While Microsoft has noted that leveraging the flaw — which was discovered by Microsoft employees Apoorv Wadhwa, Gautam Peri, and an anonymous researcher — could allow privilege escalation without authentication, additional details regarding its exploitation have not been provided.
Threat actors using a vulnerable URL could leverage the security issue, tracked as CVE-2023-28461, to facilitate arbitrary code execution or file system compromise, noted Array Networks.
Despite primarily leveraging the Mirai botnet to facilitate its DDoS intrusions, Matrix has also exploited known Apache HugeGraph and Arcadyan firmware flaws and the SSH and Telnet administrative protocols, while utilizing Discord bots to enable encrypted DDoS command execution.
Nearly 400,000 internet-exposed devices were susceptible to attacks involving the abuse of the 15 most exploited security flaws in 2023, almost half of which were Fortinet FortiOS appliances.
Aside from containing full names, other personal information, and product design details, the leaked emails also included sensitive data from high-ranking U.S. military personnel, who have ordered coins, medals, and battalion emblems, according to Cybernews researchers.
Data within the unsecured database included military personnel and their supporters' full names, images, mailing addresses, locations, images, Social Security numbers, and National Insurance numbers, a report by cybersecurity researcher Jeremy Fowler published on vpnMentor showed.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
