Urgent: Microsoft & Apple Face Active Exploits, Update Now
Cybersecurity experts have warned of ongoing attacks exploiting vulnerabilities in both Apple and Microsoft 365 products. State-sponsored and financially motivated cybercriminal groups are actively exploiting these flaws, highlighting the urgent need for updates. Microsoft 365 has addressed 100 security holes in its latest updates, seven of which are critical. Notably, CVE-2023-28231, a remote code execution vulnerability in a core Windows network process, poses a significant threat. Another zero-day vulnerability, CVE-2023-28252, has been exploited to deploy Nokoyawa ransomware. Meanwhile, Apple has released updates fixing two zero-day vulnerabilities, CVE-2023-28205 and CVE-2023-28206, which were actively exploited in iPhones, iPads, and Macs. Cybercriminal organizations linked to state-sponsored actors like APT29 (Cozy Bear) and financially motivated threat actors such as FIN7 are exploiting Microsoft 365 Remote Access Server vulnerabilities CVE-2023-28220 and CVE-2023-28219. Users are urged to apply the latest updates from both Microsoft 365 and Apple to protect against these active threats. The exploitation of these vulnerabilities by state-sponsored and financially motivated cybercriminal groups underscores the importance of prompt patching.
