Read also: Twitter says there’s no evidence of a new breach, Microsoft fixes a Windows zero-day, and more.
Microsoft Exchange flaws top the list of the most exploited bugs in the financial sector
Microsoft Exchange vulnerabilities top the list of the most common known security flaws routinely exploited by hackers in attacks on organizations in the US financial sector.
An analysis of public internet-facing assets from over 7 million IP addresses belonging to the sector showed that a seven-year-old remote code execution Windows vulnerability (CVE-2015–1635) was one of the most commonly exploited security issues in November 2022, followed by CVE-2021–31206, an RCE bug in Microsoft Exchange Server, and the infamous “ProxyShell” vulnerabilities (CVE-2021–34523, CVE-2021–31207 and CVE-2021–34473). Other most exploited Exchange bugs include CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, and CVE-2021–27065.
Air France and KLM disclose a security breach
French-Dutch airline company Air France-KLM has notified its Flying Blue program customers that their personal information may have been exposed in a security breach.
A vulnerability in Experian’s website allowed crooks to gain access to anyone’s credit report
A security weakness in the website of Experian, one of the major US consumer credit reporting bureaus, made it possible for cyber crooks to gain access to customers’ credit reports with simple URL change.
Twitter says there’s no evidence of a new security breach
Social media giant Twitter has published an update addressing previous reports that a dataset of email addresses and phone numbers linked to over 400 millions of users was leaked and put up for sale online. In January 2023, reports emerged that data from 200 million Twitter-associated accounts was being sold on the Dark Web.
Microsoft’s January 2023 Patch Tuesday fixes nearly 100 bugs, 1 zero-day
Microsoft has rolled out its January 2023 Patch Tuesday security updates that contain fixes for nearly 100 vulnerabilities in the company’s software, including a zero-day flaw actively exploited by hackers.
Full story:
https://www.immuniweb.com/blog/microsoft-bugs-are-the-most-common-kevs-in-financial-sector.html
