Cyber security news August 2024

This posting is here to collect cyber security news in August 2024.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

188 Comments

  1. Tomi Engdahl says:

    After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud
    Researchers allegedly found security protocols “burdensome.”
    https://arstechnica.com/security/2024/08/oh-your-cybersecurity-researchers-wont-use-antivirus-tools-heres-a-federal-lawsuit/

    Reply
  2. Tomi Engdahl says:

    Hurjia spekulaatioita: Saivatko länsi­maat käsiinsä yleis­avaimen venäläisten viestintään?
    Ranskassa tehty pidätys saattaa olla hyvin merkittävä asia.
    Hurjia spekulaatioita: Saivatko länsimaat käsiinsä yleisavaimen venäläisten viestintään?
    https://www.is.fi/digitoday/tietoturva/art-2000010654933.html

    Reply
  3. Tomi Engdahl says:

    Netflixin painajainen kävi toteen
    https://www.is.fi/digitoday/tietoturva/art-2000010650455.html

    Julkaisemattomia Netflixin tv-sarjojen jaksoja ja elokuvia on alettu jakaa verkossa. Varastettu materiaali on tiettävästi peräisin tietomurron kohteeksi joutuneelta Netflixin jälkituotantokumppanilta, kertoo Variety.

    Reply
  4. Tomi Engdahl says:

    Episodes of Netflix Anime Shows Including ‘Arcane,’ ‘Terminator Zero’ Leak Online; Streamer Cites Security Breach at Post-Production Partner
    Media-localization services provider Iyuno says it is ‘actively investigating’ the incident
    https://variety.com/2024/digital/news/netflix-anime-leak-arcane-terminator-zero-security-breach-1236101888/

    Reply
  5. Tomi Engdahl says:

    Think TikTok or Temu are safe? Cybersecurity expert says think again, delete them now
    https://www.usatoday.com/story/tech/columnist/komando/2024/08/08/apps-to-delete-cybersecurity-tiktok-temu/74673015007/

    The U.S. government doesn’t have a say in what you download unless you use a government device. Starting Aug. 15, U.S. House of Representatives staffers are banned from using all ByteDance apps on government devices.

    Reply
  6. Tomi Engdahl says:

    Is it just me or does infosec have a lot of deja vu throughout the years?

    RFID cards could turn into a global security mess after discovery of hardware backdoor
    Poking at bad encryption practices to discover some outrageous, unexpected issues
    https://www.techspot.com/news/104436-previously-unknown-hardware-backdoors-could-turn-rfid-cards.html?fbclid=IwY2xjawE7ElBleHRuA2FlbQIxMQABHfSUm7IAg2N5tgQfNFkDbBf7XqVJuECHFmpJZdHyNuqsq14XePk9ztf9sQ_aem_K2F8cIXxQTnhRbWWpg6SxQ

    WTF?! Chinese-made chips used in popular contactless cards contain hardware backdoors that are easy to exploit. These chips are compatible with the proprietary Mifare protocol developed by Philips spin-off NXP Semiconductors and are inherently “intrinsically broken,” regardless of the card’s brand.

    Security researchers at Quarkslab have discovered a backdoor in millions of RFID cards developed by Shanghai Fudan Microelectronics (FMSH). When properly exploited, this backdoor could be used to quickly clone contactless smart cards that regulate access to office buildings and hotel rooms worldwide.

    According to French researchers, “Mifare Classic” cards are widely used but have significant security vulnerabilities. These chip-based contactless cards have been targeted by various attacks over the years and remain vulnerable despite the introduction of updated versions.

    In 2020, Shanghai Fudan released a new variant that provides a compatible (and likely cheaper) RFID technology through the Mifare-compatible FM11RF08S chip. It featured several countermeasures designed to thwart known card-only attacks, but introduced its own security issues.

    Reply
  7. Tomi Engdahl says:

    Telegram has long been a hotbed for cybercriminal gangs boasting about their attacks and looking to recruit new members.

    Why it matters: Telegram CEO Pavel Durov’s arrest over the weekend has put a spotlight on what policies Telegram does — and doesn’t — have to deter cybercriminals and extremist groups who use its platform.

    The big picture: Telegram’s relaxed content moderation policies and encrypted service offerings have made it an attractive destination for cybercriminals, terrorism organizations and drug dealers.

    https://www.axios.com/2024/08/27/telegram-pavel-durov-encryption-hackers-criminals?fbclid=IwY2xjawE7lWFleHRuA2FlbQIxMQABHU1cj0vaC6BwvX5UAMAd7JscwxDQDRiOXeMXKoTQFW7pKMlgtztSMRA3fg_aem_nbECKoBwrMNw4-fNveEdUA

    Reply
  8. Tomi Engdahl says:

    Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident

    Microsoft has called together cybersecurity firms and government representatives for its Windows Endpoint Security Ecosystem Summit.

    https://www.securityweek.com/microsoft-convenes-endpoint-security-firms-following-crowdstrike-incident/

    Reply
  9. Tomi Engdahl says:

    Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

    A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server.

    https://www.securityweek.com/code-execution-vulnerability-found-in-wpml-plugin-installed-on-1m-wordpress-sites/

    A critical vulnerability in the WPML multilingual plugin for WordPress could expose over one million websites to remote code execution (RCE).

    Tracked as CVE-2024-6386 (CVSS score of 9.9), the bug could be exploited by an attacker with contributor-level permissions, the researcher who reported the issue explains.

    WPML, the researcher notes, relies on Twig templates for shortcode content rendering, but does not properly sanitize input, which results in a server-side template injection (SSTI).

    The researcher has published proof-of-concept (PoC) code showing how the vulnerability can be exploited for RCE.

    “As with all remote code execution vulnerabilities, this can lead to complete site compromise through the use of webshells and other techniques,” explained Defiant, the WordPress security firm that facilitated the disclosure of the flaw to the plugin’s developer.

    CVE-2024-6386 was resolved in WPML version 4.6.13, which was released on August 20. Users are advised to update to WPML version 4.6.13 as soon as possible, given that PoC code targeting CVE-2024-6386 is publicly available.

    However, it should be noted that OnTheGoSystems, the plugin’s maintainer, is downplaying the severity of the vulnerability.

    https://www.wordfence.com/blog/2024/08/1000000-wordpress-sites-protected-against-unique-remote-code-execution-vulnerability-in-wpml-wordpress-plugin/

    Reply
  10. Tomi Engdahl says:

    Microsoft security tools questioned for treating employees as threats
    Cracked Labs examines how workplace surveillance turns workers into suspects
    https://www.theregister.com/2024/08/27/microsoft_workplace_surveillance/

    Reply
  11. Tomi Engdahl says:

    CrowdStrike Estimates the Tech Meltdown Caused by Its Bungling Left a $60 Million Dent in Its Sales

    Massive outage spooked customers that had been expected to close deals totaling $60 million during the final few weeks of CrowdStrike’s fiscal Q2.

    https://www.securityweek.com/crowdstrike-estimates-the-tech-meltdown-caused-by-its-bungling-left-a-60-million-dent-in-its-sales/

    Reply
  12. Tomi Engdahl says:

    Google Now Offering Up to $250,000 for Chrome Vulnerabilities

    Google has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs.

    https://www.securityweek.com/google-now-offering-up-to-250000-for-chrome-vulnerabilities/

    Google today announced significantly boosted rewards for Chrome browser vulnerabilities reported through its Vulnerability Reward Program (VRP).

    With the updated rewards, security researchers may earn as much as $250,000 for a single issue, or even more if specific conditions are met. Just as before, the highest payouts will go to researchers who demonstrate memory corruption bugs in non-sandboxed processes.

    For memory corruption flaws, Google expects researchers to provide high-quality reports demonstrating remote code execution (RCE) with functional exploits, the controlled write of arbitrary locations in memory, or the triggering of memory corruption.

    Google is willing to pay out as much as $250,000 for demonstrated RCE in a non-sandboxed process, and may add an additional reward if the proof-of-concept (PoC) code achieves RCE without a renderer compromise.

    Reports demonstrating controlled write in a non-sandboxed process may earn researchers up to $90,000, while reports demonstrating memory corruption may be awarded rewards of up to $35,000.

    Reply
  13. Tomi Engdahl says:

    Secret Service Puts $2.5 Million Bounty On Most Wanted Hacker’s Head
    https://www.forbes.com/sites/daveywinder/2024/08/30/secret-service-puts-25-million-bounty-on-most-wanted-hackers-head/

    The United States Secret Service has placed a huge bounty of up to $2.5 million for information leading to the arrest and conviction of a single suspected hacker. The accused cybercriminal, named by the Secret Service as Volodymyr Iuriyovych Kadariya, is a 38-year-old Belarusian national charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud.

    Reply
  14. Tomi Engdahl says:

    Green Berets storm building after hacking its Wi-Fi
    Relax, it’s just a drill. This time at least.
    https://www.theregister.com/2024/08/30/green_berets_wifi_hacking/

    Reply
  15. Tomi Engdahl says:

    PoC Exploit for Zero-Click Vulnerability Made Available to the Masses
    The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
    https://www.darkreading.com/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-masses

    Reply
  16. Tomi Engdahl says:

    Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals
    https://thehackernews.com/2024/08/breaking-down-ad-cs-vulnerabilities.html

    What is Active Directory Certificate Services?#
    Active Directory Certificate Services (“AD CS”), as defined by Microsoft is, “a Windows Server role for issuing and managing public key infrastructure (PKI) certificates used in secure communication and authentication protocols.” Some common features and services that rely on AD CS are:

    The Windows Logon Process
    Enterprise VPN and Wireless Networks
    Email Encryption and Digital Signatures
    Smart Card Authentication
    As companies continue to increase the variety of technologies available within their organizations, AD CS will become more common and more necessary, especially as companies continue to host their services in the cloud. Many AWS, Azure and GCP services require certificate-based authentication to function, so it is expected that AD CS will become an increasingly prominent and required service in modern multi-cloud networks.

    Reply
  17. Tomi Engdahl says:

    Cloudflare Introduces Automatic SSL/TLS to Secure and Simplify Origin Server Connectivity
    https://www.infoq.com/news/2024/08/cloudflare-automatic-ssl-origin/

    Cloudflare recently introduced new Automatic SSL/TLS settings to simplify the provider’s encryption modes for communication with origin servers. This feature offers automatic configuration, ensuring security without risking site downtime.

    Automatic SSL/TLS strengthens the encryption modes between Cloudflare and origin servers by utilizing the Cloudflare SSL/TLS Recommender. This recommender automatically performs a series of requests from Cloudflare to the customer’s origin(s) with different SSL/TLS settings to determine if the backend communication can be upgraded beyond the current configuration.

    Reply
  18. Tomi Engdahl says:

    Exploiting Jenkins RCE Vulnerability (CVE-2024-43044) Via Agents – Technical Analysis
    https://cybersecuritynews.com/exploiting-jenkins-remote-code-vulnerability/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*