A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it.
darkreading – Read More
Some of the messages in your Gmail inbox this season are not very nice. Google provides guidance on protecting yourself from the naughty ones.
Latest stories for ZDNET in Security – Read More
Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader.
These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF readers on the market.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. Adobe’s patched this in version 24.005.20320, and Foxit’s patch appears in PDF Editor version 12.1.9/11.2.12.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Discovered by KPC.
Specially crafted font files embedded into a PDF can trigger out-of-bounds memory reads in TALOS-2024-2076 (CVE-2024-49534), TALOS-2024-2070 (CVE-2024-49533), and TALOS-2024-2064 (CVE-2024-49532), which could lead to the disclosure of sensitive information and further exploitation. An attacker must trick the user into opening a malicious file to trigger these vulnerabilities.
Discovered by KPC.
Two use-after-free vulnerabilities exist in the way Foxit Reader handles certain objects. TALOS-2024-2093 (CVE-2024-49576) and TALOS-2024-2094 (CVE-2024-47810) can be triggered by malicious JavaScript code in a PDF file. An attack needs to either trick a user into opening the malicious file, or the user must navigate to a maliciously crafted website while the Foxit browser extension is enabled. This vulnerability can lead to memory corruption and result in arbitrary code execution.
Cisco Talos Blog – Read More
Welcome to the final Threat Source newsletter of 2024.
Watching “Die Hard” during the Christmas season has become a widely recognized tradition for many, despite ongoing debates about its classification as a Christmas movie. I know it isn’t everyone’s cup of tea. Whether you like the movie or not, let me share a story about what didn’t quite go as planned in my family last year.
When some celebrities had their social media accounts compromised, I saw it as the perfect opportunity to introduce my family to the world of multi-factor authentication (MFA) for their online accounts. Our home IT setup is diverse— With Linux, Macs, Windows; Androids, iOS, we needed something cross-platform. Also, we needed a user-friendly solution as we have both standard users and IT experts (never underestimate your users). From my professional standpoint, I decided to go “all in” with hardware tokens – they work cross platform and “survive” one or the other OS installs from scratch. Providing two for each person was mandatory in case one got lost, which had happened to me already. So it wasn’t a cheap exercise. In my defense, this was before the side-channel attack EUCLEAK was discovered, which has since expanded to affect more products as noted in the first release.
In the spirit of John McClane : “Now I know what a TV dinner feels like.”
The kids found the gift “boring” and almost a year later, the adoption rate is still only 30%. Fortunately, my wife had the foresight to prepare real presents for the family, saving Christmas Eve from being a “bad guys win” scenario. (Only John Thor can drive somebody that crazy.)
I share this anecdote not to discourage you, but to help you avoid making the same mistake and risking your celebrations. Unless everyone gathered around the Christmas tree is an infosec professional, it might not be the time to go “Yippee-ki-yay Mr Falcon” with tech gifts.
However, spending time with loved ones is a great opportunity to discuss the trends and importance of cybersecurity. We’ve been highlighting compromised credentials for a long time, as seen in our previous posts [here], [here], [here] and [here]. For the fourth consecutive time in over a year, the most observed means of gaining initial access was the use of valid accounts, making it clear identity-based attacks are becoming more prevalent, and wont be gone anytime soon.
Advocate for the use of a password managers—there are paid versions with family plans on one end, and excellent open-source alternatives on the other. Avoid storing credentials in browsers, as they can be extracted by info-stealers. Consider using passkeys where possible. According to the fido alliance, more than 20% of the world’s top 100 websites support passkeys already. If passkeys are not yet enabled for one of your services? Any MFA is better than none. Even using “just” TOTP in a software container is a significant improvement over just a password.
But it’s not just about enabling MFA. As Martin wrote last week, we need to close the gap by communicating and understanding the the threat landscape. When it comes to stolen credentials, share resources like https://haveibeenpwned.com/ or https://sec.hpi.de/ilc/?lang=en with your loved ones so they can check if their email has been part of a breach.
If you decide not to bother your friends & famliy (though I strongly believe Mbappe, Sweeny and Odenkirk would have preferred a more secure account) with Account/Password Hygiene, there are some more work related recommendations in Hazel’s “How are attackers trying to bypass MFA”
Whichever is your idea of Christmas, then, like Argyle said, “I gotta be here for New Year’s!”
We look forward to seeing you in 2025!
At the time of writing, our Vulnerability Research Team Disclosed 207 Vulnerabilities, and had another 93 reported to the respective Vendor in 2024. Di you know Talos has a team which investigates software and operating system vulnerabilities in order to discover them before malicious threat actors do? Every day, they try to find vulnerabilities that have not yet been discovered, and then work to provide a fix for those before a zero-day threat could ever be executed.
We see threat actors exploiting known vulnerabilities constantly. Sometimes those CVEs are Years old.
Maybe you want to check for some CVEs or conduct a network security assessments.
You can our team’s reports,roundups,spotlights and deep dives on our blog.
Blackhat Europe 2024 took place Dec 9-12 in London, UK. Loaded with a lot of interesting Sessions, my favorites are “Vulnerabilities in the eSIM download protocol” and “Over the Air: Compromise of Modern Volkswagen Group Vehicles” both showing how far an attack surface can possibly extend.
Germany’s Federal Office for Information Security (BSI) says it blocked communication between appr. 30.000 Android IoT Devices which were sold with BadBox malware preinstalled, and their command and control (C2) infrastructure by sinkholing DNS queries (Bleeping Computer)
Law enforcement agencies worldwide disrupted a holiday tradition for cybercriminals: launching Distributed Denial-of-Service (DDoS) attacks. Booter and stresser websites were taken down, administrators were arrested and over 300 users were identified for planned operational activities. (Europool)
The Willow chip is not capable of breaking modern cryptography,” Google’s director of quantum tells The Verge.
Cisco Live EMEA (February 9-14, 2025)
Amsterdam, Netherlands
SHA256:873ee789a177e59e7f82d3030896b1efdebe468c2dfa02e41ef94978aadf006f
MD5: d86808f6e519b5ce79b83b99dfb9294d
VirusTotal:
https://www.virustotal.com/gui/file/873ee789a177e59e7f82d3030896b1efdebe468c2dfa02e41ef94978aadf006f
Typical Filename: n/a
Claimed Product: n/a
Detection Name: Win32.Trojan-Stealer.Petef.FPSKK8
SHA256:9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal:
https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Claimed Product: n/a
Detection Name: Win.Worm.Bitmin-9847045-0
SHA 256:
7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5
MD5: ff1b6bb151cf9f671c929a4cbdb64d86
VirusTotal: https://www.virustotal.com/gui/file/7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5
Typical Filename: endpoint.query
Claimed Product: Endpoint-Collector
Detection Name: W32.File.MalParent
SHA256:47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca
MD5: 71fea034b422e4a17ebb06022532fdde
VirusTotal: https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca
Typical Filename: VID001.exe
Claimed Product: n/a
Detection Name: Coinminer:MBT.26mw.in14.Talos
SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
MD5:
7bdbd180c081fa63ca94f9c22c457376
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
Typical Filename: IMG001.exe
Claimed Product: N/A
Detection Name: Trojan/Win32.CoinMiner.R174018
Cisco Talos Blog – Read More
Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.
darkreading – Read More
Benchmarking is all about taking back control – you’re measuring to gain complete awareness of your development teams’ security skills and practices.
The post How to Implement Impactful Security Benchmarks for Software Development Teams appeared first on SecurityWeek.
SecurityWeek – Read More
Seemingly innocent “white pages,” including an elaborate Star Wars-themed site, are bypassing Google’s malvertising filters, showing up high in search results to lure users to second-stage phishing sites.
darkreading – Read More
Rostislav Panev, accused of working with the LockBit gang as a developer, has been in Israeli custody since August, and the U.S. wants to extradite him, according to a news report.
The Record from Recorded Future News – Read More
Sonic, the leading gaming SVM on Solana, and Injective, a WASM-based L1 network, today announced that they will…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.
darkreading – Read More