{"id":15817,"date":"2023-03-10T14:02:44","date_gmt":"2023-03-10T21:02:44","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=15817"},"modified":"2023-05-02T14:41:04","modified_gmt":"2023-05-02T21:41:04","slug":"securins-threat-intelligence-mar-6-2023-mar-10-2023","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/securins-threat-intelligence-mar-6-2023-mar-10-2023\/","title":{"rendered":"Securin&#8217;s Threat Intelligence: Mar 6, 2023 &#8211; Mar 10, 2023"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15817\" class=\"elementor elementor-15817\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1c7926eb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1c7926eb\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-33243357\" data-id=\"33243357\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-cc45ac1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc45ac1\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-9a03310\" data-id=\"9a03310\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-91253d0 elementor-widget elementor-widget-text-editor\" data-id=\"91253d0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: left;\"><strong><span style=\"color: #000000;\">This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.<\/span><\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c6088c elementor-widget elementor-widget-heading\" data-id=\"0c6088c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Why play catch up when you can fix it now?<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-634700b elementor-widget elementor-widget-spacer\" data-id=\"634700b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5981555 elementor-widget elementor-widget-heading\" data-id=\"5981555\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5fa93a elementor-widget elementor-widget-text-editor\" data-id=\"c5fa93a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#active-spear-phishing-campaign-against-the-maritime-industry\">Active Spear-Phishing Campaign Against the Maritime Industry<\/a><\/li><li><a href=\"#CISA-Adds-Three-Vulnerabilities-to-the-KEV\">CISA Adds Three Vulnerabilities to the KEV<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2952cac elementor-widget elementor-widget-heading\" data-id=\"2952cac\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33b4b1b elementor-widget elementor-widget-text-editor\" data-id=\"33b4b1b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul dir=\"ltr\"><li><a href=\"#poc-released-for-oracle-vulnerability\">Proof of Concept Released for Oracle Vulnerability<\/a><\/li><li><a href=\"#poc-Released-for-CVE-2023-21716\">Proof of Concept (PoC) Released for CVE-2023-21716<\/a><\/li><li><a href=\"#VMware-NSX-Manager-Vulnerabilities-Actively-Exploited-In-The-Wild\"><span style=\"font-weight: 400;\">VMware NSX Manager Vulnerabilities Actively Exploited In The Wild<\/span><\/a><\/li><li><a href=\"#CVE-2023-25610-Fortinet-Vulnerability\">CVE-2023-25610: Fortinet Vulnerability<\/a><\/li><li><a href=\"#CVE-2023-27532-Veeam-Vulnerability-Fixed\"><span style=\"font-weight: 400;\">CVE-2023-27532: Veeam Vulnerability Fixed<\/span><\/a><\/li><li><a href=\"#CVE-2023-21768-Windows-Vulnerability\"><span style=\"font-weight: 400;\">CVE-2023-21768: Windows Vulnerability<\/span><\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e6aeae0 elementor-widget elementor-widget-spacer\" data-id=\"e6aeae0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-285ec51 elementor-widget elementor-widget-heading\" data-id=\"285ec51\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dac80e2 elementor-widget elementor-widget-spacer\" data-id=\"dac80e2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fdb465c elementor-widget elementor-widget-menu-anchor\" data-id=\"fdb465c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"active-spear-phishing-campaign-against-the-maritime-industry\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45adb75 elementor-widget elementor-widget-heading\" data-id=\"45adb75\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Active Spear-Phishing Campaign Against the Maritime Industry<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ac5ca53 elementor-widget elementor-widget-text-editor\" data-id=\"ac5ca53\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">A spear-phishing campaign spanning over multiple years has been targeting entities in the maritime industry. The threat actors seem to have a financial motivation in carrying out these attacks. The emails contain malicious files which exploit <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2017-0199\" target=\"_blank\" rel=\"noopener\">CVE-2017-0199<\/a>, a Microsoft Office vulnerability. Once initial access is gained, the threat actor uses remote access trojans (RATs) such as Agent Tesla and Formbook to harvest sensitive information like credentials, session tokens, and email lists. This information is used to either launch more attacks or sold to provide initial access to other operators. Since the maritime industry holds sensitive information regarding shipping, it needs to step up cyber security measures.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0caf245 elementor-widget elementor-widget-spacer\" data-id=\"0caf245\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ab028fc elementor-widget elementor-widget-menu-anchor\" data-id=\"ab028fc\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"CISA-Adds-Three-Vulnerabilities-to-the-KEV\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-51aa5a8 elementor-widget elementor-widget-heading\" data-id=\"51aa5a8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CISA Adds Three Vulnerabilities to the KEV<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1524342 elementor-widget elementor-widget-text-editor\" data-id=\"1524342\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">CVE-2022-35914, CVE-2022-33891, and CVE-2022-28810 were added to the CISA KEV catalog on 7 March, 2022.\u00a0<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2022-28810\" target=\"_blank\" rel=\"noopener\">CVE-2022-28810<\/a> is a Zoho ManageEngine ADSelfService Plus remote code execution vulnerability. Attackers can gain access to the ADSelfService Plus platform easily if a\u00a0 default administrator password is used by the customers. A remote, partially authenticated attacker can also send malicious scripts and inject arbitrary commands by exploiting this vulnerability.<\/span><\/li><\/ul><p><strong>ManageEngine <a href=\"https:\/\/www.manageengine.com\/products\/self-service-password\/advisory\/CVE-2022-28810.html%20%20.\" target=\"_blank\" rel=\"noopener\">fixed<\/a> CVE-2022-28810 in builds 6122 and above.<\/strong><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-33891\" target=\"_blank\" rel=\"noopener\">CVE-2022-33891<\/a> is an Apache Spark command injection vulnerability. An attacker can exploit this vulnerability to build a Unix shell command based on their input, and execute it as the user.\u00a0<\/span><\/li><\/ul><p><strong>Apache has asked its users to <a href=\"https:\/\/lists.apache.org\/thread\/p847l3kopoo5bjtmxrcwk21xp6tjxqlc%20%20.\" target=\"_blank\" rel=\"noopener\">patch<\/a> this vulnerability as soon as possible.<\/strong><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2022-35914\" target=\"_blank\" rel=\"noopener\">CVE-2022-35914<\/a> is a Teclib GLPI remote code execution vulnerability that allows an attacker to inject PHP code. It affects glpi-project versions up to (including) 10.0.2.\u00a0<\/span><\/li><\/ul><p><strong>Here is the <a href=\"https:\/\/packetstormsecurity.com\/files\/169501\/GLPI-10.0.2-Command-Injection.html\" target=\"_blank\" rel=\"noopener\">patch<\/a> for this vulnerability.<\/strong><\/p><p><span style=\"font-weight: 400;\">All Federal agencies are required to patch these vulnerabilities before 28-03-3023.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0371f6b elementor-widget elementor-widget-spacer\" data-id=\"0371f6b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb7c0c2 elementor-widget elementor-widget-heading\" data-id=\"fb7c0c2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-40c3f1b elementor-widget elementor-widget-spacer\" data-id=\"40c3f1b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1566b32 elementor-widget elementor-widget-menu-anchor\" data-id=\"1566b32\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"poc-released-for-oracle-vulnerability\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0345e89 elementor-widget elementor-widget-heading\" data-id=\"0345e89\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Proof of Concept (PoC) Released for Oracle Vulnerability<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0737983 elementor-widget elementor-widget-text-editor\" data-id=\"0737983\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">The proof of concept for the exploit of <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-21839\" target=\"_blank\" rel=\"noopener\">CVE-2023-21839<\/a> has been\u00a0<a href=\"https:\/\/github.com\/4ra1n\/CVE-2023-21839\" target=\"_blank\" rel=\"noopener\">released<\/a>\u00a0publicly. This Oracle WebLogic vulnerability will allow an unauthenticated attacker to gain network access via T3, IIOP and execute code remotely.\u00a0 <strong>Oracle has already\u00a0<a href=\"https:\/\/www.oracle.com\/security-alerts\/cpujan2023.html\" target=\"_blank\" rel=\"noopener\">patched<\/a>\u00a0this vulnerability.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-928d6e3 elementor-widget elementor-widget-spacer\" data-id=\"928d6e3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ccbf925 elementor-widget elementor-widget-menu-anchor\" data-id=\"ccbf925\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"poc-Released-for-CVE-2023-21716\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c03c5d6 elementor-widget elementor-widget-heading\" data-id=\"c03c5d6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Proof of Concept (PoC) Released for CVE-2023-21716<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0614b2e elementor-widget elementor-widget-text-editor\" data-id=\"0614b2e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-21716\" target=\"_blank\" rel=\"noopener\">CVE-2023-21716<\/a> is a vulnerability in Microsoft Office\u2019s \u201cwwlib.dll\u201d. It has a score of 9.8 on the CVSS scale. It allows a remote attacker to execute code with the same privileges as the victim that opens a malicious .RTF document. Microsoft <\/span><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21716\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">addressed<\/span><\/a><span style=\"font-weight: 400;\"> this vulnerability in the February Patch Tuesday. The proof of concept for its exploit was <\/span><a href=\"https:\/\/qoop.org\/publications\/cve-2023-21716-rtf-fonttbl.md\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">released<\/span><\/a><span style=\"font-weight: 400;\"> recently.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1bc4bf5 elementor-widget elementor-widget-spacer\" data-id=\"1bc4bf5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6a83497 elementor-widget elementor-widget-menu-anchor\" data-id=\"6a83497\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"VMware-NSX-Manager-Vulnerabilities-Actively-Exploited-In-The-Wild\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-302e3f0 elementor-widget elementor-widget-heading\" data-id=\"302e3f0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">VMware NSX Manager Vulnerabilities Actively Exploited In The Wild<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-23c613a elementor-widget elementor-widget-text-editor\" data-id=\"23c613a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-21716\" target=\"_blank\" rel=\"noopener\">CVE-2023-21716<\/a> is a vulnerability in Microsoft Office\u2019s \u201cwwlib.dll\u201d. It has a score of 9.8 on the CVSS scale. It allows a remote attacker to execute code with the same privileges as the victim that opens a malicious .RTF document. Microsoft <\/span><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21716\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">addressed<\/span><\/a><span style=\"font-weight: 400;\"> this vulnerability in the February Patch Tuesday. The proof of concept for its exploit was <\/span><a href=\"https:\/\/qoop.org\/publications\/cve-2023-21716-rtf-fonttbl.md\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">released<\/span><\/a><span style=\"font-weight: 400;\"> recently.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ab6c30a elementor-widget elementor-widget-spacer\" data-id=\"ab6c30a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-807e749 elementor-widget elementor-widget-menu-anchor\" data-id=\"807e749\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"CVE-2023-25610-Fortinet-Vulnerability\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8520215 elementor-widget elementor-widget-heading\" data-id=\"8520215\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-25610: Fortinet Vulnerability<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0505349 elementor-widget elementor-widget-text-editor\" data-id=\"0505349\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-25610\" target=\"_blank\" rel=\"noopener\">CVE-2023-25610<\/a> impacts FortiOS and FortiProxy. It rates 9.3 on the CVSS scale and can allow an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. <strong>Fortinet has released a <\/strong><\/span><strong><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-23-001\" target=\"_blank\" rel=\"noopener\">security advisory<\/a> for this vulnerability and urges users to patch it immediately.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-29397f4 elementor-widget elementor-widget-spacer\" data-id=\"29397f4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fc2993c elementor-widget elementor-widget-menu-anchor\" data-id=\"fc2993c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"CVE-2023-27532-Veeam-Vulnerability-Fixed\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-19f0028 elementor-widget elementor-widget-heading\" data-id=\"19f0028\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-27532: Veeam Vulnerability Fixed<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ad59d9 elementor-widget elementor-widget-text-editor\" data-id=\"1ad59d9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">A high-severity vulnerability,\u00a0 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-27532\" target=\"_blank\" rel=\"noopener\">CVE-2023-27532<\/a> is found in Veeam&#8217;s Backup &amp; Replication software. It allows unauthenticated attackers to access backup infrastructure hosts after obtaining encrypted credentials stored in the VeeamVBR configuration database. Veeam provides a temporary workaround and also a <\/span><a href=\"https:\/\/www.veeam.com\/kb4424\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">patch<\/span><\/a><span style=\"font-weight: 400;\"> for the vulnerability in versions V11 and V12.\u00a0<\/span><\/p><p><b>Workaround<\/b><span style=\"font-weight: 400;\">: As a temporary workaround you can block access to TCP port 9401 on your Veeam Backup &amp; Replication server. This will affect the connection of mount servers to the VBR server, so only use this if you don&#8217;t have a distributed Veeam environment. And still apply the patch as soon as possible.<\/span><\/p><p><strong>Users are recommended to upgrade to the V11 or V12 immediately.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a703d28 elementor-widget elementor-widget-spacer\" data-id=\"a703d28\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5c35d8e elementor-widget elementor-widget-menu-anchor\" data-id=\"5c35d8e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"CVE-2023-21768-Windows-Vulnerability\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ed2933c elementor-widget elementor-widget-heading\" data-id=\"ed2933c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-21768: Windows Vulnerability<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a8f387 elementor-widget elementor-widget-text-editor\" data-id=\"3a8f387\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">This Windows Ancillary Function Driver vulnerability, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-21768\" target=\"_blank\" rel=\"noopener\">CVE-2023-21768<\/a>,\u00a0 can lead to privilege escalation if exploited. A <\/span><a href=\"https:\/\/github.com\/xforcered\/Windows_LPE_AFD_CVE-2023-21768\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">proof of concept<\/span><\/a><span style=\"font-weight: 400;\"> has been released for this exploit. <strong>Since Microsoft already <\/strong><\/span><strong><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21768\" target=\"_blank\" rel=\"noopener\">patched<\/a> this vulnerability in the January Patch Tuesday, users should apply it immediately in their respective devices before attackers exploit it. <\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a91914 elementor-widget elementor-widget-spacer\" data-id=\"3a91914\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-470b0ab elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"470b0ab\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-2ba045e\" data-id=\"2ba045e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fa398dc elementor-widget elementor-widget-spacer\" data-id=\"fa398dc\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc3ccab elementor-widget elementor-widget-text-editor\" data-id=\"dc3ccab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: center;\">Follow our weekly Threat Intelligence Series and podcast for proactive alerts on trending threats.<\/p><p dir=\"ltr\" style=\"text-align: center;\"><strong>Leverage our expertise and manage your threats continuously to stay safe from attackers.\u00a0<\/strong><a href=\"https:\/\/webdev.securin.xyz\/contact-us\/\" target=\"_blank\" rel=\"noopener\">Talk to Us!<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13dcfd8 elementor-widget elementor-widget-spacer\" data-id=\"13dcfd8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3ac6eb elementor-widget elementor-widget-menu-anchor\" data-id=\"b3ac6eb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"VMware-NSX-Manager-Vulnerabilities-Actively-Exploited-In-The-Wild\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.<\/p>\n","protected":false},"author":1,"featured_media":13471,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,146],"tags":[619,541,620,454,554,369],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15817"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=15817"}],"version-history":[{"count":28,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15817\/revisions"}],"predecessor-version":[{"id":18165,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15817\/revisions\/18165"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/13471"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=15817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=15817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=15817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}