In the dynamic realm of cybersecurity, constant vigilance is essential to mitigate emerging threats. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical security flaw affecting Microsoft SharePoint Server, designated as CVE-2023-24955 with a CVSS score of 7.2, allowing authenticated attackers with Site Owner privileges to execute arbitrary code. This addition follows the revelation of another vulnerability, CVE-2023-29357, emphasizing the potential severity demonstrated by researchers at the Pwn2Own Vancouver hacking contest. While details on specific attacks and threat actors remain scarce, Microsoft’s proactive response and guidance on enabling automatic updates offer crucial defenses against known vulnerabilities. Federal Civilian Executive Branch (FCEB) agencies face heightened urgency to apply fixes by April 16, 2024, underlining the critical nature of the situation and the imperative for swift action to fortify networks against active threats. Amidst this evolving landscape, proactive measures by both security agencies and vendors serve as vital safeguards, highlighting the ongoing necessity for robust cybersecurity protocols in today’s interconnected digital environment.
https://thehackernews.com/2024/03/cisa-warns-hackers-actively-attacking.html