Security News > 2024 > March > Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk

Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk
2024-03-31 08:00

Beware! Backdoor found in XZ utilities used by many Linux distrosA vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns.

Drozer: Open-source Android security assessment frameworkDrozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier.

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warnsAround 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions "Are so outdated that security updates are no longer offered for them," the German Federal Office for Information Security has warned today.

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agenciesThe Cybersecurity and Infrastructure Security Agency has added CVE-2023-24955 - a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server - to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16.

8 cybersecurity predictions shaping the future of cyber defenseAmong Gartner's top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI. How security leaders can ease healthcare workers' EHR-related burnoutStaff experiencing burnout in healthcare settings is not something that security leaders typically worry about - unless, maybe, it is the security team itself that is suffering from it.

New infosec products of the week: March 29, 2024Here's a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes.

News URL

Related Vulnerability

2023-05-09 CVE-2023-24955 Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
Microsoft SharePoint Server Remote Code Execution Vulnerability
low complexity