BU-CERT News

From bleepingcomputer.com

Microsoft says some 32-bit applications are impacted by recurring failures when saving and copying files across multiple Windows versions (especially when copying to network shares).

The intermittent issue only affects apps that are large address aware and are also using the CopyFile API on Windows 11 21H2 and 22H2 (after installing KB5023774 or later issued updates) or Windows 10 21H2 and 22H2 (after installing KB5023773 or newer updates).

“Windows devices are more likely to be affected by this issue when using some commercial/enterprise security software which uses extended file attributes,” Microsoft said.

According to Redmond, there have been no reports of File Explorer’s file copying functionality being affected; however, the CopyFile API used within specific applications may be impacted.

Microsoft Office apps like Word and Excel are susceptible to this problem only when utilizing 32-bit versions, with impacted users potentially receiving “Document not saved” error messages.

This known issue is unlikely to be encountered by consumers using Windows devices in personal or non-managed commercial settings.

Read more…

From techtarget.com

Barracuda Networks on Tuesday disclosed a zero-day vulnerability that has been used in attacks against its email security gateway appliance customers.

Barracuda disclosed the flaw in its email security gateway (ESG) product via a five-paragraph advisory on its website. According to the advisory, the network security vendor discovered the flaw on May 19 before releasing patches on May 20 and 21.

Barracuda did not detail the nature of the vulnerability, tracked as CVE-2023-2868, in the advisory beyond saying the flaw “existed in a module which initially screens the attachments of incoming emails” and that no other Barracuda product is subject to the flaw. In its webpage dedicated to the vulnerability, NIST described an input validation issue for user-supplied TAR files that can allow unauthorized users to gain remote access.

Read more…

From gbhackers.com

Apria HealthCare Inc. is a leading home medical equipment and clinical support provider. The company was founded in 1924 and had a net worth of $644 million headquartered in Indianapolis, US.

On 23rd May 2023, Apria released a notification letter stating that the company had faced a data breach that could have exposed some customers’ personal information. It was also said that they are currently investigating this incident.

Read more…

From thehackernews.com

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems.

The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat’s (APT) continued abuse of DLL side-loading techniques to run arbitrary payloads.

“The threat actor places a malicious DLL (msvcr100.dll) in the same folder path as a normal application (Wordconv.exe) via the Windows IIS web server process, w3wp.exe,” ASEC explained. “They then execute the normal application to initiate the execution of the malicious DLL.”

Read more…

From ncsc.gov.uk

The NCSC are delighted to launch two new e-learning packages that will help procurement specialists, risk owners and cyber security professionals to effectively manage risks across their supply chains.

The packages have been designed to accompany the NCSC’s existing guidance on Mapping your supply chain and Gaining confidence in your supply chain cyber security.

To use the training, simply visit the Supply Chain Mapping e-learning section, which is hosted on the NCSC website. The package is free to use, and includes knowledge checks. No login is required – just click on the link and start learning.

Mapping your supply chain is the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain. The training explains:

• what supply chain mapping is, why it’s important and how it can benefit your organisation
• what information it will typically contain
• the role of sub-contractors that your suppliers may use
• what this means when agreeing contracts

Gaining confidence in your supply chain describes practical steps to help organisations assess cyber security in their supply chains. The training:

• describes typical supplier relationships, and ways that organisations are exposed to vulnerabilities and cyber attacks via the supply chain
• defines expected outcomes and key steps to help you assess your supply chain’s approach to cyber security
• answers common questions you may encounter as you work through the training

Read more…

From scmagazine.com

SecurityWeek reports that Honeywell has unveiled the new on-premises Cyber Insights solution within its Forge cybersecurity product that enables improved threat and vulnerability identification in operational technology systems by using vulnerability, threat, and compliance data gathered from Honeywell offerings and other third-party security systems. Aside from enabling the delivery of information to organizations’ off-site security operations centers or managed security services providers, Cyber Insights also performs data analysis and correlation on a dedicated server to ensure continued operations, according to Honeywell, which also touted Cyber Insights’ compliance with NIST 800-53 requirements, Center for Internet Security benchmarks, and user-defined policies

Read more…

From helpnetsecurity.com

Error messages that ChatGPT and other AI language models generate can be used to uncover disinformation campaigns, hate speech and fake reviews via OSINT collection and analysis, says Nico Dekens, director of intelligence at ShadowDragon.

Read more…