MICROSOFT RELEASES 89 SECURITY PATCHES INCLUDING A ZERO-DAY FOR IE
Microsoft fixed 89 security patches in the context of its traditional Patch-Tuesday that it released this week, including a Zero-Day exploit for Internet Explorer.
14 of those vulnerabilities were classified as critical and another 75 as of significant severity of which 2 of the bugs are described as publicly known, while another 5 have been reported as under active attack at the time of launch.
Among the 5 that are actively exploited, ProxyLogon (CVE-2021-26855, 2021-26857, CVE-2021-26858 and CVE-2021-27065) stands out, which allows attackers to enter Microsoft Exchange Server in target environments and subsequently allows the installation of unauthorized web-based back-doors to facilitate access.
THE EXCHANGE SERVER OF THE EUROPEAN BANKING AUTHORITY WAS HACKED
The European Banking Authority, a regulatory agency of the European Union, was victim of a cyber attack through the Microsoft Exchange Server during the past week.
Although the agency maintained that there was no data exfiltration, the investigation is continuing on everything related to the incident and all additional security controls were activated on the affected server. The agency also indicated that the compromised mail server has been restored and is actively collaborating with forensic experts and the European Union's computer emergency rapid response team.
According to the organization, the scope of the vulnerability was limited and the confidentiality of EBA systems and data was not compromised.
CRITICAL ERROR IN PLUGIN FOR WORDPRESS
The WordPress plugin "Plus Addons" for Elementor has a critical security vulnerability that allows attackers to take advantage of it to take control of a website remotely and quickly.
Researchers at the security firm "Wordfence" indicated that the bug (CVE-2021-24175) would be actively attacking.
This Plug-In with more than 30 thousand active installations, allows website owners to create various widgets for their sites, such as user logins or registration forms. These can be added to an Elementor page -website creation tool-.
The researchers indicated that the functionality would have been incorrectly.
The plugin correction can be done by updating the version to 4.1.7 of The Plus Adon for Elementor.
