‘Magnet Goblin’ Exploits Ivanti 1-Day Bug in Mere Hours

A prolific but previously hidden threat actor turns public vulnerabilities into working exploits before companies have time to patch.

darkreading – ​Read More

US Lawmaker Cited NYC Protests in a Defense of Warrantless Spying

A closed-door presentation for House lawmakers late last year portrayed American anti-war protesters as having possible ties to Hamas in an effort to kill privacy reforms to a major US spy program.

Security Latest – ​Read More

Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update

Microsoft has disclosed fewer flaws and zero-days in the first three months of 2024 compared with the first quarter of the prior four years.

darkreading – ​Read More

Patch Tuesday, March 2024 Edition

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws.

Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). The security updates are available in iOS 17.4, iPadOS 17.4, and iOS 16.7.6.

Apple’s macOS Sonoma 14.4 Security Update addresses dozens of security issues. Jason Kitka, chief information security officer at Automox, said the vulnerabilities patched in this update often stem from memory safety issues, a concern that has led to a broader industry conversation about the adoption of memory-safe programming languages [full disclosure: Automox is an advertiser on this site].

On Feb. 26, 2024, the Biden administration issued a report that calls for greater adoption of memory-safe programming languages. On Mar. 4, 2024, Google published Secure by Design, which lays out the company’s perspective on memory safety risks.

Mercifully, there do not appear to be any zero-day threats hounding Windows users this month (at least not yet). Satnam Narang, senior staff research engineer at Tenable, notes that of the 60 CVEs in this month’s Patch Tuesday release, only six are considered “more likely to be exploited” according to Microsoft.

Those more likely to be exploited bugs are mostly “elevation of privilege vulnerabilities” including CVE-2024-26182 (Windows Kernel), CVE-2024-26170 (Windows Composite Image File System (CimFS), CVE-2024-21437 (Windows Graphics Component), and CVE-2024-21433 (Windows Print Spooler).

Narang highlighted CVE-2024-21390 as a particularly interesting vulnerability in this month’s Patch Tuesday release, which is an elevation of privilege flaw in Microsoft Authenticator, the software giant’s app for multi-factor authentication. Narang said a prerequisite for an attacker to exploit this flaw is to already have a presence on the device either through malware or a malicious application.

“If a victim has closed and re-opened the Microsoft Authenticator app, an attacker could obtain multi-factor authentication codes and modify or delete accounts from the app,” Narang said. “Having access to a target device is bad enough as they can monitor keystrokes, steal data and redirect users to phishing websites, but if the goal is to remain stealth, they could maintain this access and steal multi-factor authentication codes in order to login to sensitive accounts, steal data or hijack the accounts altogether by changing passwords and replacing the multi-factor authentication device, effectively locking the user out of their accounts.”

CVE-2024-21334 earned a CVSS (danger) score of 9.8 (10 is the worst), and it concerns a weakness in Open Management Infrastructure (OMI), a Linux-based cloud infrastructure in Microsoft Azure. Microsoft says attackers could connect to OMI instances over the Internet without authentication, and then send specially crafted data packets to gain remote code execution on the host device.

CVE-2024-21435 is a CVSS 8.8 vulnerability in Windows OLE, which acts as a kind of backbone for a great deal of communication between applications that people use every day on Windows, said Kevin Breen, senior director of threat research at Immersive Labs.

“With this vulnerability, there is an exploit that allows remote code execution, the attacker needs to trick a user into opening a document, this document will exploit the OLE engine to download a malicious DLL to gain code execution on the system,” Breen explained. “The attack complexity has been described as low meaning there is less of a barrier to entry for attackers.”

A full list of the vulnerabilities addressed by Microsoft this month is available at the SANS Internet Storm Center, which breaks down the updates by severity and urgency.

Finally, Adobe today issued security updates that fix dozens of security holes in a wide range of products, including Adobe Experience Manager, Adobe Premiere Pro, ColdFusion 2023 and 2021, Adobe Bridge, Lightroom, and Adobe Animate. Adobe said it is not aware of active exploitation against any of the flaws.

By the way, Adobe recently enrolled all of its Acrobat users into a “new generative AI feature” that scans the contents of your PDFs so that its new “AI Assistant” can  “understand your questions and provide responses based on the content of your PDF file.” Adobe provides instructions on how to disable the AI features and opt out here.

Krebs on Security – ​Read More

GAO: CISA’s OT Teams Inadequately Staffed

The response teams have a staging shortage, leaving them ill-prepared to take on significant threats from different places at once.

darkreading – ​Read More

Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server 

Microsoft ships patches for at least 60 security vulnerabilities in the Windows ecosystem and warned of remote code execution risks.

The post Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server  appeared first on SecurityWeek.

SecurityWeek – ​Read More

FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

By Waqas

The February 2024 Global Threat Index report released by Check Point Software Technologies Ltd. exposes the alarming vulnerability of cybersecurity worldwide.

This is a post from HackRead.com Read the original post: FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Steadybit’s Chaos Engineering Platform Attracts $6M in Series A Funding

By simulating disturbances and potential failures, Steadybit helps organizations preempt and mitigate system vulnerabilities, ultimately improving performance and user experience.

Cyware News – Latest Cyber News – ​Read More

Tax-Related Scams Escalate as Filing Deadline Approaches

Scammers are taking advantage of the rush to file personal federal income tax returns, using tactics such as impersonation, phone calls, tax identity theft, phishing scams, and unethical tax return preparers.

Cyware News – Latest Cyber News – ​Read More

EquiLend Ransomware Attack Leads to Data Breach 

EquiLend is informing its employees that their personal information was compromised in a January ransomware attack.

The post EquiLend Ransomware Attack Leads to Data Breach  appeared first on SecurityWeek.

SecurityWeek – ​Read More