AI-Augmented Email Analysis Spots Latest Scams, Bad Content
Multimodal AI systems can help enterprise defenders weed out fraudulent emails, even if the system has not seen that type of message before.
darkreading – Read More
Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project
Cisco Talos’ Vulnerability Research team recently disclosed six new security vulnerabilities across a range of software, including one in a popular PDF reader that could lead to arbitrary code execution.
Foxit PDF Reader, one of the most popular alternatives to Adobe Acrobat, contains a memory corruption vulnerability that could allow an adversary to execute code on the targeted machine.
Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Use-after-free vulnerability in Foxit PDF Reader
Discovered by KPC.
A use-after-free vulnerability in Foxit PDF Reader could lead to memory corruption and eventually arbitrary code execution on the targeted machine.
TALOS-2024-1967 (CVE-2024-28888) can be triggered if an adversary tricks a user into opening a specially crafted PDF that contains malicious JavaScript. Exploitation could also occur if the targeted user visits an attacker-controlled website with the Foxit PDF Reader browser extension enabled.
Multiple vulnerabilities in GNOME project library could lead to code execution
Two vulnerabilities in the G Structured File Library (libgsf) could lead to arbitrary code execution.
This GNOME project supports an abstraction layer around different structure file formats such as .tar and .zip.
TALOS-2024-2068 (CVE-2024-36474) is an integer overflow vulnerability that could allow an out-of-bounds index to be used when reading and writing to an array. This could lead to arbitrary code execution if an adversary exploited it appropriately.
TALOS-2024-2069 (CVE-2024-42415) works similarly, but in this case, it arises when the software processes the sector allocation table.
An adversary could exploit both these vulnerabilities by tricking the targeted user into opening a malicious, specially crafted file.
Three vulnerabilities in Veertu Anka Build
Discovered by KPC.
Veertu’s Anka Build software contains three vulnerabilities, two of which are directory traversal issues.
Anka Build is a suite of software designed to test macOS and iOS applications in CI/CD environments. The suite is a centralized dashboard for managing nodes, VM instances, templates, tags and logs.
This software contains two directory traversal vulnerabilities — TALOS-2024-2059 (CVE-2024-41163) and TALOS-2024-2061 (CVE-2024-41922) — that could lead to the disclosure of arbitrary files. An adversary could exploit these vulnerabilities by sending the target a specially crafted HTTP request.
Another vulnerability, TALOS-2024-2060 (CVE-2024-39755), is a privilege escalation issue that could allow a low-privileged user to force the software to update, potentially raising their access to that of a root user.
Cisco Talos Blog – Read More
Human Security Banks Another $50M in Growth Funding
New York anti-bot firm says new investment will drive adoption of AI techniques and expand into digital account protection and media security.
The post Human Security Banks Another $50M in Growth Funding appeared first on SecurityWeek.
SecurityWeek – Read More
US Agencies Warn Political Campaigns of Iranian Phishing Attacks
CISA and the FBI have issued a warning on Iranian phishing attacks targeting national political organizations and campaigns.
The post US Agencies Warn Political Campaigns of Iranian Phishing Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
OEMs Are Urged to Address Vulnerabilities in Device Communication
Overview
Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google’s Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE-2024-43047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role in device communication processes. Exploitation of this vulnerability can lead to severe security breaches, potentially allowing unauthorized access to sensitive data.
Considering this, original equipment manufacturers (OEMs) have received patches designed to rectify this flaw, and they are strongly encouraged to implement these updates without delay. Users concerned about the implications of this vulnerability should contact their device manufacturers for specific patch details and guidance.
Google has publicly acknowledged the contributions of various researchers who have been instrumental in identifying and reporting several critical security flaws. Among these notable contributions is CVE-2024-33066, identified by Claroty Research in partnership with Trend Micro. This collaboration highlights the importance of teamwork in discovering and mitigating potential threats.
Another key vulnerability, CVE-2024-21455, was reported by Seth Jenkins from Google Project Zero, demonstrating the ongoing commitment of researchers to enhance security measures across various platforms. Additionally, Xiling Gong identified CVE-2024-38399, further contributing to the collective knowledge needed to protect users against cybersecurity threats.
Most prominently, CVE-2024-43047 was brought to light by a team that included Seth Jenkins, Conghui Wang, and the Amnesty International Security Lab.
Overview of Vulnerabilities and Patches
Recent vulnerability assessments have revealed a concerning mix of high- and moderate-impact vulnerabilities across proprietary and open-source software. Understanding the nature and severity of these vulnerabilities is critical for grasping their potential impact on device security.
Among the high-impact vulnerabilities, CVE-2024-33066, associated with the WLAN Resource Manager, stands out. This critical flaw was reported on September 6, 2023, and has been assigned a CVSS score of 9.8, indicating its severe nature. Another vulnerability is CVE-2024-21455, related to the DSP Service. Reported on June 11, 2024, it carries a high-security rating with a CVSS score of 8.0.
Moderate impact vulnerabilities have also been identified, including CVE-2024-23375, which relates to the Radio Interface Layer. This issue was flagged on November 27, 2023, and is rated medium with a CVSS score of 5.5. Another moderate vulnerability, CVE-2024-38425, related to performance, was reported on January 23, 2024.
A detailed analysis of critical vulnerabilities reveals specific challenges that need to be addressed. For instance, CVE-2024-33064 involves a buffer over-read in WLAN host communication, which could allow for information disclosure during data transmission. Another vulnerability, CVE-2024-33069, is characterized as a “Use After Free” issue that can lead to a transient denial of service, disrupting communication between devices. Additionally, CVE-2024-38399 highlights a similar “Use After Free” vulnerability in graphics processing, which can result in memory corruption and negatively impact device functionality.
Moreover, vulnerabilities related to multimedia and power management integrated circuits (ICs) require attention, as they pose risks to device integrity and user privacy.
Conclusion
The ongoing battle against cybersecurity threats requires a collective effort from researchers, manufacturers, and users alike. As demonstrated by the vulnerabilities highlighted in the latest report from Google’s Threat Analysis Group, proactive measures and timely patch implementations are key to maintaining secure systems.
Recommendations and Mitigations
Users should stay informed about vulnerabilities affecting their devices.
Regular updates and patch installations are crucial for mitigating risks associated with known vulnerabilities.
Engaging with device manufacturers for patch information is essential.
Timely updates can significantly reduce the potential for exploitation.
Manufacturers must prioritize the deployment of patches.
Quick implementation of security measures protects end-users.
Prompt action also upholds manufacturers’ reputations in a security-conscious market.
The post OEMs Are Urged to Address Vulnerabilities in Device Communication appeared first on Cyble.
Blog – Cyble – Read More
Sui to Make Native USDC Available Through NAVI Protocol
The Sui Foundation supports native USDC on the Sui network with $120M in liquidity, marking the 3rd largest…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Dragonz Lab Secures $9M from Syndicate Capital to Boost ‘Dragonz Land’ Ecosystem
Abu Dhabi, UAE, October 9, 2024 – Dragonz Lab, a Web3 gaming studio originating from the UK, today…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Building Cyber Resilience in SMBs With Limited Resources
With careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengths.
darkreading – Read More
Improving SecOps: How Simplification, Visibility, and Analytics Can Drive Success
How simplifying complexity, enhancing visibility, and empowering analysis can address key challenges in modern cybersecurity operations and investigations.
The post Improving SecOps: How Simplification, Visibility, and Analytics Can Drive Success appeared first on SecurityWeek.
SecurityWeek – Read More