New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team.
The post Akeyless Launches SaaS-based External Secrets Manager appeared first on SecurityWeek.
SecurityWeek RSS Feed
The all in one place for non-profit security aid.
New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team.
The post Akeyless Launches SaaS-based External Secrets Manager appeared first on SecurityWeek.
SecurityWeek RSS Feed
6 Actively Exploited Zero-Days and 132 Flaws Patched – Microsoft Security Update
A total of 132 new security flaws in Microsoft’s products were patched, including six zero-day issues that the company claimed were being actively used in the wild.
Nine of the 130 vulnerabilities have a severity rating of ‘Critical,’ while 121 have a rating of ‘Important’.
This is in addition to the eight bugs that Microsoft patched in its Edge browser, which is based on Chromium, at the end of the previous month.
Further, 37 RCE flaws have been fixed by Microsoft. Nevertheless, one of the RCE issues is still present and unpatched, and several cybersecurity companies have observed attacks that actively use it.
Six zero-day vulnerabilities that were all exploited in attacks and one of which was made public were fixed in this month’s Patch Tuesday.
Notably, if a vulnerability is publicly reported or actively used and no official remedy is available, Microsoft describes it as a zero-day vulnerability.
Microsoft Threat Intelligence Center discovered an actively used vulnerability in Windows MSHTML that allowed for privilege escalation.
It was accessed by viewing a specially crafted file via spam email or malicious websites.
An attacker might take advantage of the flaw in an email attack by emailing the victim a specially designed file and persuading them to open it.
In a web-based attack scenario, an attacker may run a website (or make use of a website that has been hacked that accepts or hosts user-provided content) that contains a specially created file intended to exploit the vulnerability.
“The attacker would gain the rights of the user that is running the affected application,” reads Microsoft’s advisory.
Attackers used this flaw to prevent the Open File – Security Warning popup from appearing while downloading and accessing files from the Internet.
“The attacker would be able to bypass the Open File – Security Warning prompt”, Microsoft.
Microsoft claims that the Microsoft Threat Intelligence Centre internally found the problem.
In this case, threat actors were able to get administrator rights on the Windows device by actively exploiting the elevation of privileges bug. The bug was discovered by Vlad Stolyarov and Maddie Stone of Google Threat Analysis Group (TAG).
“An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default,” Microsoft.
Microsoft is looking into claims of many remote code execution flaws affecting Office and Windows products. Microsoft is aware of specific attacks that try to use specially created Microsoft Office documents to exploit these flaws.
To execute remote code execution in the victim’s context, an attacker might produce a specially crafted Microsoft Office document. To open the infected file, the victim would need to be enticed to do so by the attacker.
“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs”, Microsoft.
According to Microsoft, users who utilize Microsoft Defender for Office and the Attack Surface Reduction Rule “Block all Office applications from creating child processes” are shielded against attachments that try to make use of this vulnerability.
Those who are not using these protections can add the following application names to the HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key as values of type REG_DWORD with data 1.
Excel.exe
Graph.exe
MSAccess.exe
MSPub.exe
PowerPoint.exe
Visio.exe
WinProj.exe
WinWord.exe
Wordpad.exe
Microsoft Threat Intelligence, Google’s Threat Analysis Group (TAG), Vlad Stolyarov, Clement Lecigne, Bahare Sabouri, Paul Rascagneres, Tom Lancaster, and the Microsoft Office Product Group Security Team all reported this problem.
Code-signing certificates and developer accounts used to install malicious kernel-mode drivers by abusing a Windows policy vulnerability have been revoked by Microsoft.
Microsoft has issued a warning outlining the suspension of all related developer accounts and the revocation of any misused certificates.
“Microsoft was informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems before the use of the drivers,” explains Microsoft.
Microsoft has updated Microsoft Outlook to address an actively exploited zero-day vulnerability that gets around security alerts and operates in the preview pane. The person who reported this vulnerability requested anonymity.
“The attacker would be able to bypass the Microsoft Outlook Security Notice prompt,” explains Microsoft.
33 Elevation of Privilege Vulnerabilities
13 Security Feature Bypass Vulnerabilities
37 Remote Code Execution Vulnerabilities
19 Information Disclosure Vulnerabilities
22 Denial of Service Vulnerabilities
7 Spoofing Vulnerabilities
Over the past few weeks, security updates have also been provided by various other vendors in addition to Microsoft to address several vulnerabilities, including Adobe, Apple, Aruba Networks, Cisco, Citrix, Dell, Drupal, F5, Fortinet, GitLab, Google Chrome, Lenovo and much more.
The post 6 Actively Exploited Zero-Days and 132 Flaws Patched – Microsoft Security Update appeared first on Cyber Security News.
Cyber Security News
North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
[[{“value”:”The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT.
The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Multiple Videolan VLC Player Flaws Leads to Memory Corruption: Update Now!
Recently, two significant vulnerabilities related to memory corruption have been uncovered in the popular VLC media player.
These vulnerabilities were found in the Microsoft Media Server (MMS), which has two implementations in VLC: MMS over TCP (MMST) and MMS over HTTP (MMSH). These vulnerabilities could potentially create security breaches and cause harm to users.
The GetPacket function that is responsible for receiving packets was found to contain two significant vulnerabilities – Heap Overflow and Integer Underflow.
Although the vulnerabilities have been identified, the CVEs for these issues are still pending assignment. It is crucial to address these vulnerabilities promptly to ensure the security of the system.
2 bytes2 bytes4 bytes2 bytes2 bytesn bytesi_typei_sizei_sequencei_unknowni_size2dataPackage Format
According to the reports, 3 data sequences were received in VLC. 4 bytes of type and i_size describing the next read’s size. 8 bytes of the headers like i_sequence, i_unknown, and i_size2. The third sequence was reading the data.
However, when calculating the read sequence, instead of reducing it to 12 bytes, it is only reduced to 8 bytes, resulting in buffer overflow.
As mentioned, the data size is calculated to be 8 bytes. Additionally, the i_size2 is controlled by the user, which could result in an underflow. According to the definitions, the data type of i_size2 is uint16_t.
We can copy the uint16 to the int and subtract 8 to get an int underflow due to the disassembly of the relevant function.
A complete report about these vulnerabilities has been published on GitHub, providing detailed information about the source code, method of exploitation, and other additional information.
Users of VLC are recommended to upgrade to version 3.0.20 to fix these vulnerabilities and prevent them from getting exploited by threat actors.
Secures your storage & backup systems With StorageGuard – Watch a 40-second Video Tour.
The post Multiple Videolan VLC Player Flaws Leads to Memory Corruption: Update Now! appeared first on Cyber Security News.
Cyber Security News