20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona
The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa.
Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least five attacks between August 2020 and March 2023. He was arrested in the state of Arizona last Read More
The Hacker News | #1 Trusted Cybersecurity News Site
PoC Released For Critical Zero-Click Windows Vulnerability
[[{“value”:”
Microsoft’s wide reach as a target prompted attackers to carry out intensive studies on the vulnerabilities and mitigation tools of their products and protocols.
This resulted in a new remote code execution (RCE) WinAPI CreateUri function vulnerability, introduced as part of the CVE-2023-23397 patch.
Unlike the previous two-vulnerability RCE chain, this flaw enables zero-click RCE exploitation.
Cybersecurity researchers at Akamai recently unveiled that PoC was released for critical zero-click Windows vulnerability.
In addition to Outlook, File Explorer may trigger that flaw, increasing the attack surface.
This finding demonstrates the need for ongoing security evaluations, even in fixed components, to effectively recognize and handle emerging dangers.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
Zero-Click Windows Vulnerability
Microsoft’s March 2023 Patch Tuesday addressed the critical CVE-2023-23397 Outlook vulnerability, exploited in the wild by the Russian state-sponsored threat actor “Forest Blizzard.”
The flaw allowed remote, zero-click NTLM credential theft for relay attacks.
After patching, researchers discovered two bypasses and a parsing vulnerability that, when chained, enabled a full zero-click remote code execution (RCE) primitive against the Outlook client.
This highlights the importance of comprehensive vulnerability analysis, as patched components can still hold exploitable flaws requiring additional mitigations, especially against determined, state-backed threat actors continuously probing for new attack vectors.
The patch for Outlook’s CVE-2023-23397 introduced a call to MapUrlToZone that validated the PidLidReminderFileParameter URL, which helps in mitigating the initial flaw but creates a new attack surface.
Also, CreateUri is called from within MapUrlToZone and enables attackers to control the parsed path. CrackUrlFile is called by CreateUri when it handles file paths, eventually leading to exploitation.
Decompilation of newly added code (Source – Akamai)
It should also be noted that while addressing some vulnerability at one point, this patch at the same time opened another door for potential abuse due to failure in fully validating untrusted inputs across all code paths.
These findings demonstrate how crucial comprehensive security reviews during patch development are to prevent new vulnerabilities from being introduced into systems.
At the beginning of CrackUrlFile, it converts a URL into a Windows path using PathCreateFromUrlW.
It marks the buffer as dynamically allocated, and for the Windows paths, it just works without freeing the pointer. The buffer may be advanced during parsing to handle local device paths and remove duplicated backslashes.
To trigger this vulnerability, use a file scheme URL with a UNC path and mark this path as a drive path.
In the fixed code, RtlMoveMemory now copies bytes from the path component. Here’s the full path to trigger the vulnerability:-
file://./UNC/C:/Akamai.com/file.wav
In this study, the Akamai researchers explored a method of making Windows Explorer vulnerable through a shortcut (.lnk file) to an insecure path.
When the victim views the directory containing the shortcut, Explorer crashes immediately.
These findings highlight how crucial it is to analyze patches for any possible bypasses, as there may also be other MapUrlToZone bypasses.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
The Week that Was: Cl0p claims to have accessed data from a third Big Four accounting firm. A malign AI tool: FraudGPT.
Cl0p claims to have accessed data from a third Big Four accounting firm. A malign AI tool: FraudGPT. Report: Ransomware victims increased by 66% from Q1 to Q2 2023. Data breaches exact a rising cost. Norwegian government offices sustain a zero-day attack of undetermined origin. Russia-Ukraine hybrid war update. Patch news. Crime and punishment. Courts and torts.
Policies, procurements, and agency equities. Labor markets. Mergers and acquisitions. Investments and exits. Read More
World Password Day 2024: Create Strong Passwords & Stay Safe Online
[[{“value”:”
Today is an important day for online security as it marks World Password Day. This serves as a reminder to prioritize the use of strong and secure passwords to protect our online accounts and personal information from potential cyber threats.
With the constant evolution of cyber threats, it is more important than ever to secure online accounts with strong passwords.
This year’s theme encourages individuals and organizations to reassess password practices and enhance digital security.
Despite the increasing awareness of cybersecurity, weak passwords remain a significant vulnerability.
Common mistakes include using easily guessable passwords like personal information, or simple sequences that are susceptible to brute-force attacks.
These types of passwords can lead to unauthorized access and potentially severe data breaches.
Tips For Crafting Strong Passwords
Experts outline several strategies for creating strong and unique passwords. Here are some key tips:
Length and Complexity: A strong password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols.
Avoid Personal Information: Never use easily accessible personal details such as birthdays, names, or addresses in your passwords.
Use Passphrases: Consider using a random combination of words that are easy for you to remember but hard for others to guess.
An example could be a nonsensical phrase like “BlueBananaWindowSpoon”.
Utilize Password Managers: Tools like Password Manager can generate and store complex passwords, reducing the burden of memorization and decreasing the risk of using weak passwords.
In addition to strong passwords, enabling multi-factor authentication (MFA) adds an extra layer of security.
MFA requires users to provide two or more verification factors to gain access to their accounts, significantly reducing the risk of unauthorized access.
Celebrating World Password Day
World Password Day serves as a reminder of the importance of password security in protecting personal and financial information.
Organizations and individuals are encouraged to take proactive steps to strengthen their passwords and update their cybersecurity practices.
As we observe World Password Day, it’s crucial to remain vigilant and informed about the latest cybersecurity threats and trends.
Regularly updating passwords, using advanced security features, and educating others about the importance of password security are essential steps in protecting our digital identities.
Today, as we reflect on our digital security practices, let us commit to stronger, smarter password habits to safeguard our online presence against the ever-growing threat landscape.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide