Blog
Share This Post
[ad_1]
Threat actors have been actively exploiting a high-severity Microsoft SharePoint deserialization flaw, tracked as CVE-2024-38094, and a high-severity Samsung mobile processor use-after-free issue, tracked as CVE-2024-44068, according to The Hacker News.
Attacks leveraging the SharePoint bug, which could result in remote code execution, have prompted the bug’s inclusion in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the issue by Nov. 12. No details regarding the process of abusing the flaw were provided but the emergence of proof-of-concept exploits has increased the odds of compromise. On the other hand, the Samsung flaw was reported by Google Threat Analysis Group to have been leveraged in a privilege escalation attack chain even though the South Korean firm did not specify in-the-wild abuse. Both developments come after organizations were recommended to address KEVs, critical, and high-severity flaws within 14, 15, and 30 days, respectively, as part of more stringent security requirements proposed by CISA.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
