Cookies erleichtern die Bereitstellung unserer Dienste. Mit der Nutzung unserer Dienste erklären Sie sich damit einverstanden, dass wir notwendige Cookies verwenden. Die Verwendung optionaler Cookies können Sie ablehnen oder nur bestimmte Cookies zulassen.

mixins.searchInfo_searchTermDauerndes Getrenntleben von Eheleuten sowie von Lebenspartnerinnen und Lebenspartnern führt zur Änderung der Steuerklasse

0-day And Hitlist Week -02-21-2024- -

Though disclosed in late 2023, CVE-2023-44487 reached its peak exploitation velocity during Week -02-21-2024-.

Reporting Period: Week Ending February 21, 2024

  • Rotate service account credentials for any exposed VPN/Exchange servers.

    • Published: February 22, 2024 | Reading Time: 4 minutes

    If you are a security professional, you know the sinking feeling of seeing "0-Day" on a morning briefing. But what happens when you see a Hitlist of them? 0-day and Hitlist Week -02-21-2024-

    On February 21, 2024, cybersecurity analysts released a critical "Hitlist" of vulnerabilities that are actively being weaponized. This post explains what that list means, why 0-days are dangerous, and how to prioritize your patch management without losing sleep.

    The most aggressive zero-day of the week landed in the Windows Internet Shortcut Files feature. Tracked as CVE-2024-21412, this vulnerability allowed attackers to bypass SmartScreen protections with a CVSS score of 8.1.

    1. ConnectWise ScreenConnect (CVE-2024-1709 & CVE-2024-1708) The most significant event of this reporting period was the disclosure of two critical vulnerabilities in ScreenConnect (formerly ConnectWise Control). Though disclosed in late 2023, CVE-2023-44487 reached its

    2. Ivanti Connect Secure (Post-Patch Bypass) While Ivanti issues patches for previously known vulnerabilities (CVE-2023-46805 and CVE-2024-21887), researchers identified potential bypass techniques and new exploits targeting unpatched legacy systems during this week.

    Published: February 26, 2024 | Threat Intelligence Level: Critical

    The week of February 21, 2024, will not be remembered for a single, earth-shattering vulnerability. Instead, it will be etched into security logs as a "Perfect Storm" week—a convergence of legacy code churn, hyperscale vendor responses, and the ever-present "hitlist" of high-value targets being actively probed by state-sponsored actors and eCrime syndicates. Published: February 22, 2024 | Reading Time: 4

    In the cybersecurity vernacular, a "Hitlist" refers to the specific set of high-risk vulnerabilities (usually CVSS 9.0+) that ransomware gangs and Advanced Persistent Threats (APTs) have automated to exploit. The week ending February 21, 2024, saw a dramatic rotation of that hitlist.

    Here is the deep dive into the zero-day chaos and the hitlist evolution for the third week of February 2024.

    The Hitlist Week -02-21-2024- serves as a stark warning. The trend is accelerating toward vulnerability chaining—combining a low-severity info disclosure with a high-severity RCE.