PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023.
The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek.
The all in one place for non-profit security aid.
PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023.
The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek.
CrowdStrike Publishes Technical Root Cause Analysis of Faulty Falcon Update
Cybersecurity giant CrowdStrike has released a comprehensive technical root cause analysis detailing the events that led to a problematic Falcon sensor update on July 19, 2024. The incident caused system crashes for some Windows users and prompted a swift response from the company.
The investigation shows that the problem came from a complicated interaction of factors within CrowdStrike’s Rapid Response Content delivery system.
At the core of the problem was a mismatch between the number of input fields expected by the sensor’s Content Interpreter and those provided by a new Template Type introduced in February 2024.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
According to the report, the IPC (Interprocess Communication) Template Type was designed to expect 21 input fields, but the sensor code only supplied 20. This discrepancy went undetected during the development and testing phases, partly due to the use of wildcard matching criteria in the 21st field during initial deployments.
The issue occurred when a new version of Channel File 291 was deployed on July 19, introducing a non-wildcard matching criterion for the 21st input parameter. This triggered an out-of-bounds memory read in affected sensors, resulting in system crashes.
CrowdStrike has outlined several key findings and corresponding mitigations:
Implementation of compile-time validation for template-type input fields
Addition of runtime array bounds checks in the Content Interpreter
Expansion of Template Type testing to cover a wider variety of matching criteria
Correction of a logic error in the Content Validator
Introduction of staged deployment for Template Instances
Provision of customer control over Rapid Response Content updates
The company has engaged two independent third-party software security vendors to conduct further reviews of the Falcon sensor code and its end-to-end quality process.
This morning, we published the Root Cause Analysis (RCA) detailing the findings, mitigations and technical details of the July 19, 2024, Channel File 291 incident. We apologize unreservedly and will use the lessons learned from this incident to become more resilient and better…
— CrowdStrike (@CrowdStrike) August 6, 2024
CrowdStrike emphasized that as of July 29, approximately 99% of Windows sensors were back online compared to pre-incident levels. A sensor software hotfix addressing the issue is scheduled for general availability by August 9, 2024.
CrowdStrike has hired two independent third-party software security companies to further review the Falcon sensor code for both security and quality assurance.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) – Free Guide
The post CrowdStrike Publishes Technical Root Cause Analysis of Faulty Falcon Update appeared first on Cyber Security News.
HubSpot phishing targets 20,000 Microsoft Azure accounts
A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. […] Read More
Ubuntu Authd Flaw Let Attackers Spoof User ID
A recently identified vulnerability in Ubuntu’s Authd, CVE-2024-9312, has raised significant security concerns.
The flaw, present through version 0.3.6, allows local attackers to spoof user IDs, potentially gaining unauthorized access to privileged accounts.
The root cause of this vulnerability lies in how Authd assigns user IDs. The system uses a deterministic method based on user names, which lacks sufficient randomness to prevent ID collisions.
According to the birthday paradox principle, this approach creates a high probability of collisions after approximately 54,562 IDs are assigned.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Furthermore, Ubuntu’s Authd mechanism for ensuring ID uniqueness is limited to its local cache.
This cache can be inconsistent across systems within the same domain and may be purged regularly, especially if users have not logged into a specific system for over six months.
This inconsistency increases the risk of ID duplication and potential exploitation.
The impact of this vulnerability is significant. An attacker who can register user names can engineer situations where their created user ID collides with a target user’s. This can be achieved by:
Purging the Cache: Encouraging system administrators to purge the /var/cache directory.
Targeting System Accounts: Exploiting accounts whose UIDs fall within Authd’s range.
Exploiting Inactive Accounts: Targeting accounts that haven’t logged into a specific system recently.
Once an attacker successfully logs in with a colliding ID, they gain the same privileges as the target user, potentially compromising sensitive data and system integrity.
To mitigate this vulnerability, it is recommended that external Identity Providers (IdPs) supply guaranteed-unique user IDs.
Various IdPs, such as LDAP and Active Directory, support this approach. If integrating with an external IdP is not feasible, architectural changes to Authd are necessary.
These changes should include managing mutable state to ensure uniqueness across systems and synchronizing this state for environments requiring uniform UIDs.
CVE-2024-9312 poses a high risk due to its potential impact on confidentiality, integrity, and availability.
Organizations using affected versions of Authd should prioritize implementing remediation strategies to safeguard their systems against unauthorized access and data breaches.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
The post Ubuntu Authd Flaw Let Attackers Spoof User ID appeared first on Cyber Security News.