BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come
/in General NewsThe design of the gun police say they found on the alleged United Healthcare CEO’s killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group.
Security Latest – Read More
Patch Tuesday, December 2024 Edition
/in General NewsMicrosoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.
The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device.
The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.
“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7. “Expect more CLFS zero-day vulnerabilities to emerge in the future, at least until Microsoft performs a full replacement of the aging CLFS codebase instead of offering spot fixes for specific flaws.”
Elevation of privilege vulnerabilities accounted for 29% of the 1,009 security bugs Microsoft has patched so far in 2024, according to a year-end tally by Tenable; nearly 40 percent of those bugs were weaknesses that could let attackers run malicious code on the vulnerable device.
Rob Reeves, principal security engineer at Immersive Labs, called special attention to CVE-2024-49112, a remote code execution flaw in the Lightweight Directory Access Protocol (LDAP) service on every version of Windows since Windows 7. CVE-2024-49112 has been assigned a CVSS (badness) score of 9.8 out of 10.
“LDAP is most commonly seen on servers that are Domain Controllers inside a Windows network and LDAP must be exposed to other servers and clients within an enterprise environment for the domain to function,” Reeves said. “Microsoft hasn’t released specific information about the vulnerability at present, but has indicated that the attack complexity is low and authentication is not required.”
Tyler Reguly at the security firm Fortra had a slightly different 2024 patch tally for Microsoft, at 1,088 vulnerabilities, which he said was surprisingly similar to the 1,063 vulnerabilities resolved in 2023 and the 1,119 vulnerabilities resolved in 2022.
“If nothing else, we can say that Microsoft is consistent,” Reguly said. “While it would be nice to see the number of vulnerabilities each year decreasing, at least consistency lets us know what to expect.”
If you’re a Windows end user and your system is not set up to automatically install updates, please take a minute this week to run Windows Update, preferably after backing up your system and/or important data.
System admins should keep an eye on AskWoody.com, which usually has the details if any of the Patch Tuesday fixes are causing problems. In the meantime, if you run into any problems applying this month’s fixes, please drop a note about in the comments below.
Krebs on Security – Read More
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
/in General NewsThe zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
darkreading – Read More
Multiple Cleo file transfer products being exploited by hackers
/in General NewsThe vulnerability — CVE-2024-50623 — was recently patched by software developer Cleo and affects the company’s LexiCom, VLTransfer and Harmony products. However, researchers at cybersecurity firm Huntress say the patch “does not mitigate the software flaw.”
The Record from Recorded Future News – Read More
Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
/in General NewsPatch Tuesday: Redmond patches 71 security flaws and calls immediate attention to an exploited Windows zero-day reported by CrowdStrike.
The post Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
‘Termite’ Ransomware Likely Behind Cleo Zero-Day Attacks
/in General NewsThe threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.
darkreading – Read More
Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware
/in General NewsThe Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Adobe Patches Over 160 Vulnerabilities Across 16 Products
/in General NewsAdobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect.
The post Adobe Patches Over 160 Vulnerabilities Across 16 Products appeared first on SecurityWeek.
SecurityWeek – Read More
Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability
/in General NewsA critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
US sanctions Chinese cyber firm for compromising ‘thousands’ of firewalls in 2020
/in General NewsSichuan Silence Information Technology Company and one of its employees, Guan Tianfeng, were the targets of the sanctions, and the Justice Department indicted Guan for his role in the attacks. The State Department also issued a $10 million reward for additional information on the company or Guan.
The Record from Recorded Future News – Read More