This posting is here to collect cyber security news in June 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
187 Comments
Tomi Engdahl says:
Tuen. Signal: Will leave the EU market rather than undermine our privacy guarantees
https://news.ycombinator.com/item?id=40551260&fbclid=IwZXh0bgNhZW0CMTEAAR14TdSBDomBycFGl9O27SCjfpsxVjxFToDAMRpKAstuCUmspZkTASJFiv4_aem_AWbI5rZz4wQX6IBUrDn1hHY8N0VhSoRFdQvUrTIrAoJI2_Fl8PBGs1hBeEpoNE7wa3QYD2eH2NLIdE5YN_B_976_
Tomi Engdahl says:
Varoitus kriittisestä haavoittuvuudesta Linuxissa
https://etn.fi/index.php/13-news/16281-varoitus-kriittisestae-haavoittuvuudesta-linuxissa
Yhdysvaltain kyberturvallisuus- ja infrastruktuuriturvavirasto CISA on lisännyt Linuxin kriittisen tietoturva-aukkojen luetteloonsa, jossa listataan niitä haavoittuvuuksista, joita tiedetään käytettävän aktiivisesti. Haavoittuvuus on CVE-numeroltaan CVE-2024-1086.
Aukon vakavuusluokitus on 7,8/10. Haavoittuvuus antaa järjestelmään päässelle hyökkääjälle mahdollisuuden laajentaa oikeutensa järjestelmätasolle. Se on seurausta use-after-free -virheestä, haavoittuvuudesta, joka ilmenee C- ja C++-kielillä kirjoitetuissa ohjelmistoissa.
Tarkalleen aukko synty, kun prosessi säilyttää pääsynsä (access) muistipaikkaan sen jälkeen, kun se on vapautettu tai vapautettu. Tällaiset use-after-free-haavoittuvuudet voivat johtaa etäkoodiin tai oikeuksien eskaloitumiseen.
Haavoittuvuus vaikuttaa Linuxin ytimen versioihin 5.14–6.6. Se liittyy ytimen komponenttiin, joka helpottaa erilaisia verkkotoimintoja, mukaan lukien pakettisuodatus, verkko-osoitteen ja portin käännös, pakettien kirjaaminen, käyttäjätilan pakettien jonottaminen ja muu pakettien käsittely.
CVE-2024-1086 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-1086
Tomi Engdahl says:
DNA:n palveluissa laaja häiriö
Puhelut ja ja verkko-ominaisuudet eivät ole toimineet normaalisti.
https://www.iltalehti.fi/kotimaa/a/3569dc98-3724-49c0-844f-57adfa1a18f5
DNA:n palveluissa on ilmennyt tänään maanantaina hetkellinen häiriö, viestinnästä kerrotaan. Asiakkailla on ollut vaikeuksia soittaa puheluita ja käyttää puhelimen verkkosovelluksia. Myös DNA:n verkkosivu on tällä hetkellä pois käytöstä.
DNA:n viestinnästä kerrotaan, että häiriön syytä selvitetään ja palvelut ovat palaamassa aivan näillä hetkillä. Vilhelmiina Wahlbeck DNA:n viestinnästä kertoo, että kyseessä oli tietoliikennehäiriö.
Wahlbeck sanoo, että mikäli verkkoyhteys ei palaudu automaattisesti, kannattaa puhelin käynnistää uudelleen.
DNA:n yhteyksissä laajoja häiriöitä
DNA:n palvelussa on laajoja häiriöitä.
https://www.is.fi/digitoday/art-2000010472254.html
Puhelinverkko-operaattori DNA:n palvelussa on laajoja häiriöitä maanantaina alkuiltapäivästä.
Downdetector-verkkosivustolle on tullut asiasta kymmeniä raportteja maanantaina puolen päivän jälkeen.
Häiriöt vaikuttavat koskevan sekä internet- että puhelinverkkoa. Operaattorin verkkosivusto ei myöskään toimi normaalisti.
– Teemme parhaillaan muutostöitä, jotta asiointisi olisi vielä vaivattomampaa, DNA:n verkkosivustolla lukee.
Tomi Engdahl says:
Secrets Exposed in Hugging Face Hack
AI tool development platform Hugging Face has detected a Spaces hack that resulted in the exposure of secrets.
https://www.securityweek.com/secrets-exposed-in-hugging-face-hack/
Tomi Engdahl says:
In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program
Noteworthy stories that might have slipped under the radar: Apple WPS can be abused for surveillance, Canadian government wants backdoors, NIST launches AI program.
https://www.securityweek.com/in-other-news-apple-wps-surveillance-canadian-gov-wants-backdoors-nist-ai-program/
Tomi Engdahl says:
Information of Hundreds of European Politicians Found on Dark Web
The email addresses and other information of hundreds of British, French and EU politicians have been found on the dark web.
https://www.securityweek.com/information-of-hundreds-of-european-politicians-found-on-dark-web/
Tomi Engdahl says:
Malware & Threats
Mysterious Threat Actor Used Chalubo Malware to Brick 600,000 Routers
Over 600,000 SOHO routers belonging to a single ISP and infected with the Chalubo trojan were rendered inoperable.
https://www.securityweek.com/mysterious-threat-actor-uses-chalubo-malware-to-brick-600000-routers/
Tomi Engdahl says:
CISA Warns of Exploited Linux Kernel Vulnerability
CISA instructs federal agencies to mitigate CVE-2024-1086, a Linux kernel flaw leading to privilege escalation.
https://www.securityweek.com/cisa-warns-of-exploited-linux-kernel-vulnerability/
The US cybersecurity agency CISA on Thursday warned organizations that threat actors are actively exploiting a recent vulnerability in the Linux kernel.
Tracked as CVE-2024-1086, the bug is described as a use-after-free issue in the ‘netfilter: nf_tables’ component. Its exploitation allows a local attacker to elevate their privileges.
Linux kernel versions between 5.14 and 6.6 are affected by the flaw, with the underlying issue potentially affecting all kernel iterations starting with version 3.15.
Patches were released in February 2024, with AlmaLinux, Debian, Gentoo, Red Hat, SUSE, and Ubuntu confirmed to be impacted. Other Linux distributions might be vulnerable as well.
Tomi Engdahl says:
NSA suosittaa: uudelleenkäynnistä puhelin kerran viikossa
https://etn.fi/index.php/13-news/16289-nsa-suosittaa-uudelleenkaeynnistae-puhelin-kerran-viikossa
Tomi Engdahl says:
Shares in some of the world’s biggest countries have suddenly plunged amid an apparent technical issue at the New York Stock Exchange.
https://www.independent.co.uk/tech/nyse-share-latest-stock-price-b2555818.html
Tomi Engdahl says:
After Snowflake, Hugging Face reports security breach
https://www.csoonline.com/article/2137564/after-snowflake-hugging-face-reports-security-breach.html
Tomi Engdahl says:
https://www.securityweek.com/details-of-atlassian-confluence-rce-vulnerability-disclosed/
Tomi Engdahl says:
https://www.securityweek.com/vulnerabilities-exposed-millions-of-cox-modems-to-remote-hacking/
Tomi Engdahl says:
Samantha Murphy Kelly / CNN:
AT&T says an outage is preventing many customers from completing calls between carriers, but 911 calls are going through; Verizon customers also report issues — A nationwide AT&T outage is once again leaving some customers in the dark on Tuesday. — In a statement sent to CNN …
AT&T resolves outage that left some customers without service across the US
https://edition.cnn.com/2024/06/04/tech/att-service-down/
Tomi Engdahl says:
Ivan Mehta / TechCrunch:
OpenAI fixed two separate outages that impacted ChatGPT for multiple hours, starting at around 12:20am PDT; ChatGPT went down for over five hours on May 23
OpenAI fixes the issue that caused ChatGPT outage for several hours
https://techcrunch.com/2024/06/04/chatgpt-is-down-for-several-users-openai-is-working-on-a-fix/
TechCrunch Logo
Apps
OpenAI fixes the issue that caused ChatGPT outage for several hours
Ivan Mehta
9:00 AM PDT • June 4, 2024
Comment
OpenAI and ChatGPT logos
Image Credits: Didem Mente/Anadolu Agency / Getty Images
Popular AI chatbot service ChatGPT faced multiple outages today. OpenAI had to work for hours on these issues to make the service available to users again.
According to the company’s service status tracker, the company started working on the first issue at 12:21 AM PDT on June 4. OpenAI said it fixed this issue at 04.19 AM PT.
However, hours after this update, the company said it was investigating another outage at 07.33 AM PT. OpenAI posted an update at 10.17 AM PDT saying that all systems were operational.
“We experienced a major outage impacting all users on all plans of ChatGPT. The impact included all ChatGPT-related services. The impact did not include platform.openai.com or the API. This incident started June 4th at 2:15 PM GMT and was resolved June 4th at 5:01 PM GMT,” Open.AI said without providing any additional context for the outage.
Tomi Engdahl says:
Käytätkö Windowsia? Varaudu hermojen menemiseen
Microsoft on aloittanut suuren Windows 11 -mainoskampanjan, joka keskeyttää laitteen käyttämisen.
https://www.iltalehti.fi/digiuutiset/a/7d40206f-0c41-4dbf-9f37-a36aa6d345f7
Tomi Engdahl says:
https://www.securityweek.com/snowflake-hack-impacts-ticketmaster-other-organizations/
Tomi Engdahl says:
London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack
Several hospitals in London have canceled operations and appointments after being hit in a ransomware attack.
https://www.securityweek.com/london-hospitals-cancel-operations-and-appointments-after-being-hit-in-ransomware-attack/
Tomi Engdahl says:
https://www.securityweek.com/cisco-patches-webex-bugs-following-exposure-of-german-government-meetings/
Cisco on Tuesday released a security advisory after the media reported that the German government’s Webex meetings were exposed, potentially allowing adversaries to obtain highly sensitive information.
Tomi Engdahl says:
Researchers Show How Malware Could Steal Windows Recall Data
Cybersecurity researchers are demonstrating how malware could steal data collected by the new Windows Recall feature.
https://www.securityweek.com/researchers-show-how-malware-could-steal-windows-recall-data/
Several cybersecurity researchers have demonstrated how malware could steal data collected by Microsoft’s recently introduced Recall feature.
Recall, an on-by-default feature of new Copilot+ PCs, enables Windows users to easily find something they know they have seen before on their PC.
The Recall feature takes screenshots at regular intervals to capture the user’s activities. All the data is stored and processed locally, which Microsoft was hoping would ease potential privacy concerns.
However, cybersecurity and privacy experts immediately raised concerns, including due to the screenshots potentially containing highly sensitive information such as passwords and financial data, as well as due to the feature’s intrusiveness.
Microsoft told reporters that a threat actor would need physical access and valid credentials to a machine to obtain the collected data, but researchers have started demonstrating that the claim is false.
Tomi Engdahl says:
https://www.securityweek.com/nsarescueangel-backdoor-account-again-discovered-in-zyxel-products/
Taiwan-based networking device manufacturer Zyxel on Tuesday warned of three critical-severity vulnerabilities in two discontinued NAS products that could lead to command injection and arbitrary code execution.
Tomi Engdahl says:
Resurgence of Ransomware: Mandiant Observes Sharp Rise in Criminal Extortion Tactics
Mandiant saw an increase in ransomware activity in 2023 compared to 2022, including a 75% increase in posts on data leak sites.
https://www.securityweek.com/resurgence-of-ransomware-mandiant-observes-sharp-rise-in-criminal-extortion-tactics/
Tomi Engdahl says:
225,000 More Cybersecurity Workers Needed in US: CyberSeek
There are 1.2 million cybersecurity workers in the US, but 225,000 more are needed to close the talent gap, according to new data.
https://www.securityweek.com/225000-more-cybersecurity-workers-needed-in-us-cyberseek/
Over 200,000 more cybersecurity workers are needed in the United States to close the talent gap, according to data from CyberSeek.
CyberSeek, a joint initiative of NIST’s NICE program, CompTIA, and Lightcast, aims to provide detailed and actionable data on the cybersecurity job market.
There are more than 1.2 million cybersecurity workers in the United States, but they only fill 85% of the available jobs and 225,200 more people are needed, according to CyberSeek.
Between May 2023 and April 2024, cybersecurity job postings totaled nearly 470,000, with network and system engineers, system administrators, cybersecurity engineers, cybersecurity analysts, and information systems security officers in the highest demand.
Tomi Engdahl says:
Puolustusvoimien uusi palvelu joutui heti vaikeuksiin
Omaintti-palvelusta voi tarkastella muun muassa ylennyksiä ja sodanajan sijoitusta.
https://www.is.fi/digitoday/art-2000010479556.html
Puolustusvoimien uusi Omaintti-palvelu on ollut koetuksella ensimetreistä lähtien. Keskiviikkona palvelu oli niin suosittu ja ruuhkautunut, että osa käyttäjistä ei ilmeisesti päässyt kirjautumaan sinne ollenkaan.
Ongelmat vaikuttivat jatkuvan vielä noin kello 7 torstaiaamuna. Lopulta sivusto kuitenkin toimi, joskin sinne kirjautuminen oli hidasta.
Ensin sivustolla odotti sama ilmoitus kuin aiemmin: palvelu on ruuhkautunut. Kun sivuston hetken kuluttua päivitti, vaikutti siltä, että ongelmat oli selätetty.
Kirjautuminen palveluun onnistui verkkopankkitunnuksilla, mutta tunnistautumisen jälkeen sivusto vaikutti kaatuvan jälleen
Kirjautumisongelmien jälkeen palvelu toimi virheettömästi.
Puolustusvoimat kertoi tiistaina ottaneensa käyttöön Omaintti-palvelun, jonka tarkoitus on auttaa reserviläisten ja asevelvollisten asiointia Puolustusvoimien kanssa.
Palvelu toimii osoitteessa omaintti.fi. Sen käyttö edellyttää vahvaa tunnistautumista esimerkiksi verkkopankkitunnuksilla tai mobiilivarmenteella.
Tomi Engdahl says:
https://www.securityweek.com/london-hospitals-cancel-operations-and-appointments-after-being-hit-in-ransomware-attack/
Tomi Engdahl says:
https://www.securityweek.com/cisco-patches-webex-bugs-following-exposure-of-german-government-meetings/
Tomi Engdahl says:
https://www.securityweek.com/researchers-show-how-malware-could-steal-windows-recall-data/
Tomi Engdahl says:
Toivottavasti et asentanut puhelimeesi näitä sovelluksia
Android-käyttäjät ovat ladanneet haittaohjelmien saastuttamia sovelluksia viime kuukausina yli 5,5 miljoonaa kertaa.
https://www.iltalehti.fi/digiuutiset/a/ade7f250-90c2-44ca-82ec-8679dc8ae566
Helmikuussa aiheesta uutisoinut Threat Fabric kertoi, että Anatsa oli muutamassa kuukaudessa onnistunut saastuttamaan ainakin 150 000 laitetta naamioitumalla erilaisiksi hyödyllisiksi sovelluksiksi Google Play -kaupassa.
Zscalerin tietojen mukaan Anatsa on tehnyt jälleen paluun Androidin sovelluskauppaan. Haittaohjelmaa on jaettu muun muassa PDF Reader & File Managerin sekä QR Reader & File Managerin kautta. Pelkästään näillä sovelluksilla on ehdittiin saastuttaa ainakin 70 000 Android-puhelinta, ennen kuin ne poistettiin sovelluskaupasta.
Over 90 malicious Android apps with 5.5M installs found on Google Play
https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/#google_vignette
Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity.
Anatsa (aka “Teabot”) is a banking trojan that targets over 650 applications of financial institutions in Europe, the US, the UK, and Asia. It attempts to steal people’s e-banking credentials to perform fraudulent transactions.
In February 2024, Threat Fabric reported that since late last year, Anatsa had achieved at least 150,000 infections via Google Play using various decoy apps in the productivity software category.
Today, Zscaler reports that Anatsa has returned to Android’s official app store and is now distributed via two decoy applications: ‘PDF Reader & File Manager’ and ‘QR Reader & File Manager.’
At the time of Zscaler’s analysis, the two apps had already amassed 70,000 installations, demonstrating the high risk of malicious dropper apps slipping through the cracks in Google’s review process.
One thing that helps Anatsa dropper apps evade detection is the multi-stage payload loading mechanism that involves four distinct steps:
Dropper app retrieves configuration and essential strings from the C2 server
DEX file containing malicious dropper code is downloaded and activated on the device
Configuration file with Anatsa payload URL is downloaded
DEX file fetches and installs the malware payload (APK), completing the infection
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/american-radio-relay-league-says-it-was-hacked-by-an-international-cyber-group/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-windows-ntlm-authentication-protocol/
Tomi Engdahl says:
Atlassian Confluence High-Severity Bug Allows Code Execution
Because of the role the Confluence Server plays in managing documentation and knowledge data bases, the researchers recommend users upgrade to patch CVE-2024-21683 as soon as possible.
https://www.darkreading.com/vulnerabilities-threats/atlassian-confluence-high-severity-bug-allows-code-execution
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
A website for cybercriminals lists 500+ allegedly stolen Snowflake customer credentials, including for environments belonging to Santander and Ticketmaster
Hundreds of Snowflake customer passwords found online are linked to info-stealing malware
https://techcrunch.com/2024/06/05/snowflake-customer-passwords-found-online-infostealing-malware/
Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble to understand if their stores of cloud data have been compromised.
Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts of data, such as customer data, in the cloud.
Last week, Australian authorities sounded the alarm saying they had become aware of “successful compromises of several companies utilising Snowflake environments,” without naming the companies. Hackers had claimed on a known cybercrime forum that they had stolen hundreds of millions of customer records from Santander Bank and Ticketmaster, two of Snowflake’s biggest customers. Santander confirmed a breach of a database “hosted by a third-party provider” but would not name the provider in question. On Friday, Live Nation confirmed that its Ticketmaster subsidiary was hacked and that the stolen database was hosted on Snowflake.
Tomi Engdahl says:
Wall Street Journal:
Boston-based Seven AI, which uses AI to help companies combat cyberattacks, emerged from stealth and raised $36M led by Greylock at a ~$100M valuation
Greylock Leads $36 Million Financing for Cybersecurity Startup Seven AI
New company uses artificial intelligence to help enterprises combat cyberattacks
https://www.wsj.com/articles/greylock-leads-36-million-financing-for-cybersecurity-startup-seven-ai-048c5f09?st=mz718dxjaad5a5e&reflink=desktopwebshare_permalink
Tomi Engdahl says:
Chinese Hackers Exploit Old ThinkPHP Vulnerabilities in New Attacks
Akamai warns that a Chinese threat actor is exploiting years-old remote code execution vulnerabilities in ThinkPHP in new attacks.
https://www.securityweek.com/chinese-hackers-exploit-old-thinkphp-vulnerabilities-in-new-attacks/
Tomi Engdahl says:
Why Hackers Love Logs
Log tampering is an almost inevitable part of a compromise. Why and how do cybercriminals target logs, and what can be done to protect them?
https://www.securityweek.com/why-hackers-love-logs/
Computer log tampering is an almost inevitable part of a system compromise. Why and how do cybercriminals target logs, and what can be done to protect them?
A computer log file is a record of actions taken on or by an application within a computer. They are important to see what is happening within the system, whether it be a design malfunction or malicious activity. Initially, these logs were manually (and inefficiently) analyzed. Today the process is automated by other applications, especially security software watching for anomalous activity that might indicate an attack commencing or in progress.
While important to the operation of enterprise IT, logs are not directly relevant to the business of the enterprise. As a result, their value is often overlooked. They are not automatically considered part of the company’s ‘crown jewels’ that must be protected, and are often simple read/write text files with little security.
This is a mistake since the totality of the logs contain – albeit in a fragmented manner – a complete record of the IT infrastructure and its use. This reality is not lost to criminal attackers.
Content and attraction
Log file content may contain numerous attractions or capabilities for attackers, including: an aid to reconnaissance, PII and other regulated data, a means to stealth and covering tracks, and a method for disruption and extortion.
Tomi Engdahl says:
A Russian Cyber Gang Is Thought to Be Behind a Ransomware Attack That Hit London Hospitals
A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled.
https://www.securityweek.com/a-russian-cyber-gang-is-thought-to-be-behind-a-ransomware-attack-that-hit-london-hospitals/
Tomi Engdahl says:
Exploitation of Recent Check Point VPN Zero-Day Soars
GreyNoise has observed a rapid increase in the number of exploitation attempts targeting a recent Check Point VPN zero-day
https://www.securityweek.com/exploitation-of-recent-check-point-vpn-zero-day-soars/
Tomi Engdahl says:
PHP fixes critical RCE flaw impacting all versions for Windows
https://www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.
Tomi Engdahl says:
https://hackaday.com/2024/06/07/this-week-in-security-recall-modem-mysteries-and-flipping-pages/
Tomi Engdahl says:
https://hackaday.com/2024/06/04/tunneling-tcp-by-file-server/
Tomi Engdahl says:
Snowflake Attacks: Mandiant Links Data Breaches to Infostealer Infections
Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.
https://www.securityweek.com/snowflake-attacks-mandiant-links-data-breaches-to-infostealer-infections/
Tomi Engdahl says:
Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft
A critical vulnerability in the PyTorch distributed RPC framework could be exploited for remote code execution.
https://www.securityweek.com/critical-pytorch-vulnerability-can-lead-to-sensitive-ai-data-theft/
Tomi Engdahl says:
PHP Patches Critical Remote Code Execution Vulnerability
PHP has released patches for CVE-2024-4577, a critical vulnerability that could lead to arbitrary code execution on remote servers.
https://www.securityweek.com/php-patches-critical-remote-code-execution-vulnerability/
Tomi Engdahl says:
New York Times Responds to Source Code Leak
The New York Times has issued a statement after someone leaked source code allegedly belonging to the news giant.
https://www.securityweek.com/new-york-times-responds-to-source-code-leak/
The New York Times has issued a statement after someone leaked a significant amount of source code allegedly belonging to the news giant.
Reports emerged on Friday that someone had leaked 270 Gb of source code allegedly taken from The New York Times on the 4chan bulletin board.
The leaker claimed to have obtained 5,000 repositories and a total of 3.6 million files, including source code for Wordle and other games.
Stack Diary reported that the leaked data also includes a WordPress database storing information on roughly 1,500 users, including names, email addresses, and password hashes. The exposed data also reportedly includes authentication URLs and associated passwords, API tokens and secret keys.
In a ‘readme’ file placed next to the leaked files, the hacker claimed to have gained access to the data after finding “a GitHub token that had access to the repositories”.
Contacted by SecurityWeek, The New York Times said it was aware of the incident and clarified that the data breach occurred in January 2024, “when a credential to a cloud-based third-party code platform was inadvertently made available”.
Tomi Engdahl says:
Nvidia Patches High-Severity GPU Driver Vulnerabilities
Nvidia patches multiple high-severity vulnerabilities in GPU display drivers and virtual GPU software.
https://www.securityweek.com/nvidia-patches-high-severity-gpu-driver-vulnerabilities/
Tomi Engdahl says:
Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs
Cisco Talos researchers have found over a dozen vulnerabilities in AutomationDirect PLCs, including flaws that could be valuable to attackers.
ICS/OT
Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs
Cisco Talos researchers have found over a dozen vulnerabilities in AutomationDirect PLCs, including flaws that could be valuable to attackers.
https://www.securityweek.com/cisco-finds-15-vulnerabilities-in-automationdirect-plcs/
Tomi Engdahl says:
Artificial Intelligence
Microsoft Bows to Public Pressure, Disables Controversial Windows Recall by Default
Amidst public pressure, Microsoft changes the set-up experience of Copilot+ PCs to disable the controversial Windows Recall feature by default.
https://www.securityweek.com/microsoft-bows-to-public-pressure-disables-controversial-windows-recall-by-default/
Tomi Engdahl says:
Christie’s Says Ransomware Attack Impacts 45,000 People
Auction house Christie’s says the data breach caused by the recent ransomware attack impacts the information of 45,000 individuals.
https://www.securityweek.com/christies-says-ransomware-attack-impacts-45000-people/
Tomi Engdahl says:
Patch Tuesday: Remote Code Execution Flaw in Microsoft Message Queuing
The Windows vulnerability carries a CVSS severity score of 9.8/10 and can be exploited by via specially crafted malicious MSMQ packets.
https://www.securityweek.com/patch-tuesday-remote-code-execution-flaw-in-microsoft-message-queuing/
Software giant Microsoft on Tuesday called on Windows administrators to pay urgent attention to patches for a critical remote code execution vulnerability in the Microsoft Message Queuing (MSMQ) component.
The vulnerability, tagged as CVE-2024-30080, carries a CVSS severity score of 9.8/10 and can be exploited by an attacker sending specially crafted malicious MSMQ packets to a MSMQ server.
“This could result in remote code execution on the server side,” Redmond’s security response team warned in an advisory.
Microsoft said the Windows message queuing service needs to be enabled for a system to be exploitable by this vulnerability and urged customers to check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.
The MSMQ flaw headlines another hefty Patch Tuesday that covers at least 51 security defects across a range of Windows OS, components and services.
The company documented multiple code execution issues in the Microsoft Office productivity suite, remotely exploitable bugs in the Windows Link Layer Topology Discovery Protocol and Windows Event Trace Log File Parsing,
Security experts are also calling attention to CVE-2024-30078, a Windows WiFi driver remote code execution vulnerability with a CVSS severity score of 8.8/10.
Tomi Engdahl says:
Adobe Plugs Code Execution Holes in After Effects, Illustrator
Patch Tuesday: Adobe fixes critical flaws and warns of the risk of code execution attacks on Windows and macOS platforms.
https://www.securityweek.com/adobe-plugs-code-execution-holes-in-after-effects-illustrator/