Tag Archive for: patch

Barracuda patch bypassed by novel malware from China-linked threat group

/in


This audio is auto-generated. Please let us know if you have feedback.

Barracuda email security gateway devices were hit by a cyber espionage campaign from a China-nexus threat group that bypassed remediation efforts and continued unleashing attacks against high value targets, according to research Mandiant released Tuesday.

The threat group, listed as UNC4841, deployed sophisticated malware designed to maintain a presence inside a subset of certain high priority target organizations even after security updates were released for the Barracuda devices. 

Barracuda and Mandiant said they have seen no evidence of a successful exploit of the remote command injection vulnerability, CVE-2023-2868, since Barracuda released a patch on May 20.

Barracuda CISO Riaz Lakhani told Cybersecurity Dive that the patch fully addressed the zero-day vulnerability, and compromised appliances were given additional patches to address the actions of the threat actor.

“Out of an abundance of caution, Barracuda’s recommended remediation for any compromised appliance is replacement,” Lakhani said via email, noting that compromised customers were told to contact the company’s support line.

In June, Mandiant disclosed the hackers were involved in a massive cyber espionage campaign, where they leveraged the devices to send malicious email attachments to targeted government offices in the U.S. and abroad and private sector companies. 

Mandiant said many of the government targets in North America include state and local governments, judiciaries, law enforcement agencies, social services and several incorporated towns. Most of the observed compromises took place during the early months of the campaign, from October to December 2022.

The FBI issued a flash alert in late August warning users to isolate and replace affected Barracuda ESG devices, saying that hackers affiliated with the People’s Republic of China were continuing to exploit the devices. 

According to Mandiant, a…

Source…

August 2023 Android Security Patch

/in


OnePlus Nord CE 2 Lite 5G Receives the OxygenOS 13 C.31 Update

The Chinese smartphone maker, OnePlus has started to roll-out the OxygenOS 13 C.31 update to its Nord CE 2 Lite 5G smartphones. The update brings the August 2023 Android security patch.

Here’s more about it.

OnePlus Nord CE 2 Lite 5G OxygenOS 13 C.31 Update

The OxygenOS 13 C.31 update that is currently being rolled out for the OnePlus Nord CE 2 Lite smartphones is for the Indian users only, and the update has a firmware version of CPH2381_11.C.31. As mentioned, the update will integrate the Android security patch of August 2023 to the device,

OxygenOS 13 C.31 for the OnePlus Nord CE 2 Lite 5G
Image Source: OnePlus Community

The update is an incremental update and some of the OnePlus Nord CE 2 Lite 5G smartphone users in India might have already received the update. The company plans on a broader roll-out in the coming few days and more users will be able to receive the update.

If by chance users come across any bugs or any sorts of issues in the latest update, they can submit it on the menu which appears on dialing “*#800#” or they may submit it on the feedback form given on the respective update page or directly on the update thread.

Here are the specifications of the OnePlus Nord CE 2 Lite 5G smartphone.

OnePlus Nord CE 2 Lite 5G Specifications

General

Dimensions 164.3 x 75.6 x 8.5 mm
Weight 195 gm

Connectivity

Network Connectivity 2G, 3G, 4G and 5G
Wi-Fi Yes, Wi-Fi 802.11 a/b/g/n/ac with Dual Band Support and Wi-Fi Direct
Bluetooth Yes, Version 5.2

Processor

Chipset Qualcomm Snapdragon 695 5G (6 nm) Chipset
Primary Clock Speed 2.2 GHz
Operating System Android 12 (which can be upgraded to Android 13) based OxygenOS 13
GPU Adreno 619

Storage

Storage Options 6GB/128GB and 8GB/128GB

Display

Display Type IPS LCD Display
Screen Size 6.59”
Screen Resolution 1080 x 2412 pixels
Refresh Rate 120Hz

Camera

Rear Camera 64MP + 2MP + 2MP Triple Camera Setup
Front Camera 16MP

Sensors

Fingerprint Sensor Yes, Side-Mounted Fingerprint Sensor
Accelerometer Yes
Proximity Sensor Yes
Gyroscope Yes
Barometer No
Compass Yes

Battery

Battery Backup 5000 mAh
Charging Features 33W Wired Fast Charging Feature

Colours

Colour Variants Black Dusk and Blue Tide


Readers like you…

Source…

Microsoft Fixes Six Zero-Days This Patch Tuesday

/in


Microsoft issued a record-breaking 132 new fixes for vulnerabilities this month and detailed six zero-day bugs, including one being actively exploited in attacks against NATO members.

Of the massive haul, nine CVEs were rated “critical,” 37 were remote code execution (RCE) flaws and 33 were elevation of privilege bugs.

Read more on zero-day flaws: Microsoft Fixes Zero-Day Bug This Patch Tuesday

All six of the zero-days are being actively exploited in the wild, with one publicly disclosed. The latter is CVE-2023-36884, an RCE vulnerability impacting Office and Windows HTML. Microsoft warned that it is being used to target organizations attending the NATO summit this week with ransomware and espionage attacks using the RomCom backdoor.

There’s no patch for the vulnerability this month, but Microsoft released mitigations and promised a fix soon.

Another priority for organizations should be CVE-2023-35311: a Microsoft Outlook security feature bypass bug which uses a network attack vector with low attack complexity that requires user interaction but not elevated privileges.

“It’s important to note that this vulnerability specifically allows bypassing Microsoft Outlook security features and does not enable remote code execution or privilege escalation,” explained Action1 co-founder, Mike Walters.

“Therefore, attackers are likely to combine it with other exploits for a comprehensive attack. The vulnerability affects all versions of Microsoft Outlook from 2013 onwards.”

The other zero-day flaws are:

  • CVE-2023-32046: a Windows MSHTML Platform elevation of privilege vulnerability
  • CVE-2023-32049: a Windows SmartScreen security feature bypass vulnerability
  • CVE-2023-36874: a Windows Error Reporting Service elevation of privilege vulnerability
  • ADV230001: new guidance on Microsoft Signed Drivers being used maliciously

On the latter guidance, Ivanti VP of security products, Chris Goettl, explained that several developer accounts for the Microsoft Partner Center (MPC) were discovered submitting malicious drivers to obtain a Microsoft signature.

“All the developer accounts involved in this incident were immediately suspended. Microsoft has released Window security…

Source…

OnePlus Nord CE gets July 2023 Android security patch

/in


OnePlus has announced the incremental rollout of the OxygenOS 13 F.50 update for users of the OnePlus Nord CE. This update is currently being rolled out in batches to users in the India (IN) region.

The OxygenOS 13 F.50 update brings a couple of improvements and bug fixes, aiming to enhance the overall user experience on the OnePlus Nord CE. One notable enhancement is the integration of the July 2023 Android security patch, which boosts system security.

Furthermore, the update addresses an issue that could lead to stuttering on the Home screen after unlocking the phone.

With the OxygenOS 13 F.50 update, OnePlus has also rectified an issue that could cause the Photos app to crash under certain scenarios.

Below is the complete update changelog shared by OnePlus on the Community forums:

System

  • Integrates the July 2023 Android security patch to enhance system security.
  • Fixes an issue that might cause the Home screen to stutter after you unlock your phone.

Camera

  • Fixes an issue that might cause the Photos app to crash in certain scenarios.

As with most software updates, the OxygenOS 13 F.50 update is being rolled out in batches, which means a limited number of users will receive it today. A broader rollout will commence in a few days.

To check for the OxygenOS 13 F.50 update manually, navigate to Settings > System > System Updates.

OnePlus Nord CE: Specifications

Here are the key specifications of the OnePlus Nord CE:

Display

  • 6.43-inch Fluid AMOLED display
  • 90Hz refresh rate

Processor and Memory

  • Qualcomm Snapdragon 750G
  • 6GB/8GB/12GB LPDDR4X RAM

Storage

Operating System

Cameras

  • Rear Camera

    • 64 MP primary camera with f/1.8 aperture
    • 8 MP ultra-wide-angle camera with f/2.3 aperture
    • 2 MP mono sensor with f/2.4 aperture

  • Front Camera

Battery

  • 4,500mAh non-removable battery
  • Warp Charge 30T Plus fast charging (30W)

Others

  • 5G connectivity
  • In-display fingerprint sensor
  • 3.5mm headphone jack

Source…