BU-CERT News

From tenable.com

Projects written completely in a memory-safe language can be affected by memory vulnerabilities if they use external dependencies written in memory-unsafe languages. 

Developers also can open the door for memory bugs in memory-safe languages if they disable certain security capabilities in them. Previously, CISA has identified C#, Go, Java, Python, Rust and Swift as memory-safe languages.

The cyber agencies recommend that organizations and software manufacturers:

• Reduce memory safety vulnerabilities
• Make secure and informed choices when using OSS
• Understand the risk of memory vulnerabilities in OSS
• Evaluate ways of reducing this risk

“We encourage additional efforts to understand the scope of memory-unsafety risks in OSS and continued discussion of the best approaches to managing and reducing this risk,” the report reads.

Read more…

From blog.qualys.com

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.

The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base. Interestingly, over 0.14% of vulnerable internet-facing instances with OpenSSH service have an End-Of-Life/End-Of-Support version of OpenSSH running.

Read more…

From thehackernews.com

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers.

The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.

“An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device,” the company said in an advisory issued last week.

Read more…

From securityaffairs.com

esearchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers.

The vulnerability is a path traversal issue that can lead to information disclosure. Threat actors are exploiting the flaw to collect account information, including user passwords, from the vulnerable D-Link DIR-859 WiFi routers.

The vendor states that the DIR-859 family of routers has reached their End of Life (“EOL”)/End of Service Life (“EOS”) life-cycle, and for this reason, the flaw will likely not be addressed.

GreyNoise observed hackers targeting the ‘DEVICE.ACCOUNT.xml’ file to extract all account names, passwords, user groups, and user descriptions on the device. The attackers use a modified version of the public exploit.

“GreyNoise observed a slight variation in-the-wild which leverages the vulnerability to render a different PHP file to dump account names, passwords, groups, and descriptions for all users of the device. At the time of writing we are not aware of the motivations to disclose/collect this information and are actively monitoring it” reads the analysis published by GreyNoise.

Read more…

From theregister.com

SECURITY IN BRIEF It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made off with even more emails than it first admitted. 

We’ve been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive US government data. Reports last week revealed that the issue was even larger than initially believed and additional customers’ data has been stolen. 

“We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” a Microsoft spokesperson told Bloomberg. “This is increased detail for customers who have already been notified and also includes new notifications.”

Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior US government officials.

Read more…

Late yesterday, LockBit claimed the Federal Reserve Board as a victim. Exfiltrated data was claimed to be 33TB of data. No sample data was provided at the time of post. Ransom deadline: June 25th, 2024.

#RANSOMWARELate yesterday, LockBit claimed the Federal Reserve Board as a victim. Exfiltrated data was claimed to be 33TB of data. No sample data was provided at the time of post.

Ransom deadline: June 25th, 2024. pic.twitter.com/P1650zz3gQ

— Dark Web Informer (@DarkWebInformer) June 24, 2024

From helpnetsecurity.com

YesWeHack announces a €26 million Series C funding round.

In a world where cyber risks are more strategic and complex than ever, YesWeHack will use this funding to invest in Artificial Intelligence, launch new innovative solutions and expand its international growth.

The round is led by Wendel, alongside new investors such as Adelie and Seventure Partners, as well as reinvestment from Bpifrance, Open CNP and Eiffel Investment Group. YesWeHack is also delighted to welcome Renaud Deraison, Co-Founder 

Read more…