Category: News

From gbhackers.com

X-Force identified a phishing campaign targeting Latin American users since March 2024, where emails impersonate legitimate entities like tax and utility services, urging recipients to click links for invoices or account statements. 

Clicking the link redirects users in specific countries to a fake PDF icon while downloading a malicious ZIP archive containing an executable disguised as a PDF, which leverages urgency and exploits trust in official institutions to trick users into compromising their systems. 

Read more…

From thehackernews.com

Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system.

“Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024,” the tech giant said.

The Windows maker originally announced its decision to drop NTLM in favor of Kerberos for authentication in October 2023.

Read more…

From tenable.com

Key takeaways

• Fluent Bit is a logging utility heavily used by all major cloud providers.
• Tenable Research discovered a critical vulnerability dubbed Linguistic Lumberjack (CVE-2024-4323) within Fluent Bit’s built-in HTTP server that could potentially allow for denial of service, information disclosure, or remote code execution.
• The vulnerability was introduced in version 2.0.7 and exists thru 3.0.3. It is fixed in the main source branch and is expected in release 3.0.4.
• The issue can be resolved by …
  • … upgrading to the latest version of Fluent Bit.
  • … appropriately limiting access to the vulnerable endpoint.

An overview of Fluent Bit and of the Linguistic Lumberjack vulnerability

Fluent Bit is a lightweight, open-source data collector and processor that can handle large volumes of log data from various sources. It was designed to be highly scalable and easy to use, making it an ideal choice for collecting and processing logs in cloud-based environments. The project boasts upwards of 3 billion downloads as of 2022 and continues to see more than 10 million deployments each day. It is used heavily in almost every major cloud provider’s infrastructure.

Read more…

From gbhackers.com

Team82 has uncovered multiple critical vulnerabilities in Honeywell’s ControlEdge Virtual Unit Operations Center (UOC).

These vulnerabilities within the EpicMo protocol implementation could potentially allow attackers to execute remote code without authentication.

Honeywell has since addressed these issues, but the discovery underscores the ongoing challenges in securing industrial control systems (ICS).

Read more…

From thehackernews.com

A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution.

Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.

“If exploited, it could allow attackers to execute arbitrary code on your system, compromising data and operations,” security researcher Guy Nachshon said.

llama_cpp_python, a Python binding for the llama.cpp library, is a popular package with over 3 million downloads to date, allowing developers to integrate AI models with Python.

Read more…

From horizon3.ai

In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading of secrets for integrated systems, allowing for pivoting into those systems.

FortiSIEM Overview

The FortiSIEM allows customers to do many of the expected functions of a typical SIEM solution such as log collection, correlation, automated response, and remediation. It also allows for simple and complex deployments ranging from a standalone appliance to scaled out solutions for enterprises and MSPs.

Read more…

From kitploit.com

Perform malware scan analysis of on-prem servers using AWS services

Challenges with on-premises malware detection

It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern malware uses various obfuscation techniques. Server admins may lack visibility into security events across all servers historically. Determining compromised systems and safe backups to restore from during incidents is challenging without centralized monitoring and alerting. It is onerous for server admins to setup and maintain additional security tools for advanced threat detection. The rapid mean time to detect and remediate infections is critical but difficult to achieve without the right automated solution.

Determining which backup image is safe to restore from during incidents without comprehensive threat intelligence is another hard problem. Even if backups are available, without knowing when exactly a system got compromised, it is risky to blindly restore from backups. This increases the chance of restoring malware and losing even more valuable data and systems during incident response. There is a need for an automated solution that can pinpoint the timeline of infiltration and recommend safe backups for restoration.

Read more…