Vulnerabilities & Patches
VMWare vulnerability allows easy Admin access: Rapid7, CISA, Microsoft where among several vendors that called out CVE-2024-37085 as an Active Directory privilege bypass vulnerability disclosed by Broadcom. Broadcom released a patch, but only for the latest versions of the affected platforms. Those using ESXi v7 can only leverage a workaround to combat the issue. Ransomware actors are actively exploiting this vulnerability to quickly gain admin access to a victim’s virtual infrastructure.
This is an easy bug to exploit if an attacker gets access to Active Directory. It simply involves creating the proper group and adding themselves to it. An attacker having administrative access to Active Directory is bad enough. Don’t let them get access to easily destroy all of your VMs as well.
IBM, Nike, Disney, others caught in Proofpoint phish palaver • The Register – Proofpoint’s insecure-by-default setup allowed phishing attack to piggyback on their email infrastructure to appear as legit messages. This flaw can happen with any improperly secured email infrastructure, so review your settings to be sure only your users can use it to send emails.
Critical security vulnerabilities in Voice over WiFi – It looks like cell providers made some less than ideal choices which could render WiFi calling insecure.
Threat Actor Abuses Cloudflare Tunnels to Deliver RATs | Proofpoint US – The Proofpoint blog post examins how attackers are exploiting TryCloudflare single-use tunnels to conceal their infrastructure and deliver RATs, complicating detection and response efforts.
Breaches & Attacks
AMI Platform Key leak undermines Secure Boot on 800+ PC models – BOIS maker American Megatrends (AMI) managed to leak a test key which allows Secure Boot to be bypassed in major manufacturers BIOS. This can (and likely will) be leveraged to install BIOS/UEFI level rootkits. This affects Acer, Aopen, Dell, Formelife, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro. Here’s a list of the affected products. I do not know if this is a full list.
IBM Report: Escalating Data Breach Disruption Pushes Costs to New Highs – IBM’s annual report claims average breach costs are up to $4.8m in 2024.
Microsoft says massive Azure outage was caused by DDoS attack – This affected many services such as Azure, O365, Purview, Intune and Defender. Microsoft’s DDoS mititgation accidentally made the recent attack on Azure worse instead of better due to a configuration error. The final details aren’t out yet, but it’s another reminder that good quality control is hare for infosec.
DNS Early Detection – Breaking the Black Basta Ransomware Kill Chain | Infoblox – Infoblox highlights how early detection of DNS anomalies can disrupt the Black Basta ransomware kill chain and enhance cybersecurity defenses. The article contains a list of domains you should block if they aren’t already (InfoBlox & Umbrella already are).
FBI Warns of Scammers Impersonating Cryptocurrency Exchanges – Warn your members about this one.
Security
Blog | Too big to care? – Our disappointment with Cloudflare’s anti-abuse posture | Resources – Spamhaus criticizes Cloudflare for its inadequate response to abuse and spam issues, arguing that the company’s approach enables malicious activities to persist.
Twitter is training it’s AI on your data – Elon just gave his AI access to all your Twitter data. One more reason I’m glad I ditched this site a while ago.
GitHub – ssoready/ssoready: Open-source dev tools for enterprise SSO. Ship SAML support this afternoon. – If you’re building web apps, build in SSO. This open source package will help.
More CrowdStrike Fallout
- Wide World of Cyber: Why we should show CrowdStrike no mercy – Risky Business – Great discussion about how CrowdStrike and Microsoft could have each done things differently that would have lessened the impacts of CrowdStrike’s huge mistake.
- CrowdStrike: Tech firm sued by shareholders over IT global outage – The lawsuit accuses the Crowdstrike of misleading statements regarding testing and losing nearly $25b of market value.
- Inside Crowdstrike’s Deployment Process
- Delta hires David Boies to seek damages from CrowdStrike, Microsoft –
Technology
There is no fix for Intel’s crashing 13th and 14th Gen CPUs — any damage is permanent – The Verge – Intel is not saying they will replace chips that have already failed.
GitHub – onceupon/Bash-Oneliner: A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance. – A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.
How to get started with digital estate planning – 1Password wrote a nice white paper on handling your digital legacy.