Japan urged to adhere to US cybersecurity standards. Report finds AI could increase production of fake sexual abuse imagery. Read More
The CyberWire
The all in one place for non-profit security aid.
Japan urged to adhere to US cybersecurity standards. Report finds AI could increase production of fake sexual abuse imagery. Read More
The CyberWire
Single Right-Click Let Hackers Gain Access To System By Exploiting 0-Day
A newly discovered 0-day vulnerability in Windows systems, CVE-2024-43451, has been actively exploited by suspected Russian hackers to target Ukrainian entities.
This 0-day flaw, identified by security analysts at ClearSky Cyber Security in June 2024, allows attackers to gain unauthorized access to systems through minimal user interaction.
CVE-2024-43451 is an NTLM Hash Disclosure spoofing vulnerability that can be triggered by seemingly harmless actions:-
Researchers at ClearSky Cyber Security observed that when this 0-Day vulnerability is exploited, it discloses the user’s NTLMv2 hash, which attackers can use to authenticate as the user and potentially move laterally within a network.
Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)
The attack begins with a phishing email containing a hyperlink to download an Internet shortcut file. This file is hosted on a compromised Ukrainian government server. When the user interacts with the file, it triggers the vulnerability, establishing a connection to the attacker’s server.
The exploit then downloads additional malware, including SparkRAT, an open-source remote access tool that allows attackers to control compromised systems remotely.
Ukraine’s Computer Emergency Response Team (CERT-UA) has attributed these attacks to UAC-0194, a threat group believed to be Russian. The campaign primarily targets Ukrainian entities, highlighting the ongoing cyber warfare in the region.
Microsoft patched CVE-2024-43451 as part of its November 2024 Patch Tuesday update. The vulnerability affects all supported Windows versions, from Windows 10 and later to Windows Server 2008 and up.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-43451 to its Known Exploited Vulnerabilities Catalog, mandating federal agencies to secure vulnerable systems by December 3, 2024.
Users and organizations are strongly advised to apply the security update immediately to mitigate the risk posed by this actively exploited zero-day vulnerability.
Analyze Unlimited Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.
The post Single Right-Click Let Hackers Gain Access To System By Exploiting 0-Day appeared first on Cyber Security News.
2 Chrome Zero-Days Exploited At Pwn2Own 2024 : Patch Now
[[{“value”:”
Google patched seven vulnerabilities in the Chrome browser on Tuesday, including two zero-day exploits that were exploited at the Pwn2Own Vancouver 2024 hacking contest.
Researchers at Pwn2Own challenge exploited the zero-days tagged as Type Confusion in WebAssembly (CVE-2024-2887) and Use after free in WebCodecs (CVE-2024-2886).
Google has fixed the vulnerabilities in the Google Chrome Stable channel to 123.0.6312.86/.87 for Windows and Mac, and 123.0.6312.86 for Linux.
The update will be rolled out in the upcoming days and weeks.
The competition’s winner, researcher Manfred Paul (@_manfp), exploited a high-severity Type Confusion flaw in WebAssembly identified as CVE-2024-2887 and received a $42,500 award for it on the first day of Pwn2Own contest.
Prior to Google Chrome 123.0.6312.86, type confusion in WebAssembly allowed a remote attacker to run arbitrary code through a crafted HTML page.
KAIST Hacking Lab’s Seunghyun Lee (@0x10n) exploited a high-severity use-after-free in WebCodecs tracked as CVE-2024-2886; he received $9 Master of Pwn points and $85,000 on the second day of Pwn2Own contest.
Prior to Google Chrome 123.0.6312.86, use after free in WebCodecs allowed a remote attacker to carry out arbitrary read/write via a crafted HTML page.
A critical use after free in ANGLE has been tracked as CVE-2024-2883. Cassidy Kim (@cassidy6564) reported the issue, and Google awarded her a $10,000 reward for it.
The vulnerability enabled a remote attacker to possibly exploit heap corruption using a crafted HTML page.
A high severity Use after free in Dawn identified as CVE-2024-2885. Researcher Wgslfuzz reported the problem. Google Chrome did not provide the details about the reward for this vulnerability.
By using a specially designed HTML page, the vulnerability might have allowed a remote attacker to take advantage of heap corruption.
To view the most recent version on desktop devices, Google Chrome users can navigate to Menu > Help > About Google Chrome or type chrome://settings/help into the address bar.
The browser looks for updates as soon as the website is accessed; it downloads and installs any that it finds. It ought to detect and install the latest version.
To finish the update, the browser must be restarted.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed”, Google said.
There is no indication from Google that any of these vulnerabilities are being used in the wild.
Google recommends that users update to the most recent version of Google Chrome to prevent exploiting vulnerabilities.
Notably, Mozilla also addresses two zero-day vulnerabilities tracked as CVE-2024-29944 and CVE-2024-29943 that were recently exploited by Manfred Paul (@_manfp) at the Pwn2Own hacking contest in the Firefox web browser.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post 2 Chrome Zero-Days Exploited At Pwn2Own 2024 : Patch Now appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched
Google released Chrome 115 to the stable channel for Windows, MacOS, and Linux on Tuesday, patching 20 vulnerabilities, including 11 that were discovered by external researchers.
Four security issues were assessed to be of “high severity,” while six were determined to be of “medium severity.”
This browser update also fixes a ‘low-severity’ issue with Themes’ insufficient validation of untrusted input.
The two use-after-free issues affecting the WebRTC component tracked as CVE-2023-3727 and CVE-2023-3728, are the most significant flaws identified.
These vulnerabilities, recognized by Google and rewarded with a $7,000 bounty each, are as major as they are critical.
CVE-2023-3730, a use-after-free weakness in Tab Groups, is another high-severity defect that Chrome 115 fixes. The researcher who discovered it received a $2,000 bug prize.
Additionally, Mark Brand of Google Project Zero identified CVE-2023-3732, an out-of-bounds memory access in Mojo. No bug bounty was offered for this internal discovery by Google’s rules.
System failures or data corruption may result from a use-after-free vulnerability that enables an attacker to run arbitrary code.
On the other side, a vulnerability that allows for out-of-bounds memory access might allow a hacker to access data that they are not meant to, potentially resulting in data breaches.
Additionally, Chrome 115 fixes six medium-severity vulnerabilities that were reported externally.
Inappropriate implementations of several components, including Picture in Picture, Custom Tabs, Notifications, Autofill, WebApp Installs, and Web API Permission Prompts, caused the flaws.
If exploited, these flaws might have adverse effects, including enabling attackers to get around access restrictions and take illegal acts.
Although Google has not revealed any ongoing exploits of these vulnerabilities, it is strongly encouraged to apply its update immediately to protect against prospective attacks.
For ‘low-severity’ insufficient validation of untrusted input bugs in Themes, the reporting researchers have received a total of $34,000 in bug bounty awards.
Chrome for Linux and macOS: Chrome 115.0.5790.98
Chrome for Windows: Chrome 115.0.5790.98 or Chrome 115.0.5790.99
By choosing Menu > Help > About Google Chrome or by typing chrome://settings/help straight into the browser’s address bar, users may determine the version that is currently installed.
When a website is opened on a desktop machine, Google Chrome shows the installed version and checks for updates.
To shield the browser and system against potential vulnerabilities, it is advised to apply the update as soon as possible.
Stay up-to-date with the latest Cyber Security News; follow us on GoogleNews, Linkedin, Twitter, and Facebook.
The post Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched appeared first on Cyber Security News.
Cyber Security News