In “Living off the Land attacks,” adversaries use USB devices to infiltrate industrial control systems. Cyberthreats from silent residency attacks put critical infrastructure facilities at risk.
The post A Major Industrial Cybersecurity Threat: Living off the Land Attacks appeared first on Security Boulevard.
Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.
The post ‘Pumpkin Eclipse’ — 600,000+ Rural ISP Routers Bricked Beyond Repair appeared first on Security Boulevard.
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.
A frame from one of three animated videos released today in connection with Operation Endgame.
Operation Endgame targets the cybercrime ecosystem supporting droppers/loaders, slang terms used to describe tiny, custom-made programs designed to surreptitiously install malware onto a target system. Droppers are typically used in the initial stages of a breach, and they allow cybercriminals to bypass security measures and deploy additional harmful programs, including viruses, ransomware, or spyware.
Droppers like IcedID are most often deployed through email attachments, hacked websites, or bundled with legitimate software. For example, cybercriminals have long used paid ads on Google to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader and Discord. In those cases, the dropper is the hidden component bundled with the legitimate software that quietly loads malware onto the user’s system.
Droppers remain such a critical, human-intensive component of nearly all major cybercrime enterprises that the most popular have turned into full-fledged cybercrime services of their own. By targeting the individuals who develop and maintain dropper services and their supporting infrastructure, authorities are hoping to disrupt multiple cybercriminal operations simultaneously.
According to a statement from the European police agency Europol, between May 27 and May 29, 2024 authorities arrested four suspects (one in Armenia and three in Ukraine), and disrupted or took down more than 100 Internet servers in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, United States and Ukraine. Authorities say they also seized more than 2,000 domain names that supported dropper infrastructure online.
In addition, Europol released information on eight fugitives suspected of involvement in dropper services and who are wanted by Germany; their names and photos were added to Europol’s “Most Wanted” list on 30 May 2024.
A “wanted” poster including the names and photos of eight suspects wanted by Germany and now on Europol’s “Most Wanted” list.
“It has been discovered through the investigations so far that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware,” Europol wrote. “The suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained.”
There have been numerous such coordinated malware takedown efforts in the past, and yet often the substantial amount of coordination required between law enforcement agencies and cybersecurity firms involved is not sustained after the initial disruption and/or arrests.
But a new website erected to detail today’s action — operation-endgame.com — makes the case that this time is different, and that more takedowns and arrests are coming. “Operation Endgame does not end today,” the site promises. “New actions will be announced on this website.”
A message on operation-endgame.com promises more law enforcement and disruption actions.
Perhaps in recognition that many of today’s top cybercriminals reside in countries that are effectively beyond the reach of international law enforcement, actions like Operation Endgame seem increasingly focused on mind games — i.e., trolling the hackers.
Writing in this month’s issue of Wired, Matt Burgess makes the case that Western law enforcement officials have turned to psychological measures as an added way to slow down Russian hackers and cut to the heart of the sweeping cybercrime ecosystem.
“These nascent psyops include efforts to erode the limited trust the criminals have in each other, driving subtle wedges between fragile hacker egos, and sending offenders personalized messages showing they’re being watched,” Burgess wrote.
When authorities in the U.S. and U.K. announced in February 2024 that they’d infiltrated and seized the infrastructure used by the infamous LockBit ransomware gang, they borrowed the existing design of LockBit’s victim shaming website to link instead to press releases about the takedown, and included a countdown timer that was eventually replaced with the personal details of LockBit’s alleged leader.
The feds used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools.
The Operation Endgame website also includes a countdown timer, which serves to tease the release of several animated videos that mimic the same sort of flashy, short advertisements that established cybercriminals often produce to promote their services online. At least two of the videos include a substantial amount of text written in Russian.
The coordinated takedown comes on the heels of another law enforcement action this week against what the director of the FBI called “likely the world’s largest botnet ever.” On Wednesday U.S. Department of Justice (DOJ) announced the arrest of YunHe Wang, the alleged operator of the ten-year-old online anonymity service 911 S5. The government also seized 911 S5’s domains and online infrastructure, which allegedly turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime.
The TrickBot botnet and other malware droppers have been targeted by international law enforcement in Operation Endgame.
The post TrickBot and Other Malware Droppers Disrupted by Law Enforcement appeared first on SecurityWeek.
Source: securityboulevard.com – Author: Madison Steel Introduction Small and medium-sized businesses (SMBs) are increasingly becoming targets for sophisticated cyberattacks. One of the emerging threats observed in recent years is the combination of QakBot, Cobalt Strike, and SystemBC leading to the deployment of Black Basta ransomware. At AttackIQ, we understand the importance of proactive security measures, […]
La entrada Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Sectrio If there were any doubts earlier, 2023 has shown us how important OT systems are. Operational technology has become one of the most crucial factors for safeguarding critical infrastructure – from electrical grids, transportation networks, and manufacturing plants to water treatment facilities. OT is now a part of most industrial […]
La entrada 2023 OT Cybersecurity Roundup—Strategies for 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Small and medium-sized businesses are increasingly targeted by sophisticated cyberattacks like QakBot and Black Basta ransomware. Discover how AttackIQ Flex's latest package helps you test your defenses, uncover vulnerabilities, and stay ahead of these advanced threats. Enhance your security posture with real-world attack scenarios and actionable insights. Read on to learn more and register for free today!
The post Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware appeared first on AttackIQ.
The post Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware appeared first on Security Boulevard.
Read more of this story at Slashdot.
Source: securityboulevard.com – Author: Wajahat Raja Recent reports claim that the Microsoft Threat Intelligence team stated that a cybercriminal group, identified as Storm-1811, has been exploiting Microsoft’s Quick Assist tool in a series of social engineering attacks. This group is known for deploying the Black Basta ransomware attack. On May 15, 2024, Microsoft released details […]
La entrada Black Basta Ransomware Attack: Microsoft Quick Assist Flaw – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Recent reports claim that the Microsoft Threat Intelligence team stated that a cybercriminal group, identified as Storm-1811, has been exploiting Microsoft’s Quick Assist tool in a series of social engineering attacks. This group is known for deploying the Black Basta ransomware attack. On May 15, 2024, Microsoft released details about how this financially motivated group […]
The post Black Basta Ransomware Attack: Microsoft Quick Assist Flaw appeared first on TuxCare.
The post Black Basta Ransomware Attack: Microsoft Quick Assist Flaw appeared first on Security Boulevard.
Episode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsoft’s Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by […]
The post Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy appeared first on Shared Security Podcast.
The post Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy appeared first on Security Boulevard.
Read more of this story at Slashdot.
Views: 0Source: www.securityweek.com – Author: Ionut Arghire Thousands of computers are at risk of complete takeover after hackers added a backdoor to the installer for the Justice AV Solutions (JAVS) Viewer software, Rapid7 warned in an advisory. According to Rapid7, the hackers injected a backdoor in the JAVS Viewer v8.3.7 installer that is being distributed […]
La entrada JAVS Courtroom Audio-Visual Software Installer Serves Backdoor – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover.
The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek.
Source: www.cybertalk.org – Author: slandau By Antoinette Hodes, Office of the CTO, Check Point Software Technologies. The dark web has evolved into a clandestine marketplace where illicit activities flourish under the cloak of anonymity. Due to its restricted accessibility, the dark web exhibits a decentralized structure with minimal enforcement of security controls, making it a […]
La entrada How the Internet of Things (IoT) became a dark web target – and what to do about it – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Privacy FAIL: Apple location service returns far more data than it should, to people who have no business knowing it, without your permission.
The post Apple API Allows Wi-Fi AP Location Tracking appeared first on Security Boulevard.
Enlarge / Scarlett Johansson attends the Golden Heart Awards in 2023. (credit: Sean Zanni / Contributor | Patrick McMullan)
OpenAI is sticking to its story that it never intended to copy Scarlett Johansson's voice when seeking an actor for ChatGPT's "Sky" voice mode.
The company provided The Washington Post with documents and recordings clearly meant to support OpenAI CEO Sam Altman's defense against Johansson's claims that Sky was made to sound "eerily similar" to her critically acclaimed voice acting performance in the sci-fi film Her.
Johansson has alleged that OpenAI hired a soundalike to steal her likeness and confirmed that she declined to provide the Sky voice. Experts have said that Johansson has a strong case should she decide to sue OpenAI for violating her right to publicity, which gives the actress exclusive rights to the commercial use of her likeness.
Under the new U.S. Cyber Trust Mark Initiative, manufacturers can affix the label on their products if they meet federal cybersecurity standards.
The post Cybersecurity Labeling for Smart Devices Aims to Help People Choose Items Less Likely to be Hacked appeared first on SecurityWeek.
Enlarge (credit: Microsoft)
Here at Ars, we’ve been around long enough to chronicle every single time that Microsoft has tried to get Windows running on Arm-based processors, instead of the Intel and AMD-made x86 chips that have been synonymous with Windows for more than three decades. The most significant attempts happened in 2012 with Windows RT, which looked like Windows 8 but couldn’t run any x86 Windows apps; and in 2017 when Windows 10 Arm PCs arrived with rudimentary x86 emulation.
The main PC company backing each of those Arm efforts was Microsoft itself, which launched the original Surface to showcase Windows RT and the first Surface Pro X during the Windows 10 era. Since then, Microsoft has periodically refreshed the Arm version of the Surface tablet while continuing to sell Intel versions. A couple of PC OEMs put out Windows RT tablets, and most of them took a stab at one or two Windows 10-into-11-era Arm PCs. But there was never a big unified push that made it clear that the entire consumer PC ecosystem had bought into Arm.
This week’s announcements felt different—yes, there was a new Surface Pro and Surface Laptop from Microsoft leading the charge (and the new Surface Pro is the first Surface Pro ever to ship Arm as the default option for most people). But the Surface launch was accompanied by a major wave of systems from essentially every major PC OEM, suggesting at least some level of elevated enthusiasm for the Snapdragon X series that didn’t exist for older Arm chips.
Rockwell Automation is concerned about internet-exposed ICS due to heightened geopolitical tensions and adversarial cyber activity globally.
The post Rockwell Automation Urges Customers to Disconnect ICS From Internet appeared first on SecurityWeek.
Claroty shows how Honeywell ControlEdge Virtual UOC vulnerability can be exploited for unauthenticated remote code execution.
The post Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution appeared first on SecurityWeek.
Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it’s one that Microsoft was willing to make this week at its “Build” developer conference.
On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.
This is “Recall,” a much-advertised feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023. With Recall on the new Copilot+ PCs, users no longer need to manage and remember their own browsing and chat activity. Instead, by regularly taking and storing screenshots of a user’s activity, the Copilot+ PCs can comb through that visual data to deliver answers to natural language questions, such as “Find the site with the white sneakers,” and “blue pantsuit with a sequin lace from abuelita.”
As any regularly updated repository of device activity poses an enormous security threat—imagine hackers getting access to a Recall database and looking for, say, Social Security Numbers, bank account info, and addresses—Microsoft has said that all Recall screenshots are encrypted and stored locally on a device.
But, in terms of security, that’s about all users will get, as Recall will not detect and obscure passwords, shy away from recording pornographic material, or turn a blind eye to sensitive information.
“Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”
The consequences of such a system could be enormous.
With Recall, a CEO’s personal laptop could become an even more enticing target for hackers equipped with infostealers, a journalist’s protected sources could be within closer grasp of an oppressive government that isn’t afraid to target dissidents with malware, and entire identities could be abused and impersonated by a separate device user.
In fact, Recall seems to only work best in a one-device-per-person world. Though Microsoft explained that its Copilot+ PCs will only record Recall snapshots to specific device accounts, plenty of people share devices and accounts. For the domestic abuse survivor who is forced to share an account with their abuser, for the victim of theft who—like many people—used a weak device passcode that can easily be cracked, and for the teenager who questions their identity on the family computer, Recall could be more of a burden than a benefit.
For Malwarebytes General Manager of Consumer Business Unit Mark Beare, Recall raises yet another issue:
“I worry that we are heading to a social media 2.0 like world.”
When users first raced to upload massive quantities of sensitive, personal data onto social media platforms more than 10 years ago, they couldn’t predict how that data would be scrutinized in the future, or how it would be scoured and weaponized by cybercriminals, Beare said.
“With AI there will be a strong pull to put your full self into a model (so it knows you),” Beare said. “I don’t think it’s easy to understand all the negative aspects of what can happen from doing that and how bad actors can benefit.”
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Enlarge / In the recent past, you'd have to rely on your kid sibling to deliver Minecraft commentary like "Oh no, it's a zombie. Run!" (credit: Microsoft)
Longtime gamers (and/or Game Grumps fans) likely know that even single-player games can be a lot more fun with a friend hanging out nearby to offer advice, shoot the breeze, or just offer earnest reactions to whatever's happening on screen. Now, Microsoft is promising that its GhatGPT-4o-powered Copilot system will soon offer an imitation of that pro-social experience even for Minecraft players who don't have any human friends available to watch them play.
In a pair of social media posts Monday, Microsoft highlighted how "real-time conversations with your AI companion copilot" can enhance an otherwise solitary Minecraft experience. In the first demo, the disembodied copilot voice tells the player how to craft a sword, walking him through the process of gathering some wood or stone to go with the sticks sitting in his inventory. In another, the AI identifies a zombie in front of the player and gives the (seemingly obvious) advice to run away from the threat and "make sure it can't reach you" by digging underground or building a tower of blocks.
Real time conversations with your AI companion Copilot, powered by OpenAI’s GPT-4o. pic.twitter.com/Ug7EWv2sah
— Microsoft Copilot (@MSFTCopilot) May 20, 2024
These kinds of in-game pointers aren't the most revolutionary use of conversational AI—even a basic in-game tutorial/reference system or online walkthrough could deliver the same basic information, after all. Still, the demonstration stands out for just how that information is delivered to the player through a natural language conversation that doesn't require pausing the gameplay even briefly.
The EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.
The post EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems appeared first on SecurityWeek.
At AZ and Feyenoord I encountered a coach who was tactically sharp, an exceptional analyst and an astute man-manager
I was playing at FC Groningen when my teammate Etiënne Reijnen told me: “I’ve been called by my former teammate Arne, who was asking about you; how you are as a player and person.” That was my introduction to Arne Slot. He was assistant at AZ and I was told he was a very good coach. Soon after, I moved there and got to know him as a very tactical and knowledgable coach, who took a genuine interest in you as a human being as well.
As an assistant he did the tactical team talks and analysis of training sessions and he was very detailed, providing solutions to game situations while working on it in training. He motivated me every day to become a better player, to have a bigger goal in mind and to work very hard for that. So I already had that bond with him when he became head coach at AZ after a year and a half.
Continue reading...© Photograph: Piroschka van de Wouw/EPA-EFE
© Photograph: Piroschka van de Wouw/EPA-EFE
Enlarge / A screenshot of Microsoft's new "Recall" feature in action. (credit: Microsoft)
At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research. Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users.
"Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds," Microsoft says on its website. "The snapshots are encrypted and saved on your PC’s hard drive. You can use Recall to locate the content you have viewed on your PC using search or on a timeline bar that allows you to scroll through your snapshots."
By performing a Recall action, users can access a snapshot from a specific time period, providing context for the event or moment they are searching for. It also allows users to search through teleconference meetings they've participated in and videos watched using an AI-powered feature that transcribes and translates speech.
Enlarge (credit: Benj Edwards | Getty Images)
Since the launch of its latest AI language model, GPT-4o, OpenAI has found itself on the defensive over the past week due to a string of bad news, rumors, and ridicule circulating on traditional and social media. The negative attention is potentially a sign that OpenAI has entered a new level of public visibility—and is more prominently receiving pushback to its AI approach beyond what it has seen from tech pundits and government regulators.
OpenAI's rough week started last Monday when the company previewed a flirty AI assistant with a voice seemingly inspired by Scarlett Johansson from the 2013 film Her. OpenAI CEO Sam Altman alluded to the film himself on X just before the event, and we had previously made that comparison with an earlier voice interface for ChatGPT that launched in September 2023.
While that September update included a voice called "Sky" that some have said sounds like Johansson, it was GPT-4o's seemingly lifelike new conversational interface, complete with laughing and emotionally charged tonal shifts, that led to a widely circulated Daily Show segment ridiculing the demo for its perceived flirty nature. Next, a Saturday Night Live joke reinforced an implied connection to Johansson's voice.
This feels like an act of disruption from club’s US investors but there is logic to appointing a super-smart yet low-cost tyro
Welcome, then, to the dicing and slicing of Arne Slot. As ever with the appointment of a new manager at one of the Premier League’s heritage-level clubs, it is necessary to make a prediction; to judge before anything has actually happened whether this will prove to be a successful hire.
The real answer to which is, of course: nobody knows. Football is a field of endless variables. Even the most dominant manager has a diminishing range of influence. Every appointment is a gamble, every managerial hire a playing of the slots.
Continue reading...© Photograph: PA Wire/PA
© Photograph: PA Wire/PA
Enlarge / Scarlett Johansson and Joaquin Phoenix attend Her premiere during the 8th Rome Film Festival at Auditorium Parco Della Musica on November 10, 2013, in Rome, Italy. (credit: Franco Origlia / Contributor | Getty Images Entertainment)
OpenAI has paused a voice mode option for ChatGPT-4o, Sky, after backlash accusing the AI company of intentionally ripping off Scarlett Johansson's critically acclaimed voice-acting performance in the 2013 sci-fi film Her.
In a blog defending its casting decision for Sky, OpenAI went into great detail explaining its process for choosing the individual voice options for its chatbot. But ultimately, the company seemed pressed to admit that Sky's voice was just too similar to Johansson's to keep using it, at least for now.
"We believe that AI voices should not deliberately mimic a celebrity's distinctive voice—Sky’s voice is not an imitation of Scarlett Johansson but belongs to a different professional actress using her own natural speaking voice," OpenAI's blog said.
Liverpool have confirmed the appointment of Arne Slot as their head coach 24 hours after Jürgen Klopp bade farewell to Anfield.
Liverpool have had an agreement in place with the former Feyenoord coach for more than three weeks but wanted to delay the announcement until after Klopp’s departure. Slot has been announced as the head coach, not manager, and has signed a three-year contract.
Continue reading...© Photograph: PA Wire/PA
© Photograph: PA Wire/PA
AlmaLinux 9.4, codenamed “Seafoam Ocelot,” arrived on May 6, 2024. This exciting new release from the AlmaLinux OS Foundation closely mirrors Red Hat Enterprise Linux (RHEL) 9.4, offering a free and open-source alternative with full compatibility. In this article, we will explore the key features available in this edition. New Features and Improvements in […]
The post AlmaLinux 9.4 Released: Security and Legacy Hardware Support appeared first on TuxCare.
The post AlmaLinux 9.4 Released: Security and Legacy Hardware Support appeared first on Security Boulevard.
WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.
The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.
Enlarge / This is essentially the kind of water heater the author has hooked up, minus the Wi-Fi module that led him down a rabbit hole. Also, not 140-degrees F—yikes. (credit: Getty Images)
The hot water took too long to come out of the tap. That is what I was trying to solve. I did not intend to discover that, for a while there, water heaters like mine may have been open to anybody. That, with some API tinkering and an email address, a bad actor could possibly set its temperature or make it run constantly. That’s just how it happened.
Let’s take a step back. My wife and I moved into a new home last year. It had a Rinnai tankless water heater tucked into a utility closet in the garage. The builder and home inspector didn't say much about it, just to run a yearly cleaning cycle on it.
Because it doesn’t keep a big tank of water heated and ready to be delivered to any house tap, tankless water heaters save energy—up to 34 percent, according to the Department of Energy. But they're also, by default, slower. Opening a tap triggers the exchanger, heats up the water (with natural gas, in my case), and the device has to push it through the line to where it's needed.
Enlarge / Screenshot from the documentary Who Is Bobby Kennedy? (credit: whoisbobbykennedy.com)
In a lawsuit that seems determined to ignore that Section 230 exists, Robert F. Kennedy Jr. has sued Meta for allegedly shadowbanning his million-dollar documentary, Who Is Bobby Kennedy? and preventing his supporters from advocating for his presidential campaign.
According to Kennedy, Meta is colluding with the Biden administration to sway the 2024 presidential election by suppressing Kennedy's documentary and making it harder to support Kennedy's candidacy. This allegedly has caused "substantial donation losses," while also violating the free speech rights of Kennedy, his supporters, and his film's production company, AV24.
Meta had initially restricted the documentary on Facebook and Instagram but later fixed the issue after discovering that the film was mistakenly flagged by the platforms' automated spam filters.
Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their products.
The post ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric appeared first on SecurityWeek.
“These types of bugs are usually combined with a code execution bug to take over a target and are often used by ransomware (actors),” said Dustin Childs of the Zero Day Initiative.Introduced in Windows Vista, the Desktop Window Manager (dwm.exe) is a compositing window manager that renders all GUI effects in Windows like transparent windows, live taskbar thumbnails, Flip3D, and even high-resolution monitor support. Applications do not draw directly on the screen. Instead, they write their window images to a specific spot in memory. Windows then combines and creates a “composite” of all these windows into one view before sending it to the monitor. This allows Windows to add effects like transparency and animations while displaying the windows. Kaspersky researchers uncovered this vulnerability while investigating another Windows DWM Core Library privilege escalation bug tracked as CVE-2023-36033, also exploited as a zero-day in attacks. While analyzing data related to recent exploits and associated attacks, Kaspersky researchers discovered an intriguing file uploaded to VirusTotal on April 1. The file's name hinted that it contained details on a Windows vulnerability. The file had information regarding a Windows DWM vulnerability – written in broken English - that could be exploited to escalate privileges to SYSTEM level, with the exploitation process nearly mirroring the one used in CVE-2023-36033 attacks, “but the vulnerability was different,” researchers said. Initially skeptical due to the document's quality and lack of crucial details on exploiting the vulnerability, further investigation confirmed the legitimacy of another zero-day vulnerability capable of privilege escalation. Kaspersky promptly reported it to Microsoft, leading to its designation as CVE-2024-30051 and subsequent patching in this month’s Patch Tuesday.
“In mid-April we discovered an exploit for this zero-day vulnerability. We have seen it used together with QakBot and other malware and believe that multiple threat actors have access to it,” Kaspersky said.Security researchers at Google Threat Analysis Group, DBAPPSecurity WeBin Lab, and Google-owned Mandiant also reported the zero-day to Microsoft, pointing to likely widespread exploitation in malware attacks, Childs said.
“Don’t wait to test and deploy this update as exploits are likely to increase now that a patch is available to reverse engineer,” said Childs.The U.S. Cybersecurity and Infrastructure Security Agency also added CVE-2024-30051 to its Known Exploited Vulnerabilities catalog and directed all federal agencies to complete the patching process by June 4. Kaspersky plans to disclose technical specifics of CVE-2024-30051 once users have had adequate time to update their Windows systems.
“This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls,” Microsoft said.A hacker who socially-engineers a victim into opening a malicious document would be able to execute arbitrary code by passing OLE mitigations in the Microsoft suite of office applications. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.
First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. Satnam Narang at Tenable said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker.
“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. “Once exploited, the attacker can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect end users from malicious files.”
Kaspersky Lab, one of two companies credited with reporting exploitation of CVE-2024-30051 to Microsoft, has published a fascinating writeup on how they discovered the exploit in a file shared with Virustotal.com.
Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qbot and Pinkslipbot) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.
CVE-2024-30040 is a security feature bypass in MSHTML, a component that is deeply tied to the default Web browser on Windows systems. Microsoft’s advisory on this flaw is fairly sparse, but Kevin Breen from Immersive Labs said this vulnerability also affects Office 365 and Microsoft Office applications.
“Very little information is provided and the short description is painfully obtuse,” Breen said of Microsoft’s advisory on CVE-2024-30040.
The only vulnerability fixed this month that earned Microsoft’s most-dire “critical” rating is CVE-2024-30044, a flaw in Sharepoint that Microsoft said is likely to be exploited. Tenable’s Narang notes that exploitation of this bug requires an attacker to be authenticated to a vulnerable SharePoint Server with Site Owner permissions (or higher) first and to take additional steps in order to exploit this flaw, which makes this flaw less likely to be widely exploited as most attackers follow the path of least resistance.
Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser. Chrome usually auto-downloads any available updates, but it still may require a complete restart of the browser to install them. If you use Chrome and see a “Relaunch to update” message in the upper right corner of the browser, it’s time to restart.
Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts.
Finally, Adobe has critical security patches available for a range of products, including Acrobat, Reader, Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate and Adobe Framemaker.
Regardless of whether you use a Mac or Windows system (or something else), it’s always a good idea to backup your data and or system before applying any security updates. For a closer look at the individual fixes released by Microsoft today, check out the complete list over at the SANS Internet Storm Center. Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on any wonky Windows patches.
Update, May 15, 8:28 a.m.: Corrected misattribution of CVE-2024-30051.
Enlarge / A Waymo self-driving car in downtown San Francisco on Bush and Sansome Streets as it drives and transports passengers. (credit: JasonDoiy | iStock Unreleased)
Crashing into parked cars, drifting over into oncoming traffic, intruding into construction zones—all this "unexpected behavior" from Waymo's self-driving vehicles may be violating traffic laws, the US National Highway Traffic Safety Administration (NHTSA) said Monday.
To better understand Waymo's potential safety risks, NHTSA's Office of Defects Investigation (ODI) is now looking into 22 incident reports involving cars equipped with Waymo’s fifth-generation automated driving system. Seventeen incidents involved collisions, but none involved injuries.
Some of the reports came directly from Waymo, while others "were identified based on publicly available reports," NHTSA said. The reports document single-party crashes into "stationary and semi-stationary objects such as gates and chains" as well as instances in which Waymo cars "appeared to disobey traffic safety control devices."
Dubai, United Arab Emirates, May 14th, 2024 - DigiGlass by Redington, Managed Security Services Distributor (MSSD), and Sectrio, a global leader in OT/ICS and IoT cybersecurity solutions, cyber threat intelligence, and managed security services today inaugurated the first Industrial Control System/Operational Technology Security Operations Center (SOC) with a device testing lab in Dubai. View All Solutions […]
The post Sectrio and DigiGlass inaugurate State-of-the-Art OT/ICS SOC with Device Testing Lab in the UAE appeared first on Security Boulevard.
Enlarge (credit: Getty Images)
On Monday, OpenAI employee William Fedus confirmed on X that a mysterious chart-topping AI chatbot known as "gpt-chatbot" that had been undergoing testing on LMSYS's Chatbot Arena and frustrating experts was, in fact, OpenAI's newly announced GPT-4o AI model. He also revealed that GPT-4o had topped the Chatbot Arena leaderboard, achieving the highest documented score ever.
"GPT-4o is our new state-of-the-art frontier model. We’ve been testing a version on the LMSys arena as im-also-a-good-gpt2-chatbot," Fedus tweeted.
Chatbot Arena is a website where visitors converse with two random AI language models side by side without knowing which model is which, then choose which model gives the best response. It's a perfect example of vibe-based AI benchmarking, as AI researcher Simon Willison calls it.
A critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages.
The post Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors appeared first on SecurityWeek.
RSA Conference delivers in terms of interesting dialogues with other cybersecurity professionals, and this year while there is not much on the conference agenda related to IoT security there is a lot of discussion about it. Whether it’s the UK’s Product Security law going into effect at the end of April, the growing focus by […]
The post RSAC 2024 Day 2: IoT Security Questions (and Answers) appeared first on Viakoo, Inc.
The post RSAC 2024 Day 2: IoT Security Questions (and Answers) appeared first on Security Boulevard.
The 2024 RSA Conference is underway, and Viakoo is out in force. During the conference as we meet with customers, prospects, media, and analysts I will try to cherry pick some of the more interesting questions related to IoT Security. Over the past year the number of IoT security breaches and incidents has continued to […]
The post RSAC 2024: IoT Security Questions (and Answers) appeared first on Viakoo, Inc.
The post RSAC 2024: IoT Security Questions (and Answers) appeared first on Security Boulevard.
Login
