Major General Lorna Mahlock, Deputy Director for Combat Support from the National Security Agency (NSA) sits down with Dave to discuss her long and impressive career leading up to he working for one of the most prestigious security agencies. Originally born in Kingston, Jamaica, Lorna immigrated to Brooklyn, New York and enlisted in the United States Marine Corps as a field radio operator. She shares how eye opening the military was for her, moving through ranks, and eventually landing into working at the Pentagon for the Chairman of the Joint Chiefs of staff. She moved around widening her array of paths, landing in her current role. Lorna shares some wisdom, mentioning how she likes to talk about ladders and how useful creating ladders in life can be, she says “I think about ladders in terms of horizontal component, in that you can create bridges, right? And, um, ways over obstacles, uh, for, for not only, uh, for yourself, but for others and an entire organization.” We thank Lorna for sharing her story with us. Read More
Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Code Execution
Microsoft has addressed two zero-day vulnerabilities in two Open-Source Software security vulnerabilities, which include Microsoft Edge, Microsoft Teams for Desktop, Skype for Desktop, and Webp images extension.
These vulnerabilities were previously reported and had the CVE ID as CVE-2023-4863 and CVE-2023-5217. The severity for both of these vulnerabilities is given as 8.8 (High).
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Microsoft Teams Zero-Day
CVE-2023-4863 is related to a heap buffer overflow that exists in the libwebp, which could allow a threat actor to perform an out-of-bounds memory write using a crafted HTML page. This vulnerability was previously associated with Chromium-based browsers. However, Microsoft Edge (Chromium-based) ingests Chromium, which gives rise to this vulnerability.
Likewise, CVE-2023-5217 was another heap buffer overflow vulnerability that existed in vp8 encoding in libvpx. This vulnerability exists in Microsoft Edge (Chromium-based) browsers, which threat actors can exploit to perform heap corruption via a crafted HTML page.
Both of these vulnerabilities were previously reported to Google Chrome and were fixed in version 117.0.5938.132.
As per Microsoft Edge, Microsoft has released the following build information.
Microsoft Edge ChannelMicrosoft Edge VersionBased on Chromium VersionDate ReleasedStable117.0.2045.47117.0.5938.1329/29/2023Extended Stable116.0.1938.98116.0.5845.2289/29/2023
Microsoft has released patches for fixing these vulnerabilities and urged its users to patch them accordingly. Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
Critical PHP Vulnerabilities Let Attackers Inject Commands : Patch Now
[[{“value”:”
Multiple vulnerabilities have been identified in PHP that are associated with Command Injection, Cookie Bypass, Account takeover, and Denial of Service.
The CVEs for these vulnerabilities have been given as CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, and CVE-2024-2757. The severity of these vulnerabilities is yet to be categorized.
However, the latest version of PHP 8.3.6 has been released, and it addresses all of these vulnerabilities alongside multiple features and bug fixes.
The complete changelog of PHP 8.3.6 can be seen in this link.
Critical PHP Vulnerabilities
According to the reports shared with Cyber Security News, these vulnerabilities affect all versions prior to 8.3.5, 8.2.18, 8.1.28, and 8.1.11.
The vulnerabilities identified are as follows:
Command Injection (CVE-2024-1874).
Cookie Bypass is due to an insufficient fix of CVE-2022-31629 (CVE-2024-2756).
Null byte acceptance leading to Account TakeOver (CVE-2024-3096).
Denial of Service (CVE-2024-2757).
Command Injection (CVE-2024-1874)
This particular vulnerability is due to the $command parameter of proc_open, which executes commands using its arguments.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
According to the proc_open documentation, PHP handles any necessary arguments when an array of command parameters are passed to the $command parameter and it will open the process directly without passing it to the shell.
Additionally, the GitHub advisory of this vulnerability also stated that there are reports about this “command injection vulnerability when executing the batch file.”
When executing the .bat or .cmd files, CreateProcess spawns the cmd.exe process that could lead to the command line arguments being parsed in cmd.exe.
However, a proof-of-concept for this vulnerability has been published.
Cookie Bypass Due To Insufficient Fix Of CVE-2022-31629 (CVE-2024-2756)
CVE-2022-31629 allows a threat actor to set a standard insecure cookie in the victim’s browser that is then treated as a `__Host-` or `__Secure-` cookie by PHP applications.
This vulnerability was stated as fixed in versions 7.4.31, 8.0.24 and 8.1.11. However, researchers have found a bypass for this fix which is assigned with CVE-2024-2756.
To explain further, PHP replaces spaces( ), dots (.) and open square brackets ([ ]) with underscore (_) in the $_POST and $_GET arrays. This is also applicable to $_COOKIE.
This particular behavior can be exploited by a threat actor to overwrite the cookies written by the browser and can perform potential malicious operations like stealing or replacing sensitive cookies.
This vulnerability has been stated to be fixed by PHP in versions 8.1.28, 8.2.18 and 8.3.6. A proof-of-concept for this vulnerability has also been published.
As an interesting note, both of these CVEs were reported by the same researcher.
Null Byte Acceptance Leading To Account TakeOver (CVE-2024-3096)
This particular vulnerability can be exploited by sending the password_hash parameter with a null byte x00 that will result in the password_verify being returned as true.
This means that if a threat actor creates a password with a null string, he can then compromise a victim account by signing in with a blank string.
This vulnerability has also been addressed in PHP versions 8.1.28, 8.2.18 and 8.3.6. Additionally, a proof-of-concept has also been released.
Denial Of Service (CVE-2024-2757)
The mb_encode_mimeheader has been identified to be generating an endless loop when certain inputs are provided to the parameter.
Though, this vulnerability has not yet been fully described, it has been mentioned that this vulnerability could lead to a Denial of Service condition on affected instances.
A threat actor can exploit this vulnerability by manipulating a user into providing untrusted inputs on the affected devices leading to the denial of service condition.
A proof-of-concept for this vulnerability has also been released.
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.
Proton worldwide outage caused by Kubernetes migration, software change
Swiss tech company Proton, which provides privacy-focused online services, says that a Thursday worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. […] Read More