BU-CERT News

From thehackernews.com

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.

“A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory.

The list of four vulnerabilities is listed below –

• CVE-2024-4076 (CVSS score: 7.5) – Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure
• CVE-2024-1975 (CVSS score: 7.5) – Validating DNS messages signed using the SIG(0) protocol could cause excessive CPU load, leading to a denial-of-service condition.
• CVE-2024-1737 (CVSS score: 7.5) – It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing
• CVE-2024-0760 (CVSS score: 7.5) – A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients

Read more…

From securityonline.info

Resecurity has uncovered a widespread campaign exploiting critical vulnerabilities in ServiceNow, a popular platform for digital workflows. The flaws, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, allowed unauthenticated attackers to execute code remotely and steal sensitive data.

The widespread use of ServiceNow, particularly within major corporations and government entities, has made it a prime target for threat actors. Resecurity’s investigation uncovered a rapid surge in malicious activity immediately following the public release of a proof-of-concept exploit. Attackers, armed with this knowledge, wasted no time in scanning the internet for vulnerable instances, primarily leveraging CVE-2024-4879 to execute code remotely and exfiltrate sensitive data.

Estimating the impact is challenging, but ServiceNow is an extremely popular platform for managing digital workflows in modern IT environments. According to the output of FOFA, a popular network search engine from China, approximately 300,000 ServiceNow instances could be potentially probed remotely. These instances may have different ACL (Access Control Lists) or other access limitations at both the network and application levels, making this only an approximate estimation.

Read more…

From trendmicro.com

This is an extremely unfortunate situation for those affected, and we hope for a speedy remediation and recovery for all those involved. 

While many eyes will be focused on the recovery of their Windows environment, it is important to remember to diligently monitor your non-Windows environments, as adversaries can take advantage of distracted teams. Our research team is constantly watching the general landscape to see if threat actors are taking advantage in any way and will share any significant developments here.  

In the quest to stay a step ahead of the bad guys, sometimes software is pushed quickly. And the nature of software is that there are sometimes bugs. It is important to have processes in place to catch and mitigate bugs quickly, and to evolve software deployment processes to avoid impacting an entire global customer base simultaneously.

At Trend, we have a variety of resilience strategies based on our own experiences that we continually enhance across our people, process, and technology. We take a ring deployment approach that allows us to roll out software updates in batches starting with our own internal deployment, and then to groups of customers to limit exposure if issues are found. Additionally, we have blue screen of death (BSOD) monitoring and operational capabilities to rollback affected builds rapidly. 

Trend continues to be on standby to help and we will continue to monitor the situation and provide updates from our research team in this blog.

Read more…

From helpnetsecurity.com

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities, and supply chain vulnerabilities.

These threats impact various sectors, including finance, healthcare, and retail, and Chawla provides insights into effective mitigation strategies.

What are the most significant cloud security threats CISOs must know in 2024? How do these threats impact different sectors, such as finance, healthcare, and retail?

The most significant cloud security threats right now are data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities and supply chain and third-party vulnerabilities. Financial institutions, healthcare organizations and retailers face specific risks that are worth noting:

• Financial institutions face substantial risks, including financial loss, regulatory penalties, and loss of customer trust due to breaches and insider threats. Misconfigurations can expose sensitive financial data, violating compliance with regulations like SOX and GDPR.
• Healthcare organizations are particularly vulnerable to data breaches, risking patient safety and violating HIPAA regulations. Misconfigurations and insider threats can lead to unauthorized disclosure of patient information, causing privacy violations and significant fines.
• Retailers are susceptible to operational disruptions and loss of customer loyalty due to data breaches and ransomware attacks, which can also impact PCI compliance.

Read more…

From darkreading.com

Organizations have plenty of tools to identify cloud risks, vulnerabilities, and misconfigurations, but not so much for remediating cloud risks. For most organizations, significant back-and-forth is needed between DevOps and security teams to validate the risk, understand the root cause, and determine the best resolution.

Remediating risk usually involves a series of manual and time-consuming processes. Cybersecurity startup Zest Security wants to change that with its AI-powered platform designed to simplify and automate risk resolution. The platform correlates and pinpoints the root cause of cloud risks to craft resolution paths that eliminate cloud vulnerabilities and misconfigurations that attackers can exploit, Zest said in a statement.

Read more…

From theregister.com

Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards.

That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike’s shoddy testing software made possible.

All of Grant Thornton’s machines were encrypted with Microsoft’s BitLocker tool, which meant that recovery upon restart required CrowdStrike’s multi-step fix and entry of a 48-character BitLocker key.

The firm prioritized recovery for its servers, and tackled that task manually. But infrastructure manager Ben Watson and Woltz felt the sheer number of PCs at the firm meant an automated response would be required.

Read more…

From thehackernews.com

Google said it’s adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser.

“We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions,” Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.

To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files.

Read more…