Tag Archive for: addresses

Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities

/in


Microsoft has released a substantial set of patches in its February 2024 Patch Tuesday. This update is particularly significant as it addresses a total of 73 vulnerabilities, which includes two zero-day exploits that have been detected in active use by cyber criminals. Among the vulnerabilities patched, five have been classified as critical due to their potential to cause serious harm, such as denial of service, remote code execution, information disclosure and elevation of privileges. Read on for more details.  

What are the zero-days mentioned in Microsoft’s February 2024 Patch Tuesday?  

The two zero-day vulnerabilities that have been actively exploited are particularly concerning: 

  • CVE-2024-21351: This is a Windows SmartScreen bypass vulnerability. SmartScreen is designed to warn users about running unrecognized applications that could potentially be harmful. The exploitation of this vulnerability could lead to unauthorized data exposure or render systems unavailable. 
  • CVE-2024-21412: This vulnerability is a security feature bypass flaw. It allows attackers to carry out their attacks without triggering the security checks that are in place to prevent such incidents. 

The implications of these vulnerabilities are severe, as they can be used to compromise user data, disrupt business operations and gain unauthorized access to sensitive information. The complete list of resolved vulnerabilities in the February 2024 Patch Tuesday updates can be viewed in the full report. 

What is Nuspire doing? 

In response to these updates, Nuspire has taken immediate action by applying the patches as recommended by the vendor. In addition to patching, Nuspire’s security team is actively threat hunting within client environments to detect any signs of compromise that might indicate the exploitation of these vulnerabilities. 

What should I do? 

It is crucial for organizations to take proactive measures to protect their systems and data from these vulnerabilities. Here are the recommended steps: 

  • Prioritize Patching: Given the active exploitation of the two zero-days, organizations should prioritize patching these vulnerabilities. The sooner these patches are applied, the less…

Source…

AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses

/in


A security researcher has published exploit code for AtlasVPN for Linux, which could enable anybody to disconnect a user and reveal their IP address simply by luring them to a website.

AtlasVPN is a “freemium” virtual private network (VPN) service owned by NordVPN. Despite being just 4 years old, according to its website, it’s used by more than 6 million people worldwide.

On Sept. 1, after receiving no response from the vendor, an unidentified researcher (referred to by their Full Disclosure mailing list username, “icudar”) posted exploit code for AtlasVPN Linux to the Full Disclosure mailing list and Reddit. By simply copying and pasting this code to their own site, any odd hacker could disconnect any AtlasVPN user from their private network, and reveal their IP address in the process.

“Since the entire purpose of the VPN is to mask this information, this is a pretty significant problem for users,” says Shawn Surber, senior director of technical account management at Tanium.

How the AtlasVPN Exploit Works

The issue with AtlasVPN’s Linux client boils down to a lack of proper authentication.

“The client does not connect via a local socket or any other secure means but instead it opens an API on localhost on port 8076. It does not have ANY authentication,” icudar wrote in his online posts. “This port can be accessed by ANY program running on the computer, including the browser.”

Surber guesses that “this vulnerability appears to be caused by the assumption that Cross-Origin Resource Sharing (CORS) protection would prevent it.” CORS is a mechanism by which one domain can request resources from another.

As other researchers have pointed out, though, the exploit easily slips past CORS by sending a type of request it does not flag. “CORS is designed to prevent data theft and loading of outside resources. In this scenario, the attack uses a simple command, which slips through the CORS gauntlet and, in this case, turns off the VPN, immediately exposing the user’s IP and therefore general location,” Surber explains.

What This Means for VPN Users

To test the extent of the vulnerability, icudar wrote malicious JavaScript that would request port 8076 and successfully disconnect the VPN, then request…

Source…

Home addresses of hundreds of cops feared to have fallen into the hands of computer hackers

/in


HOME addresses of some Met cops are feared to be in the hands of computer hackers.

Commissioner Sir Mark Rowley reassured his 47,000 officers and support workers that personal details were not subject to the IT breach at a company which produces warrant cards and passes.

Home addresses of hundreds of Met cops are feared to be in the hands of hackers

1

Home addresses of hundreds of Met cops are feared to be in the hands of hackersCredit: Alamy

But The Sun on Sunday can reveal an initial survey of data held by Stockport-based Digital ID from 2,000 Met workers shows, in some cases, hackers could get home addresses.

The ransomeware attack came after new warrant cards and passes were produced in a scheme, codenamed Operation Fortress, to improve security.

Many officers complained news of the bungle was posted on an internal intranet over a Bank Holiday weekend instead of sent to them in emails.

This meant they found out only by reading our exclusive about the hack.

Hackers who hit firm which makes police warrant cards thought to be abroad
Met warrant cards hackers stole details from had been replaced at cost of £500k

Sir Mark apologised and wrote a personal message saying: “Whilst it does not include the most personal data such as addresses or financial data, this breach I know causes wider concern.”

A review of all data held on the Met by the firm is now being carried out.

It is thought hackers were blackmailers rather than terrorists, and that the Met plans to personally tell staff whose home location may be compromised.

Ex-Met commander John O’Connor said: “The hack has put officers at risk, particularly those involved in undercover work. I can’t believe the Met could be so careless.”

The National Crime Agency is leading the probe, supported by the National Cyber Security Centre.

The Met said it was a “complex incident” and added: “Our understanding of what data may be at risk is evolving.

“We are working with technical specialists and keeping staff informed.”

Other police forces, government departments and major companies also used Digital ID.

But it is believed that, rather than sharing information, they used printing equipment supplied by the firm.

Source…

Throne fixes security bug that exposed creators’ private home addresses

/in


A recently fixed security bug at a popular platform for supporting creators shows how even privacy-focused platforms can put creators’ private information at risk.

Throne, founded in 2021, bills itself as “a fully secure, concierge wishlist service that acts as an intermediary between your fans and you.” Throne claims to support more than 200,000 creators by shipping out thousands of their wish list items per day, all the while protecting the privacy of the creators’ home address.

The idea is that online creators, like streamers and gamers, can publish a wish list of gifts that supporters can buy, and Throne acts as the go-between. “Your fans pay for the gifts and we handle the rest,” its website reads. “We make sure that the payment gets processed, that the item gets sent, and most importantly, that your private information stays private.”

But a group of good-faith hackers found a vulnerability that undermined that claim and exposed the private home addresses of its creator users.

Enter Zerforschung, the German collective of security researchers behind its latest discovery. You may remember the collective from December when they found and disclosed major security bugs in social media alternative Hive, which sprung to popularity in the exodus from Twitter under Elon Musk’s new ownership. Hive briefly shut itself down to fix the vulnerabilities found by Zerforschung, which allowed anyone to modify anyone else’s posts and access other people’s private messages.

Zerforschung told TechCrunch that they discovered the vulnerability in how the company set up its database, hosted on Google’s Firebase, to store data. The researchers said that the database was inadvertently configured to allow anyone on the internet to access the data inside, including session cookies for its Amazon accounts from the database, which can be used to break into an account without needing the password.

Session cookies are small bits of code that sit on your computer or device to keep users logged into apps and websites without having to repeatedly re-enter a password or sign-in with two-factor authentication. Because session cookies keep the user logged in, they can be an…

Source…