Romania’s largest electricity provider Electrica Group is currently responding to a cybersecurity incident, according to a company statement released Monday. Teams of specialists are working with national cybersecurity authorities to manage the situation, while the company assures that critical systems remain unaffected. Electrica group provides essential services to over 4 million users and…
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-11 09:07:002024-12-11 09:07:00Romania’s Electrica Group Responds to Cybersecurity Incident
A thorough investigation published on December 9, 2024, by Check First in collaboration with Reset Tech and EU DisinfoLab, and lastly with significant contributions from independent journalists Luiza Vasiliu and Victor Ilie, has revealed real concerns about digital platform influence during Romania’s presidential election. Their research note, “Ads, Influence, and Democracy: Meta’s Role in…
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-11 09:06:592024-12-11 09:06:59Meta’s Role in Romania’s 2024 Election: A Critical Analysis of Platform Oversight
Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild.
Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020.
Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-11 07:06:562024-12-11 07:06:56U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
Infiltrating other nations’ telecom networks is a cornerstone of China’s geopolitical strategy, and it’s having the unintended consequence of driving the uptake of encrypted communications.
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.
The list of vulnerabilities is as follows –
CVE-2024-11639 (CVSS score: 10.0) – An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
The design of the gun police say they found on the alleged United Healthcare CEO’s killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-11 03:06:512024-12-11 03:06:51The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.
The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device.
The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.
“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7. “Expect more CLFS zero-day vulnerabilities to emerge in the future, at least until Microsoft performs a full replacement of the aging CLFS codebase instead of offering spot fixes for specific flaws.”
Elevation of privilege vulnerabilities accounted for 29% of the 1,009 security bugs Microsoft has patched so far in 2024, according to a year-end tally by Tenable; nearly 40 percent of those bugs were weaknesses that could let attackers run malicious code on the vulnerable device.
Rob Reeves, principal security engineer at Immersive Labs, called special attention to CVE-2024-49112, a remote code execution flaw in the Lightweight Directory Access Protocol (LDAP) service on every version of Windows since Windows 7. CVE-2024-49112 has been assigned a CVSS (badness) score of 9.8 out of 10.
“LDAP is most commonly seen on servers that are Domain Controllers inside a Windows network and LDAP must be exposed to other servers and clients within an enterprise environment for the domain to function,” Reeves said. “Microsoft hasn’t released specific information about the vulnerability at present, but has indicated that the attack complexity is low and authentication is not required.”
Tyler Reguly at the security firm Fortra had a slightly different 2024 patch tally for Microsoft, at 1,088 vulnerabilities, which he said was surprisingly similar to the 1,063 vulnerabilities resolved in 2023 and the 1,119 vulnerabilities resolved in 2022.
“If nothing else, we can say that Microsoft is consistent,” Reguly said. “While it would be nice to see the number of vulnerabilities each year decreasing, at least consistency lets us know what to expect.”
If you’re a Windows end user and your system is not set up to automatically install updates, please take a minute this week to run Windows Update, preferably after backing up your system and/or important data.
System admins should keep an eye on AskWoody.com, which usually has the details if any of the Patch Tuesday fixes are causing problems. In the meantime, if you run into any problems applying this month’s fixes, please drop a note about in the comments below.
The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
New DCOM Attack Exploits Windows Installer for Backdoor Access
/in General NewsSUMMARY Cybersecurity researchers at Deep Instinct have uncovered a novel and powerful Distributed Component Object Model (DCOM) based…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Romania’s Electrica Group Responds to Cybersecurity Incident
/in General NewsRomania’s largest electricity provider Electrica Group is currently responding to a cybersecurity incident, according to a company statement released Monday. Teams of specialists are working with national cybersecurity authorities to manage the situation, while the company assures that critical systems remain unaffected. Electrica group provides essential services to over 4 million users and…
Source
TechSplicer – Read More
Meta’s Role in Romania’s 2024 Election: A Critical Analysis of Platform Oversight
/in General NewsA thorough investigation published on December 9, 2024, by Check First in collaboration with Reset Tech and EU DisinfoLab, and lastly with significant contributions from independent journalists Luiza Vasiliu and Victor Ilie, has revealed real concerns about digital platform influence during Romania’s presidential election. Their research note, “Ads, Influence, and Democracy: Meta’s Role in…
Source
TechSplicer – Read More
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
/in General NewsMicrosoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild.
Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
The Hacker News – Read More
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
/in General NewsThe U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020.
Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been
The Hacker News – Read More
Governments, Telcos Ward Off China’s Hacking Typhoons
/in General NewsInfiltrating other nations’ telecom networks is a cornerstone of China’s geopolitical strategy, and it’s having the unintended consequence of driving the uptake of encrypted communications.
darkreading – Read More
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
/in General NewsIvanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.
The list of vulnerabilities is as follows –
CVE-2024-11639 (CVSS score: 10.0) – An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
The Hacker News – Read More
The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come
/in General NewsThe design of the gun police say they found on the alleged United Healthcare CEO’s killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group.
Security Latest – Read More
Patch Tuesday, December 2024 Edition
/in General NewsMicrosoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.
The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device.
The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.
“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7. “Expect more CLFS zero-day vulnerabilities to emerge in the future, at least until Microsoft performs a full replacement of the aging CLFS codebase instead of offering spot fixes for specific flaws.”
Elevation of privilege vulnerabilities accounted for 29% of the 1,009 security bugs Microsoft has patched so far in 2024, according to a year-end tally by Tenable; nearly 40 percent of those bugs were weaknesses that could let attackers run malicious code on the vulnerable device.
Rob Reeves, principal security engineer at Immersive Labs, called special attention to CVE-2024-49112, a remote code execution flaw in the Lightweight Directory Access Protocol (LDAP) service on every version of Windows since Windows 7. CVE-2024-49112 has been assigned a CVSS (badness) score of 9.8 out of 10.
“LDAP is most commonly seen on servers that are Domain Controllers inside a Windows network and LDAP must be exposed to other servers and clients within an enterprise environment for the domain to function,” Reeves said. “Microsoft hasn’t released specific information about the vulnerability at present, but has indicated that the attack complexity is low and authentication is not required.”
Tyler Reguly at the security firm Fortra had a slightly different 2024 patch tally for Microsoft, at 1,088 vulnerabilities, which he said was surprisingly similar to the 1,063 vulnerabilities resolved in 2023 and the 1,119 vulnerabilities resolved in 2022.
“If nothing else, we can say that Microsoft is consistent,” Reguly said. “While it would be nice to see the number of vulnerabilities each year decreasing, at least consistency lets us know what to expect.”
If you’re a Windows end user and your system is not set up to automatically install updates, please take a minute this week to run Windows Update, preferably after backing up your system and/or important data.
System admins should keep an eye on AskWoody.com, which usually has the details if any of the Patch Tuesday fixes are causing problems. In the meantime, if you run into any problems applying this month’s fixes, please drop a note about in the comments below.
Krebs on Security – Read More
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
/in General NewsThe zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
darkreading – Read More