such as NerbianRAT and MiniNerbian. Previous activities carried out by the threat actor group were detailed by security vendors, although at that point, none […]
The CISA has released a form that outlines the basic requirements for secure software development for organizations that create software for the government. The attestation specifies additional security measures that software providers must adhere to during the development process. This is crucial to ensure that the software used by the government is developed in a […]
Cloud adoption and enterprise cybersecurity were examined in a recent report and survey conducted by Nutanix. The report for this year indicates a projected doubling of hybrid multicloud model utilization over the next one to three years, as IT decision makers find themselves under new pressures to modernize their IT infrastructures due to factors like […]
Malicious actors often exploit major events to target the general public. Events that attract a large audience can be used as a platform to distribute malicious emails, links, and other forms of communication. As March Madness approaches, security leaders advise organizations to educate their employees about the potential risks associated with phishing campaigns and scams. […]
Critical Microsoft SharePoint Server Flaw (CVE-2023-24955) Actively Exploited! CISA Urges Patch by April 16th. Learn why patching is crucial and how to secure your servers.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging all US federal civilian agencies to patch a critical vulnerability (tracked as CVE-2023-24955) in the Microsoft SharePoint Server by April 16, 2024.
CISA has added CVE-2023-24955 to its Known Exploited Vulnerabilities (KEV) catalogue after confirming its active exploitation in the wild.
For your information CISA’s KEV catalog is designed for US Federal Civilian Executive Branch (FCEB) agencies but can be utilized by all organizations, including private ones, to enhance their vulnerability management efforts.
Vulnerability Details
CVE-2023-24955 (CVSS score 7.2) is a code injection vulnerability allowing remote code execution (RCE) on vulnerable Microsoft SharePoint servers. An authenticated attacker with Site Owner privileges can execute arbitrary code remotely on SharePoint servers. This means attackers could potentially take full control of affected systems, steal data, or launch further attacks within a network. It is a critical flaw already addressed by Microsoft in its May 2023 Patch Tuesday updates.
Why Such Urgency
CISA’s demand for an immediate patch reflects the potential for widespread damage if the vulnerability is not addressed. CISA has warned about two Microsoft SharePoint code injection vulnerabilities, CVE-2023-24955 and CVE-2023-29357 (a privilege escalation flaw in SharePoint Server), being exploited by malicious cyber actors, posing significant risks to federal enterprises. It is worth noting that CVE-2023-29357 was added to CISA’s KEV list in January 2024.
STAR Labs’ security researcher Nguyễn Tiến Giang (Janggggg) exploited both CVE-2023-24955 and CVE-2023-29357 in March 2023 at Pwn2Own Vancouver to achieve pre-authentication RCE on a patched device running SharePoint 2019, earning a $100,000 reward. Giang published a technical analysis and PoC exploit in December 2023 whereas in September 2023, a standalone PoC exploit for CVE-2023-29357 was published on GitHub.
Microsoft released patches in May and June 2023 to address both issues. However, it seems some organizations, including US federal agencies, have not yet applied the patch.
What Should Users Do?
This incident underscores the importance of timely patching for critical vulnerabilities and the potential impact of such vulnerabilities on government agencies.
Microsoft SharePoint Server users, particularly those in high-risk environments such as government agencies, are advised to patch their systems immediately, enable two-factor authentication, and keep software updated to minimize the risk of similar attacks.
Expert Opinion
Cybersecurity expert Ray Kelly from the Synopsys Software Integrity Group emphasizes the importance of patching and updating software regularly, especially for private and public-facing servers handling sensitive data.
“This CISA advisory highlights the importance of patching and updating your software regularly, especially for private and public-facing servers that handle sensitive data. These chained vulnerabilities are very serious because they allow attackers to circumvent authentication and execute code remotely on vulnerable servers,” Ray explained.
“However, it’s important to point out that security patches for these vulnerabilities have been available since last Summer. The fact that CISA is now warning us about active exploitation indicates that many organizations have failed to apply the necessary security updates promptly. Malicious actors will always look for the easy targets and an unpatched server will always be easing pickings for them,” he added.
New research by Silverfort has uncovered that a majority of businesses synchronize on-premises passwords with cloud environments, compromising the security of the cloud setup. This migration of on-premises vulnerabilities to the cloud environment creates a loophole that malicious actors can exploit. As organizations increasingly transition to cloud environments over the past decade, many have failed […]
According to researchers at Netcraft, a new phishing-as-a-service platform called darcula has been discovered. This platform, operating on over 20,000 phishing domains, provides cybercriminals with access to phishing templates and simplifies the deployment of phishing sites. Unlike other similar platforms, darcula has the ability to update in place, allowing for the incorporation of new features […]
A recent report by Dice analyzed the experiences of women in technology. According to the report, women technology professionals are more likely to be actively seeking a new job (38%) compared to men (30%). Women in tech still earn approximately 71 cents on the dollar compared to men with the same level of education, with […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
