Security News > 2024 > February > Week in review: AnyDesk phishing campaign targets employees, Microsoft fixes exploited zero-days
The future of cybersecurity: Anticipating changes with data analytics and automationIn this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats.
Rise in cyberwarfare tactics fueled by geopolitical tensionsIn this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024.
Critical Fortinet FortiOS flaw exploited in the wildFortinet has patched critical remote code execution vulnerabilities in FortiOS, one of which is "Potentially" being exploited in the wild.
Roundcube webmail XSS vulnerability exploited by attackersCVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities catalog.
Microsoft patches two zero-days exploited by attackersOn February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days that are being leveraged by attackers in the wild.
Collaboration at the core: The interconnectivity of ITOps and securityIn this Help Net Security video, Krista Macomber, Research Director at The Futurum Group, discusses how IT and security teams increasingly unite against cyber threats.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-22 | CVE-2023-43770 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 |