Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
Related Posts
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
[[{“value”:”
The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by researchers that have found it to be used in the wild.
Let’s first have a look at the two zero-days. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs for these two vulnerabilities are:
CVE-2024-26234 (CVSS score 6.7 out of 10): a proxy driver spoofing vulnerability that Microsoft listed as “Exploitation detected” hours after it initially listed it as non-exploited.
In fact, the patch is a revocation of a Microsoft Windows Hardware Compatibility Publisher signature that was used to sign a file which contained a backdoor using an embedded proxy server to monitor and intercept network traffic on an infected Windows machine. Apparently, the software, designed to remote-control phones, was used to make them act like online bots, collectively liking posts, following people on social media, and posting comments.
CVE-2024-29988 (CVSS score 8.8 out of 10): a SmartScreen prompt security feature bypass vulnerability. Microsoft still has this listed as “Exploitation More Likely” and acknowledges the fact that functional exploit code is available. Which means that the exploit code works in most situations where the vulnerability exists.
One reason for the contradiction could be that the exploitation requires some form of user interaction. It requires an attacker to get the victim to click on a link or open a file. If the victim falls for that, the bug allows the attacker to bypass the SmartScreen security feature in Windows that’s supposed to alert users to any untrusted websites or other threats.
Researchers said that attackers are using the weakness to send targets exploits in a zipped file which bypasses the Mark of the Web (MotW) warnings, a warning message users should see when trying to open a file downloaded from the internet.
The exploit for the vulnerability was called “trivial” and “embarrassingly easy” by the researchers that wrote about it.
A few applications that deserve some of your attention if you’re using them are SQL Server (38 vulnerabilities), and Windows Remote Access Connection Manager (9).
Other vendors
Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.
The Android Security Bulletin for April 2024 contains details of security vulnerabilities for patch level 2024-04-05 or later.
Google also updated Chrome to patch a zero-day vulnerability.
SAP has released its April 2024 Patch Day updates.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.
“}]] Read More
Malwarebytes
Xerox’s US subsidiary Hit by Cyber Attack: Personal Information Exposed
Xerox’s US subsidiary Hit by Cyber Attack: Personal Information Exposed
Recently, Xerox’s US subsidiary, Xerox Business Solutions (XBS), experienced a cyber incident, prompting immediate action from Xerox’s cybersecurity personnel.
While the specifics of the intrusion remain under investigation, initial reports indicate containment within XBS US, mitigating further escalation.
Active Investigation and Third-Party Collaboration:
INC Ransom #ransomware group has added Xerox Corporation (https://t.co/gjcYPl26tq) to their victim list.#USA #incransom #darkweb #databreach #cyberattack pic.twitter.com/wa9qKIhwWx
— FalconFeeds.io (@FalconFeedsio) December 31, 2023
Xerox recognizes the gravity of the situation and is actively collaborating with third-party cybersecurity experts to conduct a comprehensive investigation.
This rigorous approach aims to determine the exact nature and extent of the incident, identify any vulnerabilities exploited, and formulate robust measures to enhance XBS’s IT security posture.
Thankfully, Xerox highlights that the incident did not impact its corporate systems, operations, or data.
Additionally, XBS operations appear unaffected, suggesting a targeted intrusion within the subsidiary’s specific IT environment.
However, Xerox’s preliminary investigation does raise concerns about the potential compromise of limited personal information within XBS.
Transparent Communication and Adherence to Protocol:
Xerox emphasizes its commitment to data privacy and protection, prioritizing the security of its clients, partners, and employees.
Adhering to their policies and standard operating procedures, Xerox vows to notify all affected individuals, ensuring transparency and prompt redressal of any potential harm caused by the data breach.
While details surrounding the nature of the attack remain undisclosed, the incident underscores the ever-evolving threat landscape faced by corporations in the digital age.
Cybercriminals employ increasingly sophisticated tactics, necessitating robust cybersecurity frameworks, continuous vigilance, and swift incident response protocols.
Strengthening Defenses and Building Trust:
In the wake of this incident, Xerox must prioritize a multi-pronged approach:
Thorough Investigation: Identifying the attack vector, compromised data, and vulnerabilities exploited is crucial to prevent future intrusions.
Enhanced Security Measures: Implementing stricter access controls, data encryption, and advanced threat detection systems can fortify XBS’s IT environment.
Transparent Communication: Maintaining open communication with stakeholders, including affected individuals, clients, and partners, is essential for rebuilding trust and demonstrating responsiveness.
The post Xerox’s US subsidiary Hit by Cyber Attack: Personal Information Exposed appeared first on Cyber Security News.
Cyber Security News
Europol says Home Routing mobile encryption feature aids criminals
Europol says Home Routing mobile encryption feature aids criminals
Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement’s ability to intercept communications during criminal investigations. […] Read More