CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are as follows –

CVE-2024-49035 (CVSS score: 8.7) – An improper access control

Source link

Stay Safe Online: Essential Tips for Safer Internet Day

Is Your Phone Your Best Friend or a Silent Spy?

Wipe Your Digital Footprints with Data Wipe Software

No, you’re not fired – but beware of job termination scams

DeceptiveDevelopment targets freelance developers

Fake job offers target coders with infostealers

Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries

Three Password Cracking Techniques and How to Defend Against Them

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems

SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent

Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

AI-Powered Social Engineering: Ancillary Tools and Techniques

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

CISO's Expert Guide To CTEM And Why It Matters

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Debunking the AI Hype: Inside Real Hacker Tactics

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

Related posts:

Stay Safe Online: Essential Tips for Safer Internet Day

Is Your Phone Your Best Friend or a Silent Spy?

Wipe Your Digital Footprints with Data Wipe Software

No, you’re not fired – but beware of job termination scams

DeceptiveDevelopment targets freelance developers

Fake job offers target coders with infostealers

Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries

Three Password Cracking Techniques and How to Defend Against Them

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems

SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent

Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

AI-Powered Social Engineering: Ancillary Tools and Techniques

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

CISO's Expert Guide To CTEM And Why It Matters

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Debunking the AI Hype: Inside Real Hacker Tactics

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Leave a ReplyCancel Reply

EU Message to Zelensky: You Are Not Alone

Sami Sheen Joins OnlyFans at 18: What You Need to Know About Her Bold New Move

Canada should seek nuclear protection against US – ex-FM — RT World News

Macron’s White House visit a failure – Politico — RT World News

Transgender clinic in India shuts down after USAID funding freeze – media — RT India

Related posts:

Stay Safe Online: Essential Tips for Safer Internet Day

Is Your Phone Your Best Friend or a Silent Spy?

Wipe Your Digital Footprints with Data Wipe Software

No, you’re not fired – but beware of job termination scams

DeceptiveDevelopment targets freelance developers

Fake job offers target coders with infostealers

Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries

Three Password Cracking Techniques and How to Defend Against Them

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems

SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent

Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

AI-Powered Social Engineering: Ancillary Tools and Techniques

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

CISO's Expert Guide To CTEM And Why It Matters

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Debunking the AI Hype: Inside Real Hacker Tactics

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Leave a ReplyCancel Reply

Related Posts

Login to your account

Reset Password

Signup to your Account

Answers

Account Activation