Car dealership AutoNation has informed the SEC that the CDK Global ransomware attack impacted its quarterly earnings.
The post AutoNation Says CDK Global Ransomware Attack Impacted Earnings appeared first on SecurityWeek.
SecurityWeek – Read More
Frank Kim and Charles Blauner are responsible for security at both their own company and for the companies in which their firms invest.
The post CISO Conversations: Frank Kim (YL Ventures) and Charles Blauner (Team8) appeared first on SecurityWeek.
SecurityWeek – Read More
The Viture One XR glasses expand your viewing experience and are now just $299 for Amazon Prime Day.
Latest news – Read More
Are you looking for an Android 13 phone that offers thermal imaging, night vision, and won’t break the bank? Get this on Amazon Prime Day for $350.
Latest news – Read More
As part of its latest Patch Tuesday, Microsoft has released patches for 142 vulnerabilities. Among them were four zero-day vulnerabilities. While two of them were already publicly known, the other two had been actively exploited by malicious actors.
Interestingly, one of these zero-days, which supposedly had been used to steal passwords for the past 18 months, was found in Internet Explorer. Yes — that same browser that Microsoft stopped developing back in 2015 and promised to definitively, absolutely, for-sure bury in February 2023. Unfortunately, the patient proved to be stubborn — resisting its own funeral.
Last year, I wrote about what the latest attempt to kill off Internet Explorer actually entailed. I’ll just give a brief version here; you can find the full story at the link. With the “farewell” update, Microsoft didn’t remove the browser from the system but merely disabled it (and even then, not in all versions of Windows).
In practice, this means that Internet Explorer is still lurking within the system; users just can’t launch it as a standalone browser. Therefore, any new vulnerabilities found in this supposedly defunct browser can still pose a threat to Windows users — even those who haven’t touched Internet Explorer in years.
Now let’s talk about the discovered vulnerability CVE-2024-38112. This is a flaw in the MSHTML browser engine, which powers Internet Explorer. The vulnerability has a rating of 7.5 out of 10 on the CVSS 3 scale, and a “high” severity level.
To exploit the vulnerability, attackers need to create a malicious file in an innocent-looking internet shortcut format (.url, Windows Internet Shortcut File), containing a link with the mhtml prefix. When a user opens this file, Internet Explorer — whose security mechanisms aren’t very good — is launched instead of the default browser.
To better understand how this vulnerability works, let’s look at the attack in which it was discovered. It all starts with the user being sent an .url file with the icon used for PDFs and the double extension .pdf.url.
Inside the malicious .url file, you can see a link with the “vulnerable” mhtml prefix. The last two lines are responsible for changing the icon to the one used for PDFs. Source
Thus, to the user, this file looks like a shortcut to a PDF — something seemingly harmless. If the user clicks on the file, the CVE-2024-38112 vulnerability is exploited. Due to the mhtml prefix in the .url file, it opens in Internet Explorer rather than the system’s default browser.
Attempting to open the malicious file launches Internet Explorer. Source
The problem is that in the corresponding dialog box, Internet Explorer shows the name of the same .url file pretending to be a PDF shortcut. So it’s logical to assume that after clicking “Open”, a PDF will be displayed. However, in reality, the shortcut opens a link that downloads and launches an HTA file.
This is an HTML application, a program in one of the scripting languages invented by Microsoft. Unlike ordinary HTML web pages, such scripts run as full-fledged applications and can do a lot of things — for example, edit files or the Windows registry. In short, they’re very dangerous.
When this file is launched, Internet Explorer displays a not-so-informative warning in a format familiar to Windows users, which many will simply dismiss.
Instead of opening a PDF file, a malicious HTA (HTML Application) is launched, accompanied by an uninformative Internet Explorer warning. Source
When the user clicks “Allow”, infostealer malware is launched on the user’s computer, collecting passwords, cookies, browsing history, crypto wallet keys, and other valuable information stored in the browser, and sending them to the attackers’ server.
Microsoft has already patched this vulnerability. Installing the update ensures that the trick with mhtml in .url files will no longer work, and such files will henceforth open in the more secure Edge browser.
Nevertheless, this incident once again reminds us that the “deceased” browser will continue to haunt Windows users for the foreseeable future. In that regard, it’s advisable to promptly install all updates related to Internet Explorer and the MSHTML engine. As well as to use reliable security solutions on all Windows devices.
Kaspersky official blog – Read More
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server.
The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team.
“They
The Hacker News – Read More
The Anker Solix C800 Plus has a trick up its sleeve that I wish more portable power stations had, and it’s now only $399 in the Amazon Prime Day sales.
Latest news – Read More
Disney has launched an investigation after a hacker group named NullBulge leaked data allegedly stolen from the company.
The post Disney Investigating Hacker Group’s Data Theft Claims appeared first on SecurityWeek.
SecurityWeek – Read More
A coordinated wave of DNS hijacking attacks recently targeted decentralized finance (DeFi) cryptocurrency domains. Attackers used the Squarespace registrar to redirect visitors to phishing sites that aimed to steal cryptocurrency and NFTs.
Cyware News – Latest Cyber News – Read More
Pininfarina’s hybrid entry boasts excellent hardware and watch software, with a design that will make you look twice. The Amazon Prime Day deal won’t last as long as the battery.
Latest news – Read More
