This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
322 Comments
Tomi Engdahl says:
New Specula tool uses Outlook for remote code execution in Windows
https://www.bleepingcomputer.com/news/security/new-specula-tool-uses-outlook-for-remote-code-execution-in-windows/?fbclid=IwZXh0bgNhZW0CMTEAAR1eHJEXB7DK8UwdH5vFWM8E8OZizDjQf1AIUlUKBz2SEYv26qgWP5F7sb8_aem_X5kMTEViLu0rxof4g7AOZQ
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released today by cybersecurity firm TrustedSec.
This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017.
“In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince users to open the document file and interact with the document,” Microsoft says.
However, even though Microsoft patched the flaw and removed the user interface to show Outlook home pages, attackers can still create malicious home pages using Windows Registry values, even on systems where the latest Office 365 builds are installed.
Tomi Engdahl says:
Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks
https://www.bleepingcomputer.com/news/microsoft/microsoft-ransomware-gangs-exploit-vmware-esxi-auth-bypass-in-attacks/?fbclid=IwZXh0bgNhZW0CMTEAAR3xAvn8NOXpNGDmJWRP0dq1fKYjlkC0k_ga2_qEjBkczlbZmGWcpYJiQ6k_aem_SAPWbWvgzq8HhcqI_JMmfg
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks.
Tracked as CVE-2024-37085, this medium-severity security flaw was discovered by Microsoft security researchers Edan Zwick, Danielle Kuznets Nohi, and Meitar Pinto and fixed with the release of ESXi 8.0 U3 on June 25.
The bug enables attackers to add a new user to an ‘ESX Admins’ group they create, a user that will automatically be assigned full administrative privileges on the ESXi hypervisor.
“A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group (‘ESXi [sic] Admins’ by default) after it was deleted from AD,” Broadcom explains.
Tomi Engdahl says:
VMSA-2024-0013:VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2024-37085, CVE-2024-37086, CVE-2024-37087)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
Tomi Engdahl says:
This doesn’t look great following the CrowdStrike outage…
Google confirms it broke password manager on Chrome for millions of Windows users
Google has confirmed its responsible for breaking the Chrome Password Manager for millions of Windows users with a seemingly faulty update.
VIEW GALLERY – 3
Jak Connor
@JakConnorTT
Published Jul 31, 2024 5:31 AM CDT
2 minutes & 24 seconds read time
Following the tragic CrowdStrike outage that converted approximately 8.5 million Windows machines into devices that continuously flash the notorious blue screen of death, Google has confirmed it was responsible for Chrome Password Manager temporarily breaking.
3
VIEW GALLERY – 3 IMAGES
Between potentially millions of Intel CPUs being faulty, AMD’s new CPUs having problems, CrowdStrike updates nuking millions of Windows machines around the globe that results in airports being held up, and billions of dollars in lost revenue, it really does feel the technology industry is breaking at the seams. And to throw more fuel on the bad news fire, Google has confirmed its responsible for Password Manager on the Chrome browser being faulty.
While password manager being disabled certainly isn’t as critical as the CrowdStrike outage that brought down various infrastructures around the world, the user base that was affected was comparable, and perhaps comedically it was only Windows users that were affected. According to Google, the glitch happened last week and lasted 18 hours, which was the time it took engineers to officially sign off on the fix.
3
Google said, “The root cause of the issue is a change in product behavior without proper feature guard.” That corporate speak, translated through my personal filter, reads, “We rolled out a faulty driver update.”
The impact of the outage was global and the total number of affected users could range in the millions. Reports indicate that International Telecommunication Union (ITU) estimated 5.4 billion people use the internet in 2023 and of those Chrome holds a market share of 65.68%, per StatCounter.
Notably, the glitch was exclusive to Windows users on the M127 version of Chrome browser, and according to Google, “Approximately 2 percent of users out of the 25 percent of the entire user base where the configuration change was rolled out, experienced this issue.” This would put the estimated number of affected users at approximately 17 million.
Furthermore, Google Password Manager’s downtime prevented users from finding saved passwords, generating new passwords, or accessing the features. An event such as this highlights the importance of independent password managers and diversifying reliance across multiple applications for the storing of sensitive data.
Google took to its Workspace dashboard to write on July 30 that the company has decided to downgrade the severity of this incident to “Service Information,” as the issue affected “significantly” fewer users than the company initially estimated.
While the outage may be less severe than initially thought, it has come at an unfortunate time following the CrowdStrike debacle, as consumer confidence in the reliability of big tech platforms is quite low.
$10 -PlayStation Store Gift Card [Digital Code]
Today 30 days ago
$10.00
$10.00
Buy
$10.00
$10.00
Buy
* Prices last scanned on 7/31/2024 at 11:50 am CDT – prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.
NEWS SOURCES:theregister.com, google.com
Jak Connor
Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak’s love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms. Instead of typical FPS, Jak holds a very special spot in his heart for RTS games.
What’s in Jak’s PC?
CPU: AMD Ryzen 5 5600X
MOTHERBOARD: ASUS ROG Crosshair VIII HERO (WiFi)
RAM: G.Skill Trident Z Neo 32GB CL16 DDR4 3600MHz 32GB (2 x 16GB)
GPU: NVIDIA GeForce RTX 4090 Founders Edition
SSD: GALAX HOF Pro SSD PCI-E M.2 2TB, Samsung SSD 850 EVO 250GB
OS: Windows 11 Pro
COOLER: NZXT Kraken 360mm AIO
CASE: Lian Li Lancool III
PSU: Corsair RM1000x SHIFT 80 PLUS Gold
KEYBOARD: Logitech G915 LIGHTSPEED
MOUSE: Logitech G PRO Wireless
MONITOR: MSI MAG 274UPF 4K 144Hz
Newsletter Subscription
Similar News
An easy way to protect your kids while browsing the net with Google Chrome
Google removes Chrome Apps from desktop PCs
Can you believe Google Chrome is 10 years old already?!
Google’s Chrome browser regains some popularity after falling hard last month
Google Chrome for iPhone is getting some huge new features
Patch Chrome now, as Google’s browser has a nasty security flaw
Related Tags
GooglePassword ManagerGoogle glitchWindowsM127 ChromeChrome browserGoogle Password ManagerCrowdStrikeAMDIntel
Read more: https://www.tweaktown.com/news/99639/google-confirms-it-broke-password-manager-on-chrome-for-millions-of-windows-users/index.html?utm_source=dlvr.it&utm_medium=facebook&fbclid=IwZXh0bgNhZW0CMTEAAR0y-VuwK5dHKyxaS5pBnlUedIiw0u6uULiN5aw9taz_cB_S0_ge5g413Hw_aem_HfqbvPSg6GPRDx7p-Yzbww
Tomi Engdahl says:
Microsoft says cyber-attack triggered latest outage
https://www.bbc.com/news/articles/c903e793w74o
A global outage affecting Microsoft products including email service Outlook and video game Minecraft has been resolved, the technology giant said in an update.
The firm said preliminary investigations show the outage was caused by a cyber-attack and a failure to properly defend against it.
Earlier, the company issued an apology for the incident, which lasted almost 10 hours and caused thousands of users to report issues with Microsoft services.
It comes less than two weeks after a major global outage left around 8.5 million computers using Microsoft systems inaccessible, impacting healthcare and travel, after a flawed software update by cybersecurity firm CrowdStrike.
Tomi Engdahl says:
VMware ESXi hypervisor vulnerability grants full admin privileges
https://www.csoonline.com/article/3478658/vmware-esxi-hypervisor-vulnerability-grants-full-admin-privileges.html
Tomi Engdahl says:
Hackers can wirelessly watch your screen via HDMI radiation
A newly-discovered technique combines wireless EM monitoring and AI algorithms to “read” text on a victim’s screen, and it’s already being used in the wild.
https://www.pcworld.com/article/2413156/hackers-can-wirelessly-watch-your-screen-via-hdmi-radiation.html
Covertly intercepting video signals is a very old-fashioned way to go about electronic spying, but a new method discovered by researchers puts a frightening spin on it.
A research team out of Uruguay has found that it’s possible to intercept the wireless electromagnetic radiation coming from an HDMI cable and interpret the video by processing it with AI. Three scientists from the University of the Republic in Montevideo published their findings on Cornell’s ArXiv service, spotted by Techspot.
AI can see what’s on your screen by reading HDMI electromagnetic radiation
Researchers say the technique is already being used in the wild
https://www.techspot.com/news/104015-ai-can-see-what-screen-reading-hdmi-electromagnetic.html
Security researchers have demonstrated that it’s possible to spy on what’s visible on your screen by intercepting electromagnetic radiation from video cables with great accuracy, thanks to artificial intelligence. The team from Uruguay’s University of the Republic says their AI-powered cable-tapping method is good enough that these attacks are likely already happening.
Back in the analog video era, it was relatively straightforward for hackers to reconstruct what was on a screen by detecting the leakage from video cables. But once digital protocols like HDMI took over, that became much trickier. The data zipping through HDMI is much more complex than old analog signals.
However, those digital signals still leak some electromagnetic radiation as they transmit between your computer and display. By training an AI model on samples of matching original and intercepted HDMI signals, the researchers were able to decode those leaks into readable screen captures.
Their new technique reconstructed text from pilfered HDMI signals with around 70% accuracy. While that’s far from perfect, it’s good enough for most human readers to accurately decipher. That potentially means it’s easy for hackers to monitor things like password entries, financial data, or encrypted communications.
There are a few ways hackers could pull off this HDMI eavesdropping in the real world. They could plant a discreet signal-capturing device inside the target building. Or just hang out nearby with a radio antenna to grab leaked HDMI radiation as it happens.
The researchers say these attacks are already being used against government agencies and sensitive industrial settings. But these types of organizations likely already shield their facilities against electromagnetic leaks, even if it comes at a significant cost.
However, for the average home or office user, the barrier to entry is still pretty high for this HDMI hacking approach. Deploying the AI models and signal-capturing equipment required isn’t trivial.
“Governments are worried about this, [but] I wouldn’t say that the normal user should be too concerned.
Tomi Engdahl says:
Finland and US fail to reach Global Entry visa deal for quicker airport arrival
The scheme smooths the path through border posts at US airports, but Finnish passport holders will not be able to use it in the near future at least.
https://yle.fi/a/74-20101689
Tomi Engdahl says:
https://www.pcworld.com/article/2413156/hackers-can-wirelessly-watch-your-screen-via-hdmi-radiation.html
Tomi Engdahl says:
https://arstechnica.com/security/2024/07/hackers-exploit-vmware-vulnerability-that-gives-them-hypervisor-admin/
Tomi Engdahl says:
Secure Boot rendered useless, over 200 PC models from different makers are affected
Making matters worse, many vendors have been recycling keys across product lines
https://www.techspot.com/news/103999-secure-boot-rendered-useless-over-200-pc-models.html
Tomi Engdahl says:
https://www.techradar.com/pro/kaspersky-offered-third-party-review-of-code-before-ban-from-us-markets
Tomi Engdahl says:
https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html
Tomi Engdahl says:
Järkyttävä hintalappu! Näin paljon miljoonia tietokoneita kaatanut sotku maksoi
https://www.is.fi/digitoday/art-2000010596407.html
Kaiken kaikkiaan Parametrixin arvioi CrowdStriken viallisen päivityksen aiheuttaneen yrityksille yhteensä 5,4 miljardia euron kustannukset. On todennäköistä, että tappiot ovat sitäkin suuremmat, sillä mukaan ei ole edes laskettu Microsoftille koituneita kustannuksia.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/july-windows-server-updates-break-remote-desktop-connections/
Tomi Engdahl says:
https://cybernews.com/news/deleted-github-data-accessible-to-anyone/
Tomi Engdahl says:
Russia takes aim at Sitting Ducks domains, bags 30,000+
Eight-year-old domain hijacking technique still claiming victims
https://www.theregister.com/2024/07/31/domains_with_delegated_name_service/
Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services.
The crooks have already hijacked an estimated 30,000 domains since 2019, by using a technique dubbed Sitting Ducks by cybersecurity outfits Infoblox and Eclypsium.
The flaw at the heart of the matter has been known since at least 2016, when security researcher Matt Bryant detailed the takeover of 120,000 domains using a DNS vulnerability at major cloud providers such as AWS, Google, and Digital Ocean. It resurfaced in 2019 at internet service provider GoDaddy, leading to bomb threats and sextortion attempts.
Tomi Engdahl says:
Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
The Minnesota-based Spytech snooped on thousands of devices before it was hacked.
https://techcrunch.com/2024/07/25/spytech-data-breach-windows-mac-android-chromebook-spyware/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/whatsapp-for-windows-lets-python-php-scripts-execute-with-no-warning/
Tomi Engdahl says:
Delta CEO calls Microsoft ‘probably the most fragile platform’ while praising Apple
https://9to5mac.com/2024/08/01/delta-ceo-calls-microsoft-probably-the-most-fragile-platform-while-praising-apple/
Tomi Engdahl says:
Buffer Over-Read (CWE-126) in DNS Response Parser
URL:
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.6
CVEs: CVE-2024-38373
FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read
issue in the DNS Response Parser when parsing domain names in a DNS response.
A carefully crafted DNS response with domain name length value greater than
the actual domain name length, could cause the parser to read beyond the DNS
response buffer.
This issue affects applications using DNS functionality of the
FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are
not affected, even when the DNS functionality is enabled.
This is fixed in FreeRTOS-Plus-TCP versions 4.1.1 or later.
Tomi Engdahl says:
Mysterious family of malware hid in Google Play for years
Mandrake’s ability to go unnoticed was the result of designs not often seen in Android malware.
https://arstechnica.com/security/2024/07/mysterious-family-of-malware-hid-in-google-play-for-years/?utm_source=facebook&utm_medium=social&utm_campaign=dhfacebook&utm_content=null&fbclid=IwZXh0bgNhZW0CMTEAAR2Of175KpFVS6FVzH6PVL50NqsPPLRap5FdIH3pzv5hef_bM0W7ZvYplPw_aem_Z5hybUxwmrMC89xpnJM6VQ
A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight.
The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family of highly intrusive malware that security firm Bitdefender called out in 2020. Bitdefender said the apps appeared in two waves, one in 2016 through 2017 and again in 2018 through 2020.