The Hacker News Daily Updates

"Microsoft fixes new Azure AD vulnerability impacting Bing Search and major apps."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 01 April 2023, 1328 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source: https://mail.google.com/mail/u/0/#inbox/FMfcgzGslkrfWfnDwklZPtVSqpVKrdNq ("The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

7 Key Takeaways to Passwordless Authentication Moving Past Passwords (At Last!) Download Now Sponsored

LATEST NEWS Apr 1, 2023

Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud ... Read More

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a ... Read More

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk! Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. "Improved code security enforcement in WooCommerce components," the ... Read More

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe," ... Read More

Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged to have created more than 100 ... Read More

Deep Dive Into 6 Key Steps to Accelerate Your Incident Response Organizations rely on Incident response to ensure they are immediately aware of security incidents, allowing for quick action to minimize damage. They also aim to avoid follow on attacks or future related incidents. The SANS Institute provides research and education on information security. In the upcoming webinar, we’ll outline, in detail, six components of a SANS incident response ... Read More

3CX Supply Chain Attack — Here's What We Know So Far Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS. The issue has been assigned the CVE identifier CVE-2023-29059. The company said it's engaging ... Read More

Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. "The Super FabriXss ... Read More

7 Key Takeaways to Passwordless Authentication Moving Past Passwords (At Last!) Download Now Sponsored