ServiceNow, Outlook, and Docker Engine Patching Service

Published:

spot_img

Cyble Research & Intelligence Labs (CRIL) Top Vulnerabilities Report

Cyble Research & Intelligence Labs (CRIL) researchers have identified six critical vulnerabilities that security teams need to prioritize this week. These vulnerabilities include flaws in ServiceNow, Acronis, VMware, Microsoft Outlook, Progress Telerik, and Docker Engine.

One of the highlighted vulnerabilities is CVE-2024-37085, affecting VMware ESXi, an enterprise-class hypervisor. This high-severity authentication bypass vulnerability is actively being exploited by ransomware groups, allowing attackers to gain full access to ESXi hosts and potentially encrypting the hypervisor’s file system, causing business disruptions.

Another critical vulnerability is CVE-2017-11774, impacting Microsoft Outlook and allowing attackers to execute arbitrary commands. Researchers have developed a new post-exploitation framework named “Specula,” which can turn Outlook into a command and control beacon for remote code execution, making it easier for attackers to evade detection.

Other vulnerabilities include CVE-2024-4879 affecting ServiceNow, CVE-2024-6327 impacting Progress Telerik Report Server, CVE-2024-41110 targeting Docker Engine, and CVE-2023-45249 affecting Acronis Cyber Infrastructure. These vulnerabilities range from input validation issues to remote command execution flaws, posing significant risks to organizations.

In addition to these vulnerabilities, Cyble researchers also analyzed dark web exploits, industrial control system vulnerabilities, and web asset exposures in their weekly report. With the increasing sophistication of cyber threats, it is crucial for security teams to prioritize patching these vulnerabilities to protect their organizations from potential attacks.

spot_img

Related articles

Recent articles

Consolidation Strengthens Cybersecurity in the MENA Region Amid Rising Threats

Consolidation Strengthens cybersecurity in the MENA Region Amid Rising Threats Cybersecurity leaders are navigating an increasingly complex landscape, facing mounting pressure from regulatory bodies, evolving...

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools Recent research from Bitdefender has unveiled critical vulnerabilities in Windows' bind link feature, demonstrating how...

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools The emergence of malicious AI models on the dark...

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...