Even though there has been no clear evidence indicating ongoing active exploitation of CVE-2012-4792, the vulnerability, which could enable remote execution of arbitrary code, had been leveraged in watering hole attacks deployed against Capstone Turbine Corporation and the Council on Foreign Relations almost 12 years ago.
While IPC Template Instances delivered to the Falcon sensor via Rapid Response Content updates between March and April were thoroughly examined by CrowdStrike's Content Validator, one of the two other IPC Template Instances pushing the identification of Named Pipes exploitation deployed last week was not determined to be problematic due to the flaw.
A faulty update from cybersecurity firm CrowdStrike for Microsoft software on July 19 led to a massive IT outage worldwide that affected an estimated 8.5 million Windows devices.
Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it. Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.