-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jul 13, 2023
> Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.
> "An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.
> {loadposition sam08}"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”
> Microsoft also warned of a phishing campaign using Office zero-dat exploits to attack European and North American government and defence agencies.
> iTWire's regular Patch Tuesday commentator Satnam Narang said: “Two security feature bypass zero-day vulnerabilities in Microsoft Outlook (CVE-2023-35311) and Windows SmartScreen (CVE-2023-32049) were exploited in the wild by attackers.
> "Details about exploitation were not available at the time Patch Tuesday updates were released, but it appears that the attackers were able to use social engineering to convince a target to click on a malicious URL. In both instances, security warning prompts that are designed to help protect users were bypassed."
↺ Chinese hackers raided US government email accounts by exploiting Microsoft cloud bug | TechCrunch
> The White House confirmed that unclassified U.S. government email accounts were accessed in the raids by Chinese hackers.
> Former security engineer Shakeeb Ahmed has been arrested on charges related to the defrauding of decentralized crypto exchange Crema Finance.
> The phrase "Root of Trust" turns up at various points in discussions about verified boot and measured boot, and to a first approximation nobody is able to give you a coherent explanation of what it means[1].
> Apple has pulled its latest Rapid Security Response updates for iOS and macOS after users complained that they can no longer access websites.
> Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10.
> HCA Healthcare says the personal information of roughly 11 million patients was stolen in a data breach.
> The Washington Post has an article about popular printing services, and whether or not they read your documents and mine the data when you use them for printing:
> Ten years ago, a young man left a nice job, his girlfriend and his home with just his laptops. His fantastic story changed the world and the way we think about our internet privacy.
> Researchers at cybersecurity firm Wiz Inc. today detailed a newly discovered Python-based fileless malware that’s targeting cloud workloads. Dubbed “PyLoose,” the attack is said to be the first publicly documented Python-based fileless attack targeting cloud workloads in the wild.
> Experts call for improvements to space cybersecurity as sectors such as energy, agriculture and finance rely more on satellite networks.
> Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development.
> ICS Patch Tuesday: Siemens and Schneider Electric release nine new security advisories and fix 50 vulnerabilities in their industrial products.
> The security firm pointed out that the other drivers — 32 of which were signed by WHCP — were rootkits. "Many of these rootkits were designed to stealthily monitor sensitive data sent over the Internet," it said.
> "Upon discovering these malicious drivers, X-Ops immediately reported the issue to Microsoft, who resolved the issue in their most recent Patch Tuesday.
> Christopher Budd, director, threat research, Sophos X-Ops, said: “Since October last year, we’ve noticed a concerning rise in threat actors taking advantage of malicious signed drivers to carry out various cyber attacks, including [the use of] ransomware.
> "We believed that attackers would continue to leverage this attack vector, and that has indeed been the case. Because drivers often communicate with the ‘core’ of the operating system and load before security software, when they are abused, they can be particularly effective at disabling security protections — especially when signed by a trusted authority.
> "Many of the malicious drivers we’ve discovered were specifically designed to target and ‘take out’ EDR products, leaving the affected systems vulnerable to a range of malicious activity.
> "Obtaining a signature for a malicious driver is difficult, so this technique is primarily used by advanced threat actors in targeted attacks.
> Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
-- Response ended
-- Page fetched on Sat Jun 1 08:38:00 2024