Actively Exploited - Geek Feed

New Windows SmartScreen bypass exploited as zero-day since March

August 14, 2024August 14, 2024 geekfeed0Tagged Actively Exploited, malware, Mark of the Web, microsoft, Phemedrone, SmartScreen, SmartScreen bypass, SmartScreen exploit, windows, Windows Smart App Control, Windows SmartScreen, Zero-Day

Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of […]

3 mins read

CISA warns about actively exploited Apache OFBiz RCE flaw

August 9, 2024August 9, 2024 geekfeed0Tagged Actively Exploited, Apache, apache exploit, Apache OFBiz, CISA, vulnerability

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a popular open-source enterprise resource planning (ERP) system that provides a suite of business applications to manage various aspects of an organization. Due to its versatility and […]

2 mins read

Critical Progress WhatsUp RCE flaw now under active exploitation

August 7, 2024August 7, 2024 geekfeed0Tagged Actively Exploited, exploit, poc, Proof of Concept, rce, Remote Code Execution, WhatsUp, WhatsUp exploit, WhatsUp Gold

Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthenticated remote code execution flaw impacting Progress WhatsUp Gold 23.1.2 and older. Proof-of-concept (PoC) exploits for CVE-2024-4885 are […]

3 mins read