0.0.0.0 Zero-Day: An 18-Year-Old Browser Exploit Lets Hackers Attack Mac, Linux Computers

From linkedin.com

Israeli cyber security company Oligo has uncovered an 18-year-old vulnerability which they have dubbed “0.0.0.0 Day,” – a critical flaw that allows malicious websites to bypass browser security measures in Google Chrome, Mozilla Firefox, and Apple Safari, enabling them to interact with services on a local network. This flaw enables unauthorized access and remote code execution on local services by attackers from outside the network.

Notably, this vulnerability only affects Linux and macOS devices, leaving Windows users unaffected.

The root of this issue lies in the inconsistent implementation of security mechanisms across various browsers, compounded by a lack of industry-wide standardization. Consequently, the seemingly innocuous IP address 0.0.0.0 can be exploited by attackers to target local services, which may include those used for development, operating systems, and internal networks.

The impact of the 0.0.0.0 Day vulnerability is widespread, affecting both individuals and organizations. The discovery of active exploitation campaigns, such as ShadowRay, highlights the urgency of addressing this vulnerability.

Read more…

Sitting Ducks DNS attacks let hackers hijack over 35,000 domains

From bleepingcomputer.com

Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner’s account at the DNS provider or registrar.

In a Sitting Ducks attack, cybercriminals exploit configuration shortcomings at the registrar level and insufficient ownership verification at DNS providers.

Researchers at DNS-focused security vendor Infoblox and at firmware and hardware protection company Eclypsium discovered that there are more than a million domains that can be hijacked every day via the Sitting Ducks attacks.

Read more…

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

From thehackernews.com

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.

“A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory.

The list of four vulnerabilities is listed below –

  • CVE-2024-4076 (CVSS score: 7.5) – Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure
  • CVE-2024-1975 (CVSS score: 7.5) – Validating DNS messages signed using the SIG(0) protocol could cause excessive CPU load, leading to a denial-of-service condition.
  • CVE-2024-1737 (CVSS score: 7.5) – It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing
  • CVE-2024-0760 (CVSS score: 7.5) – A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients

Read more…

ServiceNow Exploits Used in Global Reconnaissance Campaign

From securityonline.info

Resecurity has uncovered a widespread campaign exploiting critical vulnerabilities in ServiceNow, a popular platform for digital workflows. The flaws, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, allowed unauthenticated attackers to execute code remotely and steal sensitive data.

The widespread use of ServiceNow, particularly within major corporations and government entities, has made it a prime target for threat actors. Resecurity’s investigation uncovered a rapid surge in malicious activity immediately following the public release of a proof-of-concept exploit. Attackers, armed with this knowledge, wasted no time in scanning the internet for vulnerable instances, primarily leveraging CVE-2024-4879 to execute code remotely and exfiltrate sensitive data.

Estimating the impact is challenging, but ServiceNow is an extremely popular platform for managing digital workflows in modern IT environments. According to the output of FOFA, a popular network search engine from China, approximately 300,000 ServiceNow instances could be potentially probed remotely. These instances may have different ACL (Access Control Lists) or other access limitations at both the network and application levels, making this only an approximate estimation.

Read more…

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

From trendmicro.com

This is an extremely unfortunate situation for those affected, and we hope for a speedy remediation and recovery for all those involved. 

While many eyes will be focused on the recovery of their Windows environment, it is important to remember to diligently monitor your non-Windows environments, as adversaries can take advantage of distracted teams. Our research team is constantly watching the general landscape to see if threat actors are taking advantage in any way and will share any significant developments here.  

In the quest to stay a step ahead of the bad guys, sometimes software is pushed quickly. And the nature of software is that there are sometimes bugs. It is important to have processes in place to catch and mitigate bugs quickly, and to evolve software deployment processes to avoid impacting an entire global customer base simultaneously.

At Trend, we have a variety of resilience strategies based on our own experiences that we continually enhance across our people, process, and technology. We take a ring deployment approach that allows us to roll out software updates in batches starting with our own internal deployment, and then to groups of customers to limit exposure if issues are found. Additionally, we have blue screen of death (BSOD) monitoring and operational capabilities to rollback affected builds rapidly. 

Trend continues to be on standby to help and we will continue to monitor the situation and provide updates from our research team in this blog.

Read more…

Cloud security threats CISOs need to know about

From helpnetsecurity.com

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities, and supply chain vulnerabilities.

These threats impact various sectors, including finance, healthcare, and retail, and Chawla provides insights into effective mitigation strategies.

What are the most significant cloud security threats CISOs must know in 2024? How do these threats impact different sectors, such as finance, healthcare, and retail?

The most significant cloud security threats right now are data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities and supply chain and third-party vulnerabilities. Financial institutions, healthcare organizations and retailers face specific risks that are worth noting:

  • Financial institutions face substantial risks, including financial loss, regulatory penalties, and loss of customer trust due to breaches and insider threats. Misconfigurations can expose sensitive financial data, violating compliance with regulations like SOX and GDPR.
  • Healthcare organizations are particularly vulnerable to data breaches, risking patient safety and violating HIPAA regulations. Misconfigurations and insider threats can lead to unauthorized disclosure of patient information, causing privacy violations and significant fines.
  • Retailers are susceptible to operational disruptions and loss of customer loyalty due to data breaches and ransomware attacks, which can also impact PCI compliance.

Read more…

Zest Security Aims to Resolve Cloud Risks

From darkreading.com

Organizations have plenty of tools to identify cloud risks, vulnerabilities, and misconfigurations, but not so much for remediating cloud risks. For most organizations, significant back-and-forth is needed between DevOps and security teams to validate the risk, understand the root cause, and determine the best resolution.

Remediating risk usually involves a series of manual and time-consuming processes. Cybersecurity startup Zest Security wants to change that with its AI-powered platform designed to simplify and automate risk resolution. The platform correlates and pinpoints the root cause of cloud risks to craft resolution paths that eliminate cloud vulnerabilities and misconfigurations that attackers can exploit, Zest said in a statement.

Read more…