Cyber security news August 2024

This posting is here to collect cyber security news in August 2024.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

188 Comments

  1. Tomi Engdahl says:

    First, Bargury gets the email of a colleague named Jane, learns what the last conversation with Jane was, and gets the chatbot to spill the emails of people CC’d in that conversation.

    Bargury then instructs the bot to compose an email written in the style of the hacked employee to send to Jane, and gets the bot to pull the exact subject line of their last email with her.

    And in just a matter of minutes, he’s created a convincing email that could deliver a malicious attachment to anyone in the network — all done with Copilot’s eager compliance.

    Data Dilemma
    Microsoft’s Copilot AI, and specifically its Copilot Studio, allows business organizations to tailor chatbots to their specific needs. To do that, the AI needs access to company data — which is where the vulnerabilities emerge.

    For one, many of these chatbots are discoverable online by default, which makes them sitting ducks to hackers who can target them with malicious prompts. “We scanned the internet and found tens of thousands of these bots,” Bargury told The Register.

    https://futurism.com/the-byte/ai-microsoft-windows-incredibly-hackable

    “There’s a fundamental issue here. When you give AI access to data, that data is now an attack surface for prompt injection,” Bargury told The Register. “It’s kind of funny in a way — if you have a bot that’s useful, then it’s vulnerable. If it’s not vulnerable, it’s not useful.”

    Reply
  2. Tomi Engdahl says:

    If you give Copilot the reins, don’t be surprised when it spills your secrets
    ‘All of the defaults are insecure’ Zenity CTO claims
    https://www.theregister.com/2024/08/08/copilot_black_hat_vulns/

    One hopes widely used enterprise software is secure enough. Get ready for those hopes to be dashed again, as Zenity CTO Michael Bargury today revealed his Microsoft Copilot exploits at Black Hat.

    “It’s actually very difficult to create a [Copilot Studio] bot that is safe,” Bargury told The Register in an interview ahead of conference talks, “because all of the defaults are insecure.”

    Bargury is speaking twice about security failings with Microsoft Copilot at Black Hat in Las Vegas this week. His first talk focused on the aforementioned Copilot Studio, Microsoft’s no-code tool for building custom enterprise Copilot bots, its defaults, and other aspects. The second covered all the nasty things an attacker can do with Copilot itself if they manage to break into the IT environment of an organization that uses the tech, and how Copilot can help someone gain entry to that environment.

    Reply
  3. Tomi Engdahl says:

    Trumpin kampanja hakkeroitiin – syyttää teosta Irania
    Kampanjatiimi kertoo, että hakkeroinnin kohteena on ollut sen sisäinen viestintä.
    Trumpin kampanja hakkeroitiin – syyttää teosta Irania
    https://www.is.fi/ulkomaat/art-2000010623100.html

    Kampanjan lausunto hakkeroinnista tuli pian sen jälkeen, kun Politico kertoi, että se oli alkanut heinäkuussa saamaan nimettömältä lähteeltä dokumentteja, jotka olivat Trumpin kampanjan sisältä. Yksi vuodetuista dokumenteista oli raportti, joka koski varapresidenttiehdokasta J. D. Vancea ja tämän ”potentiaalisia haavoittuvuuksiaan”.

    Kampanjan tiedottaja Steven Cheung sanoo lausunnossa, että hakkeri pyrkii teollaan vaikuttamaan presidentinvaaleihin ja aiheuttamaan kaaosta koko demokraattiseen prosessiin.

    Reply
  4. Tomi Engdahl says:

    22 minuuttia: Tässä on luku, jonka pitäisi pysäyttää sinutkin
    https://www.is.fi/digitoday/tietoturva/art-2000010617849.html

    Jokainen on vastuussa omien laitteidensa suojaamisesta. Viranomainen kertoo hälyttävän esimerkin siitä, miksi sillä on väliä.

    Reply
  5. Tomi Engdahl says:

    0.0.0.0 Day – 18 Yr Old Vulnerability Let Attackers Bypass All Browser Security
    https://cybersecuritynews.com/0-0-0-0-day/

    Researchers at Oligo Security have discovered an 18-year-old critical vulnerability, dubbed “0.0.0.0 Day,” that affects all major web browsers, including Chromium, Firefox, and Safari.

    This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network, potentially leading to unauthorized access and remote code execution on local services by attackers outside the network.

    Reply
  6. Tomi Engdahl says:

    Suomalaisiin kohdistuu parhaillaan poliisin nimissä toteutettu huijauskampanja. Moni taho on kertonut IS:lle saaneensa petollisia tekstiviestejä maanantaiaamuna. Viesteissä sanotaan, että vastaanottajan tulisi lukea poliisilta tullut viesti linkkiä klikkaamalla.

    Massiivinen tekstiviestihuijaus menossa – älä vain klikkaa tätä viestiä
    https://www.is.fi/digitoday/tietoturva/art-2000010624430.html

    Reply
  7. Tomi Engdahl says:

    AMD won’t patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for ‘Sinkclose’
    News
    By Jowi Morales published 19 hours ago
    AMD says some chips fall outside of the software support window.
    https://www.tomshardware.com/pc-components/cpus/amd-wont-patch-all-chips-affected-by-severe-data-theft-vulnerability-ryzen-1000-2000-and-3000-will-not-get-patched-among-others

    Reply
  8. Tomi Engdahl says:

    Elon Musk claims live Trump interview on X derailed by DDoS
    Once-great platform tanks another major political livestream, bigly
    https://www.theregister.com/2024/08/13/trump_musk_livestream_ddos_delay/

    Reply
  9. Tomi Engdahl says:

    https://thehackernews.com/2024/08/freebsd-releases-urgent-patch-for-high.html

    The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges.

    The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.

    “A signal handler in sshd(8) may call a logging function that is not async-signal-safe,” according to an advisory released last week.

    Reply
  10. Tomi Engdahl says:

    Hackers leak 2.7 billion data records with Social Security numbers
    https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/

    Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.

    The data allegedly comes from National Public Data, a company that collects and sells access to personal data for use in background checks, to obtain criminal records, and for private investigators.

    National Public Data is believed to scrape this information from public sources to compile individual user profiles for people in the US and other countries.

    At the time, the threat actor attempted to sell the data for $3.5 million and claimed it contained records for every person in the three countries.

    The leaked data consists of two text files totaling 277GB and containing nearly 2.7 billion plaintext records, rather than the original 2.9 billion number originally shared by USDoD.

    While BleepingComputer can’t confirm if this leak contains the data for every person in the US, numerous people have confirmed to us that it included their and family members’ legitimate information, including those who are deceased.

    Each record consists of the following information – a person’s name, mailing addresses, and social security number, with some records including additional information, like other names associated with the person. None of this data is encrypted.

    Previously leaked samples of this data also included phone numbers and email addresses, but these are not included in this 2.7 billion record leak.

    It is important to note that a person will have multiple records, one for each address they are known to have lived. This also means that this data breach did not impact 3 billion people as has been erroneously reported in many articles that did not properly research the data.

    Some people have also told BleepingComputer that their social security numbers were associated with other people they don’t know, so not all the information is accurate.

    Finally, this data may be outdated, as it does not contain the current address for any of the people we checked, potentially indicating that the data was taken from an old backup.

    The data breach has led to multiple class action lawsuits against Jerico Pictures, which is believed to be doing business as National Public Data, for not adequately protecting people’s data.

    If you live in the US, this data breach has likely leaked some of your personal information.

    As the data contains hundreds of millions of social security numbers, it is suggested that you monitor your credit report for fraudulent activity and report it to the credit bureaus if detected.

    Reply
  11. Tomi Engdahl says:

    AMD won’t patch all chips affected by severe data theft vulnerability — older Ryzen models will not get patched for ‘Sinkclose’ [Updated]
    News
    By Jowi Morales published 2 days ago
    AMD says some chips fall outside of the software support window.
    https://www.tomshardware.com/pc-components/cpus/amd-wont-patch-all-chips-affected-by-severe-data-theft-vulnerability-ryzen-1000-2000-and-3000-will-not-get-patched-among-others

    Reply
  12. Tomi Engdahl says:

    New ‘Sinkclose’ vulnerability in AMD CPUs, only way to remove it is to ‘throw your PC away’
    AMD Ryzen and EPYC processors exposed to new ‘Sinkclose’ vulnerability, could affect millions and millions of processors worldwide. Sigh.
    VIEW GALLERY – 2
    Anthony Garreffa
    @anthony256

    Published Aug 11, 2024 7:33 AM CDT
    1 minute & 23 seconds read time
    AMD Ryzen and EPYC processors have been exposed to a new vulnerability called “Sinkclose” which could affect millions and millions of AMD processors worldwide.

    2
    VIEW GALLERY – 2 IMAGES
    In a new report from WIRED, we’re learning that the new “Sinkclose” vulnerability allows intruders to run malicious code on AMD processors when they’re placed in “System Management Mode” which is a sensitive mode that holds crucial firmware files used for operations.

    Popular Now: Huawei CEO photographed on plane with world’s first tri-foldable smartphone
    But, hackers will need to insert a piece of code that would provide them with “deep access to an AMD-based PC or server”. Once the hackers have this access, they can install a malware called a bootkit, which is undetectable by anti-virus software, which is means to protect your PC.

    Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, will present the new vulnerability in AMD processors that they’re calling Sinkclose. Okupski told WIRED: “Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it’s still going to be there. It’s going to be nearly undetectable and nearly unpatchable”.

    How would you remove the malware? Well, that’s hard: you’d have to open up the PC, physically connect directly to a certain portion of its memory chips with a hardware-based programming tool called “SPI Flash” programmer, with Okupski saying you’d have to meticulously scour the memory to remove the malware.

    Nissim says that the worst-case scenario would be “you basically have to throw your computer away”.

    AMD has issued a statement to WIRED, where they acknowledged it was hard to exploit Sinkclose, and that to take advantage of the vulnerability, hackers would need to have access to your computer’s kernel, the core of the OS.

    AMD Ryzen 7 7800X3D 8-Core, 16-Thread Desktop Processor (AMD Ryzen 7 7800X3D)
    Today 30 days ago

    $189.99
    $189.99
    Buy
    $366.01
    $387.40
    Buy
    * Prices last scanned on 8/13/2024 at 1:10 am CDT – prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.
    NEWS SOURCES:wccftech.com, wired.com

    Anthony Garreffa

    Anthony joined the TweakTown team in 2010 and has since reviewed 100s of graphics cards. Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering and has recently taken a keen interest in artificial intelligence (AI) hardware.

    What’s in Anthony’s PC?
    CPU: Intel Core i5-12600K
    MOTHERBOARD: GIGABYTE Z690 AERO-G
    RAM: Corsair 32GB DDR4-3200
    GPU: NVIDIA GeForce RTX 4090 24GB
    SSD: Sabrent 4TB Rocket 4 Plus
    OS: Windows 11 Pro
    CASE: Lian Li O11 Dynamic XL
    PSU: ASUS ROG Strix 850W
    KEYBOARD: Logitech G915 Wireless
    MOUSE: Logitech G502X Wireless
    MONITOR: LG C3 48-inch OLED TV 4K 120Hz
    Newsletter Subscription

    Similar News

    AMD won’t be fixing a major security flaw on these older Ryzen CPUs
    Qualcomm’s Adreno GPU vulnerability found: Snapdragon chips join problematic Intel, AMD CPUs
    Qualcomm announces vulnerability bounty program
    AMD Ryzen Threadripper PRO 7000 WX series CPUs top out at 96 cores, 192 threads Zen 4 for $9999
    AMD’s next-gen RDNA 3: revolutionary chiplet design could crush NVIDIA
    AMD Ryzen CPUs affected by ‘Inception’ vulnerability and the fix could impact performance
    Related Tags

    AMDAMD EPYCAMD RyzenSinkcloseIntelCPUvulnerable CPUssemiconductorTSMC

    Read more: https://www.tweaktown.com/news/99824/new-sinkclose-vulnerability-in-amd-cpus-only-way-to-remove-it-is-throw-your-pc-away/index.html?utm_source=dlvr.it&utm_medium=facebook&fbclid=IwZXh0bgNhZW0CMTEAAR3ng-8PoGPWKDiSWD700jZ3r71LR0JFp9QW7FWsFB4e–A3pBOpQ-AyGio_aem_1b3kZPQ9u2mELxXpHw11aA

    Reply
  13. Tomi Engdahl says:

    Signal Developer Explains Why Early Encrypted Messaging Tools Flopped
    ‘The intuition was to take the complexity and push it onto the user,’ Moxie Marlinspike says at Black Hat. ‘We were just wrong.’
    https://uk.pcmag.com/security/153813/signal-developer-explains-why-early-encrypted-messaging-tools-flopped

    Reply
  14. Tomi Engdahl says:

    Critical Vulnerabilities in AWS Lets Attackers Gain Full-Service Remotely
    https://cybersecuritynews.com/mutiple-vulnerabilities-found-in-aws/

    Researchers from Aqua identified critical vulnerabilities in six Amazon Web Services (AWS): CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar.

    These vulnerabilities varied in severity, potentially allowing remote code execution, full-service user takeover, AI module manipulation, data exposure, data exfiltration, and denial of service (DoS) attacks. The vulnerabilities could have affected any organization using these services globally.

    Reply
  15. Tomi Engdahl says:

    Chinese Hackers Hit Russia in Cyberattack
    https://www.newsweek.com/chinese-hackers-hit-russia-cyberattack-apt31-1938524?fbclid=IwY2xjawEomjJleHRuA2FlbQIxMQABHQhHeWNHmzFHorlfMui0RU3GiU0YDmPEDTjYrvfVQ_QSfjnJD-m6Y0DRNQ_aem_bplifc1qIVmGskyvCTA6CA

    Dozens of systems used by government bodies and IT companies in Russia have reportedly become the targets of Chinese hackers.

    Moscow-based cybersecurity provider Kaspersky Lab, revealed that the backdoor malware used to gain access to the systems was “GrewApacha,” a Trojan used since at least 2021 by the Chinese cyber-espionage group known as APT31 (Advanced Peristent Threat 31).

    APT31 is believed to have ties to China’s civilian spy agency, the Ministry of State Security (MSS). Earlier this year, the United States Justice department indicted several Chinese nationals and one company for allegedly carrying out APT31 operations.

    “During these attacks, attackers infected devices using phishing emails with attachments containing malicious shortcut files,” read an August 8 report by Kaspersky Lab-managed website SecureList. Kaspersky has dubbed the Russia-centered hacking campaign “EastWind.”

    Clicking on these files prompts the installation of the malware, which receives commands from the Dropbox cloud storage.

    “With the help of this software, the attackers downloaded additional Trojans to the infected computers, in particular, tools used by the APT31 cybergroup, as well as the updated CloudSorcerer backdoor,” the report said.

    The SecureList report said the method observed in the recent cyberattacks was similar to the one previously used to target a U.S. organization.

    Reply
  16. Tomi Engdahl says:

    “For us, it’s not an option to just wait and see what happens. We want to be ready and implement solutions as soon as possible, to avoid harvest now and decrypt later.” —Richard Marty, LGT Financial Services

    NIST Announces Post-Quantum Cryptography Standards Three security standards are ready for use, with a fourth on the way
    https://spectrum.ieee.org/post-quantum-cryptography-2668949802?share_id=8375929&socialux=facebook&utm_campaign=RebelMouse&utm_content=IEEE+Spectrum&utm_medium=social&utm_source=facebook&fbclid=IwZXh0bgNhZW0CMTEAAR33K5Xygkt7HDnLXeXviZmQ7WkLVNhArkFo60EfFhc7PQKJpkuUQIuarfs_aem_nFwDjO1LZSVBD5BtMRVpAQ

    Today, almost all data on the Internet, including bank transactions, medical records, and secure chats, is protected with an encryption scheme called RSA (named after its creators Rivest, Shamir, and Adleman). This scheme is based on a simple fact—it is virtually impossible to calculate the prime factors of a large number in a reasonable amount of time, even on the world’s most powerful supercomputer. Unfortunately, large quantum computers, if and when they are built, would find this task a breeze, thus undermining the security of the entire Internet.

    Luckily, quantum computers are only better than classical ones at a select class of problems, and there are plenty of encryption schemes where quantum computers don’t offer any advantage. Today, the U.S. National Institute of Standards and Technology (NIST) announced the standardization of three post-quantum cryptography encryption schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning to post-quantum security as soon as possible.

    “Now our task is to replace the protocol in every device, which is not an easy task.”
    —Lily Chen, NIST

    Reply
  17. Tomi Engdahl says:

    How to ingeniously and wirelessly inject malware onto someone’s nearby Windows PC via Google’s Quick Share
    Or rather could, until the web giant was tipped off
    https://www.theregister.com/2024/08/10/google_quick_share_rce/

    Reply
  18. Tomi Engdahl says:

    Endpoint SecurityMicrosoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains
    The vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks.
    https://www.securityweek.com/microsoft-warns-of-openvpn-vulnerabilities-potential-for-exploit-chains/

    LAS VEGAS — Software giant Microsoft used the spotlight of the Black Hat security conference to document multiple vulnerabilities in OpenVPN and warned that skilled hackers could create exploit chains for remote code execution attacks.

    The vulnerabilities, already patched in OpenVPN 2.6.10, create ideal conditions for malicious attackers to build an “attack chain” to gain full control over targeted endpoints, according to fresh documentation from Redmond’s threat intelligence team.

    While the Black Hat session was advertised as a discussion on zero-days, the disclosure did not include any data on in-the-wild exploitation and the vulnerabilities were fixed by the open-source group during private coordination with Microsoft.

    In all, Microsoft researcher Vladimir Tokarev discovered four separate software defects affecting the client side of the OpenVPN architecture:

    CVE-2024-27459: Affects the openvpnserv component, exposing Windows users to local privilege escalation attacks.
    CVE-2024-24974: Found in the openvpnserv component, allowing unauthorized access on Windows platforms.
    CVE-2024-27903: Affects the openvpnserv component, enabling remote code execution on Windows platforms and local privilege escalation or data manipulation on Android, iOS, macOS, and BSD platforms.
    CVE-2024-1305: Applies to the Windows TAP driver, and could lead to denial-of-service conditions on Windows platforms.

    The company is strongly urging users to apply fixes available at OpenVPN 2.6.10.

    Reply
  19. Tomi Engdahl says:

    Announcing Approval of Three Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography
    August 13, 2024
    https://csrc.nist.gov/News/2024/postquantum-cryptography-fips-approved

    The Secretary of Commerce has approved three Federal Information Processing Standards (FIPS) for post-quantum cryptography:

    FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard
    FIPS 204, Module-Lattice-Based Digital Signature Standard
    FIPS 205, Stateless Hash-Based Digital Signature Standard
    These standards specify key establishment and digital signature schemes that are designed to resist future attacks by quantum computers, which threaten the security of current standards. The three algorithms specified in these standards are each derived from different submissions to the NIST Post-Quantum Cryptography Standardization Project.

    FIPS 203 specifies a cryptographic scheme called the Module-Lattice-Based Key-Encapsulation Mechanism Standard, which is derived from the CRYSTALS-KYBER submission.

    FIPS 204 and 205 each specify digital signature schemes, which are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. FIPS 204 specifies the Module-Lattice-Based Digital Signature Standard, which is derived from CRYSTALS-Dilithium submission. FIPS 205 specifies the Stateless Hash-Based Digital Signature Standard, which is derived from the SPHINCS+ submission.

    Reply
  20. Tomi Engdahl says:

    Nathan Eddy / Dark Reading:
    Researchers describe now-fixed vulnerabilities in Microsoft’s Azure Health Bot Service that would let a user access and manage other customers’ resources — Multiple privilege escalation issues in Microsoft Azure’s cloud-based Health Bot service opened the platform to server-side request forgery …

    Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities
    https://www.darkreading.com/application-security/microsoft-azure-ai-health-bot-infected-with-critical-vulnerabilities

    Privilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers’ resources.

    Reply
  21. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    The US Court of Appeals for the Fifth Circuit ruled that geofence warrants are “prohibited by the Fourth Amendment”, at odds with a recent Fourth Circuit ruling

    US appeals court rules geofence warrants are unconstitutional
    https://techcrunch.com/2024/08/13/us-appeals-court-rules-geofence-warrants-are-unconstitutional/

    A federal appeals court has ruled that geofence warrants are unconstitutional, a decision that will limit the use of the controversial search warrants across several U.S. states.

    Geofence warrants, also known as “reverse” search warrants, allow police to draw a shape on a map, such as over a crime scene, and demand that Google (or any other company that collects user locations) search its entire banks of location data for any phone or device that was in that area at a specific point in time.

    But critics have long argued that geofence warrants are unconstitutional because they can be overbroad and include information on entirely innocent people.

    The Fifth Circuit’s opinion comes to a different conclusion than a similar case heard last month in the Fourth Circuit, which covers North Carolina, Virginia and West Virginia. That ruling found that accessing Google’s stores of location data does not count as a search and upheld the legality of geofence warrants across those states.

    In its case, the Fifth Circuit disagreed and found that police seeking data from Google’s vast stores of location data for a criminal suspect does in fact constitute a search. But because the bank of data is so big, and because the entire database has to be scanned, the court ruled that there is no legal authority capable of authorizing a search, per a blog post by law professor Orin Kerr analyzing the ruling.

    The court said in its ruling, its emphasis included: “This search is occurring while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result. Indeed, the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient.”

    While the Fifth Circuit ruled that geofence warrants are unconstitutional, the court concluded that the police department had acted in good faith when seeking the warrant for the location data held by Google, and upheld the defendant’s conviction. The court said, in part because the use of geofence warrants were novel at the time and the department asked other agencies for legal guidance prior to submitting the warrant, the evidence should not be suppressed in this case.

    Because tech companies, like Google, Uber, Snap and others, collect and store huge amounts of its users’ location data and histories on its servers, this data can be obtained by law enforcement; if the data didn’t exist, the problem would be moot. The use of geofence warrants has rocketed in recent years, at one point amounting to about one-quarter of all U.S. legal demands the company received.

    Google said late last year that it would begin storing users’ location data on their devices, making geofence warrants less useful for law enforcement.

    Reply
  22. Tomi Engdahl says:

    0-Click Outlook Vulnerability Triggered RCE When Email is Opened – Technical Analysis
    https://cybersecuritynews.com/0-click-outlook-vulnerability/

    Morphisec researchers have recently uncovered a critical vulnerability in Microsoft Outlook, identified as CVE-2024-30103. It can execute malicious code as soon as an email is opened.

    We will explore the technical aspects of CVE-2024-30103, examining how this vulnerability can be exploited and assessing its potential impact on your systems.

    Reply
  23. Tomi Engdahl says:

    Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems
    https://cybersecuritynews.com/0-click-rce-windows-tcp-ip/

    CVE-2024-38063 is a remote code execution vulnerability in Windows TCP/IP with a maximum severity rating of Critical and a CVSSv3 score of 9.8. Key details include:

    An attacker can remotely exploit this vulnerability by sending specially crafted IPv6 packets to a target host.
    No user interaction is required, making this a “0-click” vulnerability.
    Only IPv6 packets can be abused to exploit this vulnerability.
    Microsoft has rated the vulnerability as “Exploitation More Likely.”

    Successful exploitation of CVE-2024-38063 could allow an attacker to execute arbitrary code on the target system with SYSTEM privileges. This level of access would give the attacker full control over the compromised machine.

    “An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution,” Microsoft said.

    Microsoft has released patches for all affected versions of Windows and Windows Server. Organizations are strongly advised to apply these updates as soon as possible

    https://cybersecuritynews.com/microsoft-patches-6-zero-days/

    Reply
  24. Tomi Engdahl says:

    Google vahvisti, että Iranin tukemat hakkerit ovat yrittäneet häiritä Yhdysvaltain presidenttiehdokkaiden Kamala Harrisin ja Donald Trumpin kampanjoita.

    https://www.iltalehti.fi/ulkomaat/a/f2fcb503-7258-41d9-bea6-f215e163b89d

    Reply
  25. Tomi Engdahl says:

    Google vahvistaa: Iran pyrkii häiritsemään USA:n presidentinvaaleja
    Google onnistui estämään touko- ja kesäkuussa APT42-hakkeriryhmää kirjautumaan noin kymmeneen presidentti Joe Bideniin tai Donald Trumpiin sidoksissa olevan henkilön henkilökohtaiseen sähköpostitiliin.
    https://www.iltalehti.fi/ulkomaat/a/f2fcb503-7258-41d9-bea6-f215e163b89d

    Reply
  26. Tomi Engdahl says:

    Asemien näytöt pimenivät koko Suomessa – Tässä syy
    Rataliikennekeskuksen mukaan häiriö on valtakunnallinen.
    https://www.iltalehti.fi/kotimaa/a/e7dc0698-eeed-4d00-8574-c34c11d3f46e

    Finntrafficin Rataliikennekeskus tiedotti varhain torstaiaamuna, että rautateiden laiturinäytöt eivät toimi matkustajainformaatiojärjestelmän häiriön vuoksi.

    Rataliikennekeskuksen mukaan häiriö on valtakunnallinen.

    Reply
  27. Tomi Engdahl says:

    Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code Via Ping Script
    https://cybersecuritynews.com/zabbix-server-vulnerability/

    A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution. The vulnerability allowed an administrator with restricted permissions to execute arbitrary code via the Ping script in the Monitoring Hosts section, potentially compromising the infrastructure.

    The vulnerability, which had a CVSS score of 9.9, was discovered by justonezero, a security researcher who submitted the report through the HackerOne bug bounty platform. Zabbix has acknowledged and thanked justonezero for their contribution to the platform’s security.

    Reply
  28. Tomi Engdahl says:

    Biden administration pledges $11 million to open source security initiative
    The White House and Department of Homeland Security (DHS) are partnering on an $11 million initiative to gain an understanding of how open source software is used across critical infrastructure and to better secure it.

    The White House announced the measure on Friday, and at the DEF CON cybersecurity conference over the weekend, National Cyber Director Harry Coker said DHS will fund it under the 2021 Bipartisan Infrastructure Law.

    The effort — named the Open-Source Software Prevalence Initiative (OSSPI) — is designed to get a handle on the distribution of open-source software components in areas like healthcare, transportation and energy production, eventually allowing the federal government and private sector partners to strengthen national cybersecurity.

    https://therecord.media/open-source-software-security-white-house-dhs-11million-funding

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*