From securityonline.info
Trend Micro, a leader in cybersecurity solutions, has issued a security update to its Maximum Security software for Windows users, addressing a significant local privilege escalation vulnerability identified as CVE-2024-32849. The flaw, which carries a CVSS score of 7.8, could potentially allow attackers to escalate privileges and manipulate system files.
From neowin.net
A few days ago, Microsoft confirmed it had fixed a longstanding “65000″ BitLocker encryption reporting error on Windows Intune. These types of issues can often affect a large number of systems as they are deployed on managed devices across enterprises.
Yesterday, Microsoft confirmed a new issue for Windows Server domain controllers (DCs) as it has cautioned that IT and system administrators may notice a large increase in NTLM authentication traffic. The tech giant has confirmed that this spike is caused as a result of a bug in the latest April 2024 Patch Tuesday (KB5036909) for Windows Servers, and it affects all Server OS versions, from 2008 all the way up to the latest Windows Server 2019 and 2022.
Windows NTLM, or New Technology LAN Manager, is a suite of security protocols that helps to authenticate and verify users’ identity, and it is something Microsoft wishes to eventually disable in Windows 11.
From securityaffairs.com
The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans.
The Ministry of Defence revealed that a malign actor gained access to part of the Armed Forces payment network, which is an external system completely separate to MOD’s core network.
Defence Secretary Grant Shapps told House of Commons that the impacted system is not connected to the main military HR system.
The UK Ministry of Defense is reviewing the operations of the impacted contractor and announced that appropriate measures will be taken.
The compromised information includes the personal data of regular and reserve personnel and some recently retired veterans. The malicious actor gained access to names and bank details, and, in a smaller number of cases, addresses of the impacted personnel.
The UK government did not publicly attribute the attack, however, the BBC reported that UK ministers suspected China was responsible
From bleepingcomputer.com
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.
Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users.
At the start of the month, Cisco Talos disclosed CVE-2023-49606, a critical (CVSS v3: 9.8) use-after-free flaw the researchers discovered in December 2023, impacting versions 1.11.1 (latest) and 1.10.0, after claiming to not receiving a response from the developers.
Cisco’s report shared detailed information about the vulnerability, including proof-of-concept exploits that crashed the server and could potentially lead to remote code execution.
From theregister.com
The fallout from Edinburgh University’s ill-fated Oracle HR and finance implementation continues with one department recording thousands of mis-coded transactions relating to more than £300,000 in spending.
More than two years after the Fusion HR, payroll, and finance system went live, the university’s Biology Department noted that transactions are still mis-coded. One insider told The Register they were using Excel spreadsheets to get an unofficial ledger of spending to make up for the system’s shortcomings.
The Register understands the problems are indicative of ongoing issues with the system, internally called People and Money (P&M), throughout the £1.3 billion budget institution.
In December, an independent report from PA Consulting showed how before the implementation, senior managers missed warning signs that the project was not ready. The report commissioned by the University Court, an independent governance body, said problems related to change management aspects of the project that were not given sufficient attention before it went live.
From securityaffairs.com
The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’ , and issued sanctions against him. It was the first time that the admin of the notorious group was identified by law enforcement.
The man is a Russian national named Dmitry Yuryevich Khoroshev (31) of Voronezh, Russia.
“The sanctions against Russian national Dmitry Khoroshev (pictured), the administrator and developer of the LockBit ransomware group, are being announced today by the FCDO alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs.” reads the press release published by NCA.
The NCA states that Khoroshev will now be subject to a series of asset freezes and travel bans.
“Khoroshev, AKA LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans.” continues the NCA.
From thehackernews.com
A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites.
The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user and wp‑configuser.
CVE-2023-40000, which was disclosed by Patchstack in February 2024, is a stored cross-site scripting (XSS) vulnerability that could permit an unauthenticated user to elevate privileges by means of specially crafted HTTP requests.
The flaw was addressed in October 2023 in version 5.7.0.1. It’s worth noting that the latest version of the plugin is 6.2.0.1, which was released on April 25, 2024.
LiteSpeed Cache has over 5 million active installations, with statistics showing that versions other than 5.7, 6.0, 6.1, and 6.2 are still active on 16.8% of all websites.