This posting is here to collect cyber security news in August 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
188 Comments
Tomi Engdahl says:
https://arstechnica.com/security/2024/08/android-malware-uses-nfc-to-read-payment-card-data-then-sends-it-to-attacker/
Tomi Engdahl says:
After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud
Researchers allegedly found security protocols “burdensome.”
https://arstechnica.com/security/2024/08/oh-your-cybersecurity-researchers-wont-use-antivirus-tools-heres-a-federal-lawsuit/
Tomi Engdahl says:
Telegram messaging app CEO Durov arrested in France
https://www.reuters.com/world/europe/telegram-messaging-app-ceo-pavel-durov-arrested-france-tf1-tv-says-2024-08-24/
Tomi Engdahl says:
Hurjia spekulaatioita: Saivatko länsimaat käsiinsä yleisavaimen venäläisten viestintään?
Ranskassa tehty pidätys saattaa olla hyvin merkittävä asia.
Hurjia spekulaatioita: Saivatko länsimaat käsiinsä yleisavaimen venäläisten viestintään?
https://www.is.fi/digitoday/tietoturva/art-2000010654933.html
Tomi Engdahl says:
Netflixin painajainen kävi toteen
https://www.is.fi/digitoday/tietoturva/art-2000010650455.html
Julkaisemattomia Netflixin tv-sarjojen jaksoja ja elokuvia on alettu jakaa verkossa. Varastettu materiaali on tiettävästi peräisin tietomurron kohteeksi joutuneelta Netflixin jälkituotantokumppanilta, kertoo Variety.
Tomi Engdahl says:
Episodes of Netflix Anime Shows Including ‘Arcane,’ ‘Terminator Zero’ Leak Online; Streamer Cites Security Breach at Post-Production Partner
Media-localization services provider Iyuno says it is ‘actively investigating’ the incident
https://variety.com/2024/digital/news/netflix-anime-leak-arcane-terminator-zero-security-breach-1236101888/
Tomi Engdahl says:
Think TikTok or Temu are safe? Cybersecurity expert says think again, delete them now
https://www.usatoday.com/story/tech/columnist/komando/2024/08/08/apps-to-delete-cybersecurity-tiktok-temu/74673015007/
The U.S. government doesn’t have a say in what you download unless you use a government device. Starting Aug. 15, U.S. House of Representatives staffers are banned from using all ByteDance apps on government devices.
Tomi Engdahl says:
Anthropic publishes the ‘system prompts’ that make Claude tick
https://techcrunch.com/2024/08/26/anthropic-publishes-the-system-prompt-that-makes-claude-tick/
Tomi Engdahl says:
https://thehackernews.com/2024/08/researchers-identify-over-20-supply.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos/
Tomi Engdahl says:
https://asia.nikkei.com/Spotlight/Cybersecurity/China-seen-using-white-hat-hackers-to-boost-cyberattack-capability
Tomi Engdahl says:
Is it just me or does infosec have a lot of deja vu throughout the years?
RFID cards could turn into a global security mess after discovery of hardware backdoor
Poking at bad encryption practices to discover some outrageous, unexpected issues
https://www.techspot.com/news/104436-previously-unknown-hardware-backdoors-could-turn-rfid-cards.html?fbclid=IwY2xjawE7ElBleHRuA2FlbQIxMQABHfSUm7IAg2N5tgQfNFkDbBf7XqVJuECHFmpJZdHyNuqsq14XePk9ztf9sQ_aem_K2F8cIXxQTnhRbWWpg6SxQ
WTF?! Chinese-made chips used in popular contactless cards contain hardware backdoors that are easy to exploit. These chips are compatible with the proprietary Mifare protocol developed by Philips spin-off NXP Semiconductors and are inherently “intrinsically broken,” regardless of the card’s brand.
Security researchers at Quarkslab have discovered a backdoor in millions of RFID cards developed by Shanghai Fudan Microelectronics (FMSH). When properly exploited, this backdoor could be used to quickly clone contactless smart cards that regulate access to office buildings and hotel rooms worldwide.
According to French researchers, “Mifare Classic” cards are widely used but have significant security vulnerabilities. These chip-based contactless cards have been targeted by various attacks over the years and remain vulnerable despite the introduction of updated versions.
In 2020, Shanghai Fudan released a new variant that provides a compatible (and likely cheaper) RFID technology through the Mifare-compatible FM11RF08S chip. It featured several countermeasures designed to thwart known card-only attacks, but introduced its own security issues.
Tomi Engdahl says:
Telegram has long been a hotbed for cybercriminal gangs boasting about their attacks and looking to recruit new members.
Why it matters: Telegram CEO Pavel Durov’s arrest over the weekend has put a spotlight on what policies Telegram does — and doesn’t — have to deter cybercriminals and extremist groups who use its platform.
The big picture: Telegram’s relaxed content moderation policies and encrypted service offerings have made it an attractive destination for cybercriminals, terrorism organizations and drug dealers.
https://www.axios.com/2024/08/27/telegram-pavel-durov-encryption-hackers-criminals?fbclid=IwY2xjawE7lWFleHRuA2FlbQIxMQABHU1cj0vaC6BwvX5UAMAd7JscwxDQDRiOXeMXKoTQFW7pKMlgtztSMRA3fg_aem_nbECKoBwrMNw4-fNveEdUA
Tomi Engdahl says:
Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident
Microsoft has called together cybersecurity firms and government representatives for its Windows Endpoint Security Ecosystem Summit.
https://www.securityweek.com/microsoft-convenes-endpoint-security-firms-following-crowdstrike-incident/
Tomi Engdahl says:
Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites
A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server.
https://www.securityweek.com/code-execution-vulnerability-found-in-wpml-plugin-installed-on-1m-wordpress-sites/
A critical vulnerability in the WPML multilingual plugin for WordPress could expose over one million websites to remote code execution (RCE).
Tracked as CVE-2024-6386 (CVSS score of 9.9), the bug could be exploited by an attacker with contributor-level permissions, the researcher who reported the issue explains.
WPML, the researcher notes, relies on Twig templates for shortcode content rendering, but does not properly sanitize input, which results in a server-side template injection (SSTI).
The researcher has published proof-of-concept (PoC) code showing how the vulnerability can be exploited for RCE.
“As with all remote code execution vulnerabilities, this can lead to complete site compromise through the use of webshells and other techniques,” explained Defiant, the WordPress security firm that facilitated the disclosure of the flaw to the plugin’s developer.
CVE-2024-6386 was resolved in WPML version 4.6.13, which was released on August 20. Users are advised to update to WPML version 4.6.13 as soon as possible, given that PoC code targeting CVE-2024-6386 is publicly available.
However, it should be noted that OnTheGoSystems, the plugin’s maintainer, is downplaying the severity of the vulnerability.
https://www.wordfence.com/blog/2024/08/1000000-wordpress-sites-protected-against-unique-remote-code-execution-vulnerability-in-wpml-wordpress-plugin/
Tomi Engdahl says:
WPML 4.6.13 and WooCommerce Multilingual 5.3.7 – Security and Other Enhancements
https://wpml.org/changelog/2024/08/wpml-4-6-13-and-woocommerce-multilingual-5-3-7-security-and-other-enhancements/?ref=sec.stealthcopter.com
Tomi Engdahl says:
Microsoft security tools questioned for treating employees as threats
Cracked Labs examines how workplace surveillance turns workers into suspects
https://www.theregister.com/2024/08/27/microsoft_workplace_surveillance/
Tomi Engdahl says:
https://www.howtogeek.com/why-public-wi-fi-is-a-hackers-playground-and-how-to-protect-yourself/
Tomi Engdahl says:
https://techcrunch.com/2024/08/26/how-to-tell-if-your-online-accounts-have-been-hacked/
Tomi Engdahl says:
https://www.techspot.com/news/104436-previously-unknown-hardware-backdoors-could-turn-rfid-cards.html
Tomi Engdahl says:
CrowdStrike Estimates the Tech Meltdown Caused by Its Bungling Left a $60 Million Dent in Its Sales
Massive outage spooked customers that had been expected to close deals totaling $60 million during the final few weeks of CrowdStrike’s fiscal Q2.
https://www.securityweek.com/crowdstrike-estimates-the-tech-meltdown-caused-by-its-bungling-left-a-60-million-dent-in-its-sales/
Tomi Engdahl says:
Google Now Offering Up to $250,000 for Chrome Vulnerabilities
Google has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs.
https://www.securityweek.com/google-now-offering-up-to-250000-for-chrome-vulnerabilities/
Google today announced significantly boosted rewards for Chrome browser vulnerabilities reported through its Vulnerability Reward Program (VRP).
With the updated rewards, security researchers may earn as much as $250,000 for a single issue, or even more if specific conditions are met. Just as before, the highest payouts will go to researchers who demonstrate memory corruption bugs in non-sandboxed processes.
For memory corruption flaws, Google expects researchers to provide high-quality reports demonstrating remote code execution (RCE) with functional exploits, the controlled write of arbitrary locations in memory, or the triggering of memory corruption.
Google is willing to pay out as much as $250,000 for demonstrated RCE in a non-sandboxed process, and may add an additional reward if the proof-of-concept (PoC) code achieves RCE without a renderer compromise.
Reports demonstrating controlled write in a non-sandboxed process may earn researchers up to $90,000, while reports demonstrating memory corruption may be awarded rewards of up to $35,000.
Tomi Engdahl says:
Another case of blame the infosec guy. Disgraceful.
https://www.10tv.com/article/news/local/city-columbus-sues-cybersecurity-expert/530-fc59233d-39cb-463f-9454-0234f1c8cced?fbclid=IwY2xjawE_DK1leHRuA2FlbQIxMQABHfu986PTgwUDkwRa3ycrlefkR22d-5QoLLWxyeQgY-1iByoHBMBteohYCg_aem_SJdtbBYHYoygjvS0CIT6kg
Tomi Engdahl says:
Secret Service Puts $2.5 Million Bounty On Most Wanted Hacker’s Head
https://www.forbes.com/sites/daveywinder/2024/08/30/secret-service-puts-25-million-bounty-on-most-wanted-hackers-head/
The United States Secret Service has placed a huge bounty of up to $2.5 million for information leading to the arrest and conviction of a single suspected hacker. The accused cybercriminal, named by the Secret Service as Volodymyr Iuriyovych Kadariya, is a 38-year-old Belarusian national charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud.
Tomi Engdahl says:
https://cybersecuritynews.com/how-threat-actors-establish-persistence-on-linux-systems/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/malware-exploits-5-year-old-zero-day-to-infect-end-of-life-ip-cameras/
Tomi Engdahl says:
https://www.zdnet.com/article/chrome-bug-hunters-can-earn-up-to-250000-for-serious-vulnerabilities-now-heres-how/?fbclid=IwY2xjawE_sq9leHRuA2FlbQIxMQABHTZuECL_QQNpeDVvLtNMVUwm9MmzA7c4-bgxkUKFbBFZAx30o1wrEwyZSg_aem_e1GGFVN7ZLE6VoygXHAgGQ
Tomi Engdahl says:
Green Berets storm building after hacking its Wi-Fi
Relax, it’s just a drill. This time at least.
https://www.theregister.com/2024/08/30/green_berets_wifi_hacking/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/how-to-identify-unknown-assets-while-pen-testing/
Tomi Engdahl says:
https://cybernews.com/privacy/denmark-ban-telegram-signal-whatsapp/
Tomi Engdahl says:
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
https://www.darkreading.com/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-masses
Tomi Engdahl says:
https://www.forbes.com/sites/daveywinder/2024/08/29/new-password-hacking-warning-for-gmail-facebook-and-amazon-users/
Tomi Engdahl says:
https://arstechnica.com/security/2024/08/unpatchable-0-day-in-surveillance-cam-is-being-exploited-to-install-mirai/
Tomi Engdahl says:
https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/google/google-increases-chrome-bug-bounty-rewards-up-to-250-000/
Tomi Engdahl says:
Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals
https://thehackernews.com/2024/08/breaking-down-ad-cs-vulnerabilities.html
What is Active Directory Certificate Services?#
Active Directory Certificate Services (“AD CS”), as defined by Microsoft is, “a Windows Server role for issuing and managing public key infrastructure (PKI) certificates used in secure communication and authentication protocols.” Some common features and services that rely on AD CS are:
The Windows Logon Process
Enterprise VPN and Wireless Networks
Email Encryption and Digital Signatures
Smart Card Authentication
As companies continue to increase the variety of technologies available within their organizations, AD CS will become more common and more necessary, especially as companies continue to host their services in the cloud. Many AWS, Azure and GCP services require certificate-based authentication to function, so it is expected that AD CS will become an increasingly prominent and required service in modern multi-cloud networks.
Tomi Engdahl says:
Cloudflare Introduces Automatic SSL/TLS to Secure and Simplify Origin Server Connectivity
https://www.infoq.com/news/2024/08/cloudflare-automatic-ssl-origin/
Cloudflare recently introduced new Automatic SSL/TLS settings to simplify the provider’s encryption modes for communication with origin servers. This feature offers automatic configuration, ensuring security without risking site downtime.
Automatic SSL/TLS strengthens the encryption modes between Cloudflare and origin servers by utilizing the Cloudflare SSL/TLS Recommender. This recommender automatically performs a series of requests from Cloudflare to the customer’s origin(s) with different SSL/TLS settings to determine if the backend communication can be upgraded beyond the current configuration.
Tomi Engdahl says:
Exploiting Jenkins RCE Vulnerability (CVE-2024-43044) Via Agents – Technical Analysis
https://cybersecuritynews.com/exploiting-jenkins-remote-code-vulnerability/