Security News > 2024 > February > Week in review: AnyDesk phishing campaign targets employees, Microsoft fixes exploited zero-days

Week in review: AnyDesk phishing campaign targets employees, Microsoft fixes exploited zero-days
2024-02-18 09:00

The future of cybersecurity: Anticipating changes with data analytics and automationIn this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats.

Rise in cyberwarfare tactics fueled by geopolitical tensionsIn this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024.

Critical Fortinet FortiOS flaw exploited in the wildFortinet has patched critical remote code execution vulnerabilities in FortiOS, one of which is "Potentially" being exploited in the wild.

Roundcube webmail XSS vulnerability exploited by attackersCVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities catalog.

Microsoft patches two zero-days exploited by attackersOn February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days that are being leveraged by attackers in the wild.

Collaboration at the core: The interconnectivity of ITOps and securityIn this Help Net Security video, Krista Macomber, Research Director at The Futurum Group, discusses how IT and security teams increasingly unite against cyber threats.


News URL

https://www.helpnetsecurity.com/2024/02/18/week-in-review-anydesk-phishing-campaign-targets-employees-microsoft-fixes-exploited-zero-days/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-43770 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
network
low complexity
roundcube debian CWE-79
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 701 775 4527 4650 3617 13569