BU-CERT News

From securityaffairs.com

esearchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers.

The vulnerability is a path traversal issue that can lead to information disclosure. Threat actors are exploiting the flaw to collect account information, including user passwords, from the vulnerable D-Link DIR-859 WiFi routers.

The vendor states that the DIR-859 family of routers has reached their End of Life (“EOL”)/End of Service Life (“EOS”) life-cycle, and for this reason, the flaw will likely not be addressed.

GreyNoise observed hackers targeting the ‘DEVICE.ACCOUNT.xml’ file to extract all account names, passwords, user groups, and user descriptions on the device. The attackers use a modified version of the public exploit.

“GreyNoise observed a slight variation in-the-wild which leverages the vulnerability to render a different PHP file to dump account names, passwords, groups, and descriptions for all users of the device. At the time of writing we are not aware of the motivations to disclose/collect this information and are actively monitoring it” reads the analysis published by GreyNoise.

Read more…

From theregister.com

SECURITY IN BRIEF It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made off with even more emails than it first admitted. 

We’ve been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive US government data. Reports last week revealed that the issue was even larger than initially believed and additional customers’ data has been stolen. 

“We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” a Microsoft spokesperson told Bloomberg. “This is increased detail for customers who have already been notified and also includes new notifications.”

Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior US government officials.

Read more…

Late yesterday, LockBit claimed the Federal Reserve Board as a victim. Exfiltrated data was claimed to be 33TB of data. No sample data was provided at the time of post. Ransom deadline: June 25th, 2024.

🚨🚨🚨#RANSOMWARE🚨🚨🚨Late yesterday, LockBit claimed the Federal Reserve Board as a victim. Exfiltrated data was claimed to be 33TB of data. No sample data was provided at the time of post.

Ransom deadline: June 25th, 2024. pic.twitter.com/P1650zz3gQ

— Dark Web Informer (@DarkWebInformer) June 24, 2024

From helpnetsecurity.com

YesWeHack announces a €26 million Series C funding round.

In a world where cyber risks are more strategic and complex than ever, YesWeHack will use this funding to invest in Artificial Intelligence, launch new innovative solutions and expand its international growth.

The round is led by Wendel, alongside new investors such as Adelie and Seventure Partners, as well as reinvestment from Bpifrance, Open CNP and Eiffel Investment Group. YesWeHack is also delighted to welcome Renaud Deraison, Co-Founder 

Read more…

From securelist.com

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric scanner security from the red team’s perspective and uses the example of a popular hybrid terminal model to demonstrate approaches to scanner analysis. These approaches are admittedly fairly well known and applied to analysis of any type of device.

We also talk about the benefits of biometric scanners for access control systems and their role in ensuring a due standard of security given today’s realities. Furthermore, we discuss vulnerabilities in a biometric scanner from a major global vendor that we found while analyzing its level of security. The article will prove useful for both security researchers and architects.

We have notified the vendor about all the vulnerabilities and security issues we found. A CVE entry has been registered for each of the vulnerability types: CVE-2023-3938, CVE-2023-3939, CVE-2023-3940, CVE-2023-3941, CVE-2023-3942, CVE-2023-3943.

Read more…

From gbhackers.com

Hackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system. 

By mimicking legitimate files, MSC files can evade various security properties and access overview and control of the vulnerable system with privileges, consequently resulting in unauthorized access to its data and other malicious deeds.

Cybersecurity researchers at NTT recently identified that hackers are weaponizing the MSC files in targeted attack campaigns.

Read more…

From latesthackingnews.com

In different industries, many companies are going digital as they explore various options to reach new audiences and convert new customers. However, many of these companies often encounter cybersecurity challenges in their quest, requiring them to invest in cybersecurity solutions. Besides customers, the increasing acceptance of remote work in different organizations means that sensitive information and resources are shared over the Internet. Thus, while accessing their options for security solutions, there are often arguments on which to choose between enterprise browsers and remote browser isolation tools. In this article, we will explore how each of these cybersecurity solutions works and the major differences between the two.

Read more…