Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds

While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom.
Akira ransomware vulnerabilities have also surfaced in older Cisco products, and SolarWinds patched some remote code execution flaws in its Access Rights Manager product.
Your IT teams should regularly check your vendors' security bulletins for any vulnerability news or updates.
Also keep an eye on the last few weeks' vulnerability recaps, especially because we've seen repeat products that continue to be exploited.
The problem: Zoom recently patched a flaw that affected three of its Windows-facing software products: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.
The vulnerability, an improper input validation flaw, could permit unauthenticated users to access a network and then escalate their privileges.
The fix: The most recent version of the Zoom client fixes this vulnerability.
Users can download it manually, by navigating to Zoom's download page, or automatically, by opting to download the latest version when Zoom prompts them to do so.
Type of vulnerability: Multiple vulnerabilities, including remote code execution and privilege escalation.
The problem: Microsoft patched 73 vulnerabilities in its most recent Patch Tuesday event, which occurs every month.
Among the vulnerabilities is CVE-2024-21412, an Internet Shortcut Files flaw that allows an unauthenticated attacker to send a malicious file to a user.
Type of vulnerability: Remote unauthenticated access and potential credential data theft.
The problem: Researchers at cybersecurity company Truesec uncovered data that indicated Akira ransomware might be exploiting an old vulnerability within Cisco Adaptive Security Appliance and Firepower Threat Defense.
The vulnerability, CVE-2020-3259, was first discovered in May 2020.
On Thursday, February 15, the Cybersecurity and Infrastructure Security Agency added the vulnerability to its catalog after reports that it might be actively exploited again.
The problem: SolarWinds recently patched five remote code execution vulnerabilities in its Access Rights Manager product, which provisions, deprovisions, and manages employee access rights.
Three of the vulnerabilities have a critical CVE rating.
The fix: Upgrade all older versions of Access Rights Manager to 2023.2.3, which fixes all five of the RCE vulnerabilities.
The vulnerability exists in ExpressVPN Version 12 for Windows.
ExpressVPN first published the bulletin about this vulnerability early in February but updated it mid-February.


This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 19 Feb 2024 23:13:04 +0000


Cyber News related to Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds

Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
1 year ago Packetstormsecurity.com
CVE-2021-34423 - A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for ...
2 years ago
CVE-2021-34424 - A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune ...
2 years ago
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
11 months ago Techtarget.com
Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds - While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco ...
10 months ago Esecurityplanet.com
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 - COMMENTARY. In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion platform updates, and created a backdoor ...
1 year ago Darkreading.com
Zoom Launches AI Companion, Available at No Additional Cost - Zoom has pledged to provide artificial intelligence functions on its video-conferencing platform at no additional cost to paid clients. The tech firm believes that including these extra features as part of its paid platform service will provide a ...
11 months ago Cysecurity.news
SolarWinds Files Motion to Dismiss SEC Lawsuit - In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information ...
10 months ago Darkreading.com
Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
10 months ago Go.theregister.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
11 months ago Microsoft.com
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
1 year ago Packetstormsecurity.com
CVE-2023-22880 - Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 ...
1 year ago
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
1 year ago Packetstormsecurity.com
RCE vulnerabilities fixed in SolarWinds enterprise solutions - SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. The company whose Orion IT administration platform has been infamously compromised ...
10 months ago Helpnetsecurity.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
11 months ago Microsoft.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
11 months ago Techtarget.com
CVE-2022-28762 - Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain ...
2 years ago
Critical RCE flaws found in SolarWinds access audit solution - Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to ...
1 year ago Bleepingcomputer.com
Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
9 months ago Cybersecuritynews.com
Meta Considers Facebook News Ban In Australia - Meta says it may ban news content from Facebook in Australia if forced to pay licensing fees under 2021 law. Facebook parent Meta Platforms said it is considering banning news from the social media service if it is forced to pay licensing fees. She ...
5 months ago Silicon.co.uk
Best Platform To Catch Up on Crypto News? - That is why crypto publications such as InsideBitcoins.com are getting a lot of traction. These guides give a complete analysis of new and old cryptocurrencies through multiple perspectives. Crypto price predictions are where InsideBitcoins.com's ...
1 year ago Hackread.com
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare - APT29, the notorious Russian advanced persistent threat behind the 2020 SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity that could open the door to rampant software supply chain attacks. According to ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)