Microsoft Outlook Elevation of Privilege – CVE-2023-23397

CVE-2023-23397 is an elevation of privilege vulnerability in Microsoft Outlook that was assigned a CVSSv3 score of 9.8 with reports that it is activity being exploited in the wild. The vulnerability can be exploited by sending a malicious email to a vulnerable version of Outlook with an extended MAPI property with a UNC path to […]

Microsoft SPNEGO NEGOEX Vulnerability

Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX (CVE-2022-37958) to a designation of “Critical” (maximum severity for their products): CVSS score 8.1. The CVE had previously been given a designation of “Important”: CVSS score of 7.5, but recent analysis of the patch identified that the vulnerability allowed remote code execution in a similar manner to […]

Microsoft Exchange Zero-Day

Security researchers have warned that a zero-day flaw in Microsoft’s Exchange server is being actively exploited. So far, we know that the Microsoft Exchange zero-day allows for remote code execution and that the attackers are chaining a pair of zero-days to deploy Chinese Chopper web shells on compromised hosts. The first vulnerability, identified as CVE-2022-41040, […]

SonicWall advisory: Patches for SSLVPN SMA1000 Devices

SonicWall SSLVPN SMA1000 series appliances are affected by the multiple vulnerabilities listed below; organisations running previous versions of SSLVPN SMA1000 series firmware should upgrade to new firmware release versions. Affected Products: There is no evidence that these vulnerabilities are being exploited in the wild. Sources:https://thehackernews.com/2022/05/sonicwall-releases-patches-for-new.html

Russian Intelligence Service

Russian Intelligence Service – Overview Summary The Russian Intelligence Service is made up of various departments, of which the main three are, Chief Intelligence Office/Military Intelligence (GRU), Federal Security Service (FSB), and the Foreign Intelligence Service (SVR).  With the war in Ukraine still operational, it is likely that Russia will continue to carry out cyber […]

Five Eyes Warn of Russian Cyber Attacks Against Critical Infrastructure

The cybersecurity agencies of the United States, Britain, Australia, Canada and New Zealand – which together form the Five Eyes intelligence-sharing alliance – released a joint Cybersecurity Advisory (CSA) warning organisations that Russia may be targeting Critical Infrastructure within Ukraine and beyond her borders. There has been “an increased malicious cyber activity from Russian state-sponsored […]

Spring4Shell Vulnerability​

Executive Summary:​ ​A new zero-day vulnerability in the Spring Core Java framework dubbed ‘Spring4Shell’ has been publicly disclosed, allowing unauthenticated remote-code execution on applications.​ ​Spring by VMware is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as […]

Russia-Ukraine Malicious Cyber Activity

The Ukrainian government confirmed yesterday afternoon that another large-scale cyber attack is taking place; this is less than a week since websites were last targeted in a similar attack. “We’ve not seen something [like this] that’s taken it to a completely different level,” an official told the BBC. This large-scale cyber attack preceded Russia’s invasion […]

Russia-Ukraine Tensions Escalate​

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is encouraging increased cyber security awareness in a new “Shields Up” advisory released last week as tensions escalate between Ukraine and Russia. Russia has threatened new invasions against Ukraine as an escalation of the Russo-Ukrainian War that began in 2014. The cyber security implications of these threats have already been […]

Solarwinds Supply Chain Attack (Sunburst Malware)

Priority: Critical Executive Summary: A highly sophisticated attack using a trojanised version of SolarWinds’ Orion software has been discovered, affecting both private and public organisations globally.1 The attack is believed to have started as early as Spring 2020 and is still ongoing, making this an imminent threat to any organisation using SolarWinds Orion. The attackers […]