This posting is here to collect cyber security news in September 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in September 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
314 Comments
Tomi Engdahl says:
Microsoft Bing Chat pushes malware via bad ads https://www.theregister.com/2023/09/29/microsoft_bing_chat_malware/
Microsoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs. However, some of those adverts served by Microsoft’s own ad platform have turned out to be malicious. Security outfit Malwarebytes said on Thursday it has identified malvertising – harmful ads – distributed via Bing Chat conversations.
“Ads can be inserted into a Bing Chat conversation in various ways,” said Jérôme Segura, director of threat intelligence, in a write-up. “One of those is when a user hovers over a link and an ad is displayed first before the organic result.” These particular bad ads require user action for any harm to be done. The victim has to click on the ad, at which point their browser will be taken to another site, which could attempt to phish their login details for a more legit service, push a malware-laden download onto them, or exploit a bug to hijack their computer, or similar.
Tomi Engdahl says:
The Week in Ransomware – September 29th 2023 – Dark Angels https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-29th-2023-dark-angels/
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. BleepingComputer also exclusively broke the story that building and automation giant Johnson Controls International suffered a Dark Angels ransomware attack, with the threat actors claiming to have stolen 27 TB of data from 25 file servers.
The cyberattack was reportedly launched in Asia offices, from which the threat actors spread to the rest of the corporate network. During this time, the attackers claim to have stolen DWG files, engineering documents, databases, confidential documents, and client contracts.
Tomi Engdahl says:
Cloudflare DDoS protections ironically bypassed using Cloudflare https://www.bleepingcomputer.com/news/security/cloudflare-ddos-protections-ironically-bypassed-using-cloudflare/
Cloudflare’s Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls.
This bypass could put Cloudflare’s customers under a heavy burden, rendering the protection systems of the internet firm less effective. To make matters worse, the only requirement for the attack is for the hackers to create a free Cloudflare account, which is used as part of the attack. However, it should be noted that the attackers must know a targeted web server’s IP address to abuse these flaws.
Certitude’s researcher Stefan Proksch discovered that the source of the issue is Cloudflare’s strategy to use shared infrastructure that accepts connections from all tenants. Specifically, the analyst identified two vulnerabilities in the system impacting Cloudflare’s “Authenticated Origin Pulls” and “Allowlist Cloudflare IP Addresses.”
Tomi Engdahl says:
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system.
https://www.securityweek.com/progress-software-patches-critical-pre-auth-flaws-in-ws_ftp-server-product/
Tomi Engdahl says:
Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains.
https://www.securityweek.com/russian-zero-day-acquisition-firm-offers-20-million-for-android-ios-exploits/
Tomi Engdahl says:
VULNERABILITIESGoogle Rushes to Patch New Zero-Day Exploited by Spyware Vendor
Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor.
https://www.securityweek.com/google-rushes-to-patch-new-zero-day-exploited-by-spyware-vendor/
Tomi Engdahl says:
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies.
https://www.securityweek.com/chinese-gov-hackers-caught-hiding-in-cisco-router-firmware/
Tomi Engdahl says:
New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip.
https://www.securityweek.com/new-gpu-side-channel-attack-allows-malicious-websites-to-steal-data/
Tomi Engdahl says:
https://www.securityweek.com/firefox-118-patches-high-severity-vulnerabilities/
Tomi Engdahl says:
https://www.securityweek.com/stolen-github-credentials-used-to-push-fake-dependabot-commits/
Tomi Engdahl says:
IOT SECURITYMisconfigured TeslaMate Instances Put Tesla Car Owners at Risk
Attackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online.
https://www.securityweek.com/misconfigured-teslamate-instances-put-tesla-car-owners-at-risk/
Misconfigured TeslaMate instances can leak tons of data on the internet, potentially exposing Tesla cars and their drivers to malicious attacks, IoT security intelligence firm Redinent reports.
A third-party data logging application, TeslaMate relies on the Tesla API to retrieve various types of information about Tesla cars, making it available to users on their computers.
While the application is a great tool for keeping track of car data, it also poses a significant risk if improperly configured, Redinent has discovered.
Tomi Engdahl says:
VULNERABILITIESmacOS 14 Sonoma Patches 60 Vulnerabilities
macOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities.
https://www.securityweek.com/macos-14-sonoma-patches-60-vulnerabilities/
Tomi Engdahl says:
T-Mobile users say other people’s account information is appearing in their app / T-Mobile customers are reportedly seeing other customers’ sensitive data, including contact numbers, device IDs, and credit card information when logging into their own accounts.
https://www.theverge.com/2023/9/20/23881825/t-mobile-account-security-breach-customer-information-leak?fbclid=IwAR3HJtisF3ttCVzmf2FAot-GFk4CiZhUmZnKjDHz-IlyaZHcM2weWw9tcLE
There’s some weirdness happening over at T-Mobile this morning. Multiple T-Mobile customers on X (formerly Twitter) and Reddit have reported that they’re able to see other users’ account data — including their current credit balance, purchase history, credit card information, and home address — when signing into their own T-Mobile accounts.
Some T-Mobile customers have mentioned seeing information from several other accounts, but the scale of the issue isn’t yet clear. It’s prevalent enough that the T-Mobile subreddit has asked its users to avoid posting any further information for “security reasons.”
T-Mobile later blamed the issue on a “technology update” glitch and said the problem had been fixed as of Wednesday afternoon. “There was no cyberattack or breach at T-Mobile. This was a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved,” T-Mobile spokesperson Tara Darrow said in a statement emailed to The Verge.
The company has already had multiple security lapses this year, disclosing two separate cybersecurity attacks in January and May.
myc.news says:
A very good post. Thanks to the author.
Don’t miss also the latest news : According to the October 13 UK Defense Intelligence Review, British military intelligence suggests that the “lull” in massive missile strikes on Ukraine, which has lasted for three weeks, may be due to Russia’s expectation of new missile deliveries.
Read the full article here: https://myc.news/