Microsoft Bugs Are the Most Common KEVs in Financial Sector
Read also: Twitter says there’s no evidence of a new breach, Microsoft fixes a Windows zero-day, and more.
Thursday, January 12, 2023
Microsoft Exchange flaws top the list of the most exploited bugs in the financial sector
Microsoft Exchange vulnerabilities top the list of the most common known security flaws routinely exploited by hackers in attacks on organizations in the US financial sector.
An analysis of public internet-facing assets from over 7 million IP addresses belonging to the sector showed that a seven-year-old remote code execution Windows vulnerability (CVE-2015-1635) was one of the most commonly exploited security issues in November 2022, followed by CVE-2021-31206, an RCE bug in Microsoft Exchange Server, and the infamous “ProxyShell” vulnerabilities (CVE-2021-34523, CVE-2021-31207 and CVE-2021-34473). Other most exploited Exchange bugs include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.
The report notes that over 50% of detected vulnerabilities reside in the insurance subsector, ~25% fell under credit intermediaries, and about one in three of all security issues were carried over from third party services providers.
Air France and KLM disclose a security breach
French-Dutch airline company Air France-KLM has notified its Flying Blue program customers that their personal information may have been exposed in a security breach.
In a security notice sent to the impacted customers the company explained that it detected suspicious activity related to their accounts and took steps to prevent further exposure of the data. The potentially compromised information includes names, phone numbers, email addresses, latest transactions. No financial data was exposed, the company said.
As an additional security the airline said it locked customers’ accounts and required customers to set new passwords in order to regain access.
A vulnerability in Experian’s website allowed crooks to gain access to anyone’s credit report
A security weakness in the website of Experian, one of the major US consumer credit reporting bureaus, made it possible for cyber crooks to gain access to customers’ credit reports with simple URL change.
A weakness was brought to light by a Ukrainian security researcher who discovered that ID thieves could bypass Experian security measures by editing the address displayed in the browser URL bar during Experian’s identity verification process.
Experian was notified of the issue in late December 2022, and the problem appears to have been addressed. However, it’s not clear for how long the company’s website remained vulnerable.
Twitter says there’s no evidence of a new security breach
Social media giant Twitter has published an update addressing previous reports that a dataset of email addresses and phone numbers linked to over 400 millions of users was leaked and put up for sale online. In January 2023, reports emerged that data from 200 million Twitter-associated accounts was being sold on the Dark Web.
The company said it conducted an investigation and found no evidence that the new user data leaks were obtained via a bug in its systems. Twitter believes that the leaked information “is likely a collection of data already publicly available online through different sources.”
Microsoft’s January 2023 Patch Tuesday fixes nearly 100 bugs, 1 zero-day
Microsoft has rolled out its January 2023 Patch Tuesday security updates that contain fixes for nearly 100 vulnerabilities in the company’s software, including a zero-day flaw actively exploited by hackers.
Said zero-day bug (CVE-2023-21674) is an elevation of privilege issue in Windows Advanced Local Procedure Call (ALPC) that can lead to a browser sandbox escape and allows malicious actors to gain SYSTEM privileges on Windows and Windows Server machines.
Microsoft did not provide any additional information about attacks this vulnerability was used in.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
