The problem:<\/strong> Zoom recently patched a flaw<\/a> that affected three of its Windows-facing software products: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The vulnerability, an improper input validation flaw, could permit unauthenticated users to access a network and then escalate their privileges.<\/p>\n\n\n\n The vulnerability CVE is CVE-2024-24691<\/a>. It’s rated as critical, with a score of 9.6.<\/p>\n\n\n\n Zoom’s security bulletin listed the following affected products:<\/p>\n\n\n\n The fix:<\/strong> The most recent version of the Zoom client fixes this vulnerability. Users can download it manually by navigating to Zoom’s download page<\/a>, or automatically by opting to download the latest version when Zoom prompts them to do so.<\/p>\n\n\n\n Type of vulnerability:<\/strong> Multiple vulnerabilities, including remote code execution and privilege escalation.<\/p>\n\n\n\n The problem:<\/strong> Microsoft patched 73 vulnerabilities in its most recent Patch Tuesday event, which occurs every month. Among the vulnerabilities is CVE-2024-21412<\/a>, an Internet Shortcut Files flaw that allows an unauthenticated attacker to send a malicious file to a user. It bypasses Internet Shortcut Files’ security measures.<\/p>\n\n\n\n The fix:<\/strong> Review Microsoft’s list of released updates<\/a> and associated CVEs to determine which products need to be patched. For CVE-2024-21412 specifically, a user has to click the link for the attack to occur. Ensure that team members don’t open links without verifying directly with the sender.<\/p>\n\n\n\n Does your business need a quick, reliable way to find vulnerabilities? Read our picks for the best vulnerability scanning tools<\/a> for quality products and key features to consider.<\/strong><\/p>\n\n\n\n Type of vulnerability:<\/strong> Remote unauthenticated access and potential credential data theft.<\/p>\n\n\n\n The problem:<\/strong> Researchers at cybersecurity company Truesec uncovered data<\/a> that indicated Akira ransomware might be exploiting an old vulnerability within Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). Appliances with affected software must have Anyconnect SSL VPN enabled on whichever interface is exposed to the internet for an attack to occur.<\/p>\n\n\n\n The vulnerability, CVE-2020-3259<\/a>, was first discovered in May 2020. It allows remote unauthenticated threat actors to steal data from a device’s memory, including credential data. On Thursday, February 15, the Cybersecurity and Infrastructure Security Agency added the vulnerability to its catalog<\/a> after reports that it might be actively exploited again.<\/p>\n\n\n\n Akira is a particularly dangerous brand of ransomware. Palo Alto’s Unit 42 research team said<\/a> that Akira led the number of ransomware posts from new leak sites in 2023. Akira also has potential ties to Conti, another ransomware group, through cryptocurrency transactions, according to Unit 42.<\/p>\n\n\n\n The fix:<\/strong> Cisco provides upgrade recommendations for the following affected versions:<\/p>\n\n\n\n Truesec recommends:<\/p>\n\n\n\n Type of vulnerability:<\/strong> Remote code execution.<\/p>\n\n\n\n The problem:<\/strong> SolarWinds recently patched five remote code execution vulnerabilities in its Access Rights Manager product, which provisions, deprovisions, and manages employee access rights. Three of the vulnerabilities have a critical CVE rating. The vulnerabilities affect version v2023.2 of Access Rights Manager. SolarWinds recently fixed the vulnerabilities.<\/p>\n\n\n\n Amongst the flaws were deserialization of untrusted data RCE, directory traversal RCE, and traversal RCE. The CVEs are CVE-2023-40057<\/a>, CVE-2024-23476<\/a>, CVE-2024-23477<\/a>, CVE-2024-23478<\/a>, and CVE-2024-23479<\/a>.<\/p>\n\n\n\n The fix:<\/strong> Upgrade all older versions of Access Rights Manager to 2023.2.3, which fixes all five of the RCE vulnerabilities.<\/p>\n\n\n\n Type of vulnerability:<\/strong> DNS traffic leak.<\/p>\n\n\n\n The problem:<\/strong> A VPN expert recently gave Express VPN a tip about its split tunneling feature, which allows some traffic to pass through the VPN and blocks other traffic. The DNS traffic wasn’t traveling to the ExpressVPN servers like it was supposed to, but instead to a third-party server. The vulnerability exists in ExpressVPN Version 12 for Windows. ExpressVPN temporarily disabled split tunneling<\/a> on that platform.\u00a0<\/p>\n\n\n\n The split tunneling feature will remain inactive until ExpressVPN engineers have time to research and mitigate the issue, according to the vendor. ExpressVPN first published the bulletin about this vulnerability early in February but updated it in the middle of the month.<\/p>\n\n\n\n If teams need to use the split tunneling feature, they can use Version 10 of ExpressVPN, which doesn’t have the same flaw.<\/p>\n\n\n\n The fix:<\/strong> ExpressVPN disabled split tunneling in Version 12, so it’ll no longer be an issue for that product.<\/p>\n\n\n\n Read next:<\/strong><\/p>\n\n\n\n\n
Microsoft Patch Tuesday Fixes 73 Vulnerabilities<\/h3>\n\n\n\n
February 15, 2024<\/h2>\n\n\n\n
Akira Ransomware Affects Old Vulnerability in Cisco Products<\/h3>\n\n\n\n
![\"Cisco](\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240219-vulnerability-recap-february-19-2024-cisco_asa_software.jpg\")
<\/a>![\"Cisco](\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240219-vulnerability-recap-february-19-2024-cisco_ftd_software.jpg\")
\n
February 16, 2024<\/h2>\n\n\n\n
SolarWinds Patches 5 RCE Vulnerabilities in Access Rights Manager<\/h3>\n\n\n\n
February 19, 2024<\/h2>\n\n\n\n
ExpressVPN Split Tunneling Disabled after Discovered Vulnerability<\/h3>\n\n\n\n