Aggregator

A vulnerability has been found in Linux Kernel up to 6.6.40/6.9.9 and classified as problematic. This vulnerability affects unknown code in the library lib/xarray.c. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-42241. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.40/6.9.9. This affects an unknown part in the library lib/xarray.c. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-42243. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

We’re thrilled to announce that Angelboy, senior security researcher at DEVCORE, is named one of Microsoft’s MSRC 2024 Most Valuable Security Researchers! He not only secured the #33 spot on the overall list but also achieved the #9 position in the Windows category.

This is the first time Angelboy has been shortlisted on this annual leaderboard, and he is also the highest-ranked Taiwanese security researcher featured. This prestigious accomplishment highlights his exceptional expertise and significant contributions to the field.

The Microsoft Security Response Center (MSRC) has long recognized the efforts of security researchers who partner with Microsoft in reporting vulnerabilities through its Microsoft Researcher Recognition Program (MRRR). The program expresses gratitude for their contributions to the security of Microsoft’s global customers and products.

The MSRC 2024 Most Valuable Security Researchers list, announced on August 7th, is based on the total number of points the researchers earned for each valid report from July 2023 to June 2024. Angelboy secured the #33 spots on the leaderboard. Specifically, his dedicated passion for Windows Kernel research earned him a #9 ranking in the Windows category, placing him in the TOP 10. He was also awarded “Accuracy” and “Volume” badges, further highlighting his significant contributions to vulnerability research.

References:

• Microsoft official announcement - Congratulations to the MSRC 2024 Most Valuable Security Researchers!
• Microsoft MSRC 2024 leaderboard

恭喜 DEVCORE 資深資安研究員 Angelboy 榮獲 Microsoft 的 MSRC 2024 Most Valuable Security Researchers 的殊榮！除了在不分項 TOP 100 名單中榮獲 #33 名，在 Angelboy 長年研究的 Windows 領域中，他更以 #9 的名次擠入前十大行列。

這不僅是 Angelboy 首次登上該年度榜單，同時也是該名單中排名最高的台灣資安研究員。

Microsoft 旗下的 Microsoft Security Response Center（MSRC，或稱 Microsoft 安全性回應中心）長期藉 Microsoft Researcher Recognition Program（MRRR）計畫，公開表揚協助 Microsoft 挖掘系統安全漏洞的資安研究員，以此致謝優秀資安研究員為 Microsoft 的客戶及產品安全所付出的努力。

Microsoft 於 7 日公布的 MSRC 2024 Most Valuable Security Researchers 名單，是根據 2023 年 7 月至 2024 年 6 月，全球各地資安研究員向 MSRC 回報的漏洞得分所統計而得。在整體不分項名單中，Angelboy 獲得了 #33 名的殊榮。而針對 Microsoft 旗下各類型產品的 Windows 類別中，Angelboy 則入列 TOP 10，獲得 #9 的成績，並經認證全數漏洞回報皆為有效回報。

再次恭喜 Angelboy 奪得此一殊榮！

參考資料：

• Microsoft official announcement - Congratulations to the MSRC 2024 Most Valuable Security Researchers!
• Microsoft MSRC 2024 leaderboard

今日暂未更新资讯~
更多最新文章，请访问SecWiki

猫通常被认为是独立、冷漠和善变的动物，但发表在《Applied Animal Behaviour Science》上的一项研究发现，猫并没有那么反社会，它们会对同一家庭的其它宠物死亡表现出悲痛之情——即使死去的是家犬。研究人员称，这意味着生离死别的经历具有普遍性。哀悼在动物王国里是一种广泛认可的现象，大象、海豚和黑猩猩会做出复杂的行为如守卫死去同伴的尸体，狗在家中另一只狗死亡后也会改变行为。

• HYAS Protect protective DNS uses advanced data analytics to proactively block cyber threats, a feature unavailable in legacy systems relying on static DNS filtering.
• AV-TEST, one of the cybersecurity industry’s most trusted evaluators, rates HYAS as the most effective protective DNS solution on the market.
• With quick deployment and numerous integrations, HYAS Protect works out of the box for organizations of any size.

Protective DNS Is Trusted by Governments Worldwide

Protective DNS is one of the most effective strategies in modern cybersecurity. The National Security Agency (NSA) recently named it as one of the best defenses against evolving phishing attacks. As cyber threats become more sophisticated, organizations find an increasingly pressing need for advanced, proactive solutions.

While DNS filtering has existed for decades, legacy systems rely on static blocklists that bad actors can circumvent simply by switching domains. A protective DNS (PDNS) solution, however, uses advanced algorithms and data analytics to pinpoint a threat before it becomes damaging. Protective DNS from HYAS takes a proactive approach by identifying and blocking malicious activity dynamically.

Read on to see what makes HYAS Protect protective DNS a standout security solution and trusted tool of governments worldwide.

What Is HYAS Protect?

HYAS Protect is a machine-learning-powered threat intelligence tool that uses advanced telemetry and authoritative domain based intelligence to proactively block malicious infrastructure. Put another way, it detects network breaches before they cause damage.

Like all PDNS systems, HYAS Protect blocks requests to potentially harmful domains, but it doesn’t require a predetermined list of domain names. Built on the advanced threat intelligence platform HYAS Insight, HYAS Protect uses aggregated data from leading cybersecurity sources around the globe and real-time, dynamic analysis to identify a threat days, weeks or even months before it is activated.

If a particular DNS request is potentially harmful, the HYAS Protect system blocks the query. To identify these threats, HYAS Protect runs a pattern analysis across IP addresses, name servers, registrars, and other factors to determine how closely a potentially harmful domain aligns known adversarial infrastructure — even if that domain has never before appeared in a cyberattack.

The HYAS solution doesn't care if a suspicious domain is on a list or if it's been seen yet. We know that based on specific telemetry, even if it hasn't been used or weaponized, it most likely will in the future.

How Does HYAS Protect Work?

No matter how a network breach occurs—whether through ransomware, phishing, or another cyberattack—the malicious software needs to “beacon out” to the attack’s infrastructure, also known as command-and-control (C2). HYAS Protect detects this C2 beacon and terminates the connection before the attack can continue. For security-minded organizations, HYAS brings three core advantages.

1. Predictive Threat Detection

Firstly, the domain filtering in HYAS Protect is based on predictive data, leveraging advanced analytics to identify and block potentially malicious DNS requests before they can cause harm. This predictive approach uses a variety of data points and threat intelligence to assess the risk associated with each DNS query. If a request appears unusual or aligns with patterns often seen in cyberattacks, it is proactively blocked. By predicting and preventing threats at this early stage, HYAS Protect helps to secure the network against a wide range of potential cyber threats, from ransomware to phishing and beyond. This approach is designed to provide robust security by stopping threats before they can gain a foothold in the network.

Additionally, HYAS Protect also allows for active list management and advanced rule sets that users can configure to allow acceptable traffic while still dynamically blocking suspicious domains. There’s even an inspection mode that provides platform analytics and telemetry without actually blocking any sites — this can be useful when organizations first start with HYAS to understand the system without interrupting any workflows.

2. Customized Analytics

HYAS Protect also offers insightful analysis that increases overall traffic visibility. Although people usually think of web browsing and clicking on email links as the biggest cybersecurity threats, Internet of Things (IoT) and operational technology (OT) devices are also at risk of compromise. Because they often run in the background, suspicious beaconing from IoT or OT devices may otherwise go undetected.

That’s where HYAS steps in. This isn't just user-generated traffic – this is machine-driven traffic, too. HYAS analytics identifies an organization’s riskiest users, riskiest devices and which domains are triggering the most blocked queries. The data gives a more comprehensive, security-focused picture than a typical static blocklist, and the detailed logs can expedite an investigation if needed.

3. Easy Integration Into Your Existing Stack

Lastly, HYAS Protect is designed to work right out of the box. Our DNS resolver is fully cloud-based; it takes only a few minutes to deploy across your organization’s infrastructure. HYAS Protect also has an agent version compatible with all major operating systems, which is useful if you have company devices frequently roaming off the global network. With device-level installation, HYAS can still work even on public Wi-Fi networks in coffee shops or airport lounges.

HYAS also offers third-party integrations with major endpoint protection solutions including SentinelOne and Microsoft Defender. These systems work together — HYAS Protect parses data from endpoint detection and response programs to identify any DNS requests to suspicious infrastructure.

HYAS Protect Is the Public Sector Solution of Choice

Recent recognition for HYAS includes the prestigious 2024 Govies Awards for the public Sector, 2024 Globee Cybersecurity Awards, and the 2024 Global InfoSec Awards.

In 2023, AV-TEST, considered the industry’s most rigorous third-party evaluator, gave HYAS Protect the highest efficacy rating of all PDNS solutions tested. This is particularly relevant in the public sector as cyberattacks increasingly target government agencies. To combat these threats, the NSA recommends PDNS as a core component of a multilayered security strategy, and HYAS is one of the providers meeting the NSA’s specifications.

Being effective in blocking the unknown and known threats is what HYAS is all about. No matter how sophisticated cyberattacks become, HYAS Protect keeps organizations one step ahead.

Additional Learning

How to Select a Protective DNS Solution

Watch a Demo of HYAS Protect Protective DNS

Guide to Protective DNS Security

Protective DNS eBook

AV-TEST evaluation of HYAS Protect

Want to talk to an expert to learn more about how Protective DNS can transform your organization? Contact us today to find out what HYAS security solutions can do for you.

The post Why Governments Worldwide Recommend Protective DNS appeared first on Security Boulevard.

Microsoft 365's anti-phishing tip can be hidden via CSS, as shown by Certitude's Moody and Ettlinger

最近越来越喜欢使用 Perplexity，觉得他们的产品做得很有灵气。然后找了他们的两个访谈，读来很有收获，做些摘录和意译。

过去一个月，马斯克（Elon Musk）正式表态支持共和党总统候选人特朗普（Donald Trump）之后通过个人账号转发了多条与民主党相关的虚假信息。他还表示将成立一个支持特朗普的政治行动委员会，一度承诺每月向特朗普阵营捐赠 4500 万美元，但之后又反悔了。Twitter 前员工表示，马斯克正在做他曾经指责 Twitter 前领导层做的事情：玩弄政治。前员工称这是虚伪，马斯克知道社交媒体是一种媒体，是一种控制叙事方式。因担心报复而不愿意透露姓名的三名前员工表示，马斯克代表了一种新型的表演者——试图积极利用平台重塑美国及外国的政治，愿意为此承受监管罚款和广告收入下降。前员工称，他在巩固权力，系统性的摧毁公司所有的信誉标志，当他瞄准一位总统候选人时，意义就额外不同了。马斯克多年来一直在为此做准备。皮尤研究中心的研究发现，X 已表现出明显的党派倾向，它更受共和党选民的欢迎，而不再受民主党选民的欢迎，民主党人称他们的观点在 X 上受欢迎的可能性小于共和党人。X 的用户群也已经发生了变化，曾因违反社区规则而封杀的用户被解禁，大量公开宣称是白人至上主义者、阴谋论者和新纳粹分子都涌入了该平台。

Threat actors are actively attempting to exploit a recently fixed  Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. [...]

Tijdens de berging van een Duits vliegtuigwrak uit de Tweede Wereldoorlog in Noordoost-Friesland is geconstateerd dat de opgegraven grond vervuild is. Het gaat om benzeen van nog aanwezige vliegtuigbrandstof. Daarom is gisteren besloten het werk voorlopig stil te leggen op de verwerkingslocatie in Holwert. Hier wordt afgegraven grond minutieus afgezocht op eventuele stoffelijke resten. De berging van het Duitse wrak is overigens wel afgerond.

Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots.

The Amazon Web Services (AWS) Service Delivery designation is a specialized program designed to validate AWS Partners that have experience, deep technical expertise, and proven success delivering specific AWS services for clients. In October 2022, AWS announced a new designation for Amazon Elastic Kubernetes Service (Amazon EKS) that focuses on the proven ability to architect, run, and operate containerized workloads on Amazon EKS.

The post How Fairwinds Delivers On EKS Internally, AWS EKS Delivery Designation appeared first on Security Boulevard.

Новая функция станет дополнительным источником дохода для авторов контента.

Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.

Windows is an operating system that, over its 40-plus years of history, has developed more than a few arcane components that are a mystery to many systems administrators. The kernel-mode driver is one component that’s fresh in the minds of many of those administrators these days.

What is a kernel-mode driver?

Kernel-mode drivers operate at a higher level of privilege than user-mode drivers and provide applications on a Windows system with a way to interact directly with the Windows kernel and hardware.This allows games to talk directly to a graphics card or a security product to talk directly to core components of the OS. When your software needs to communicate with the highest level of efficiency, accept no substitute!

Why are kernel-mode drivers risky?

If a kernel-mode driver misbehaves, it can cause much more serious issues with Windows than a user-mode driver does.The problems can range from data corruption and damage to the operating system to outright crashes and an inability to use the machine. A recent worldwide computing incident was caused by an update to a kernel-mode driver in a popular endpoint security product.

That said, thousands of software products use kernel-mode drivers safely on billions of devices every day. A kernel-mode driver on a Windows asset is normal and not usually cause for concern. However, there are some drivers for which Windows administrators should keep watch.

Which kernel-mode drivers should I worry about?

Some widely distributed kernel-mode drivers contain vulnerabilities that are known to attackers. These attackers know that when they breach a Windows machine, they can look at the kernel-mode drivers running on it to see if any of them are familiar and can be readily used to elevate their privileges on the machine.

Of course, with administrative privileges, attackers can also load new drivers onto a machine. They may attempt to install a known vulnerable driver or a custom-made malicious driver to provide themselves with more tools to control the victim host.

A community-driven initiative called LOLDrivers - or “Living Off the Land Drivers”, in reference to attackers who “live off the land” by using tools already on their victim machine - emerged in the last few years, cataloging known vulnerable or malicious drivers. By maintaining an up-to-date list of these problematic drivers, the project aims to provide a valuable resource for security professionals seeking to defend against these techniques. Incorporating this list into security tools, such as driver enumeration plugins, enables proactive detection and mitigation of threats before they can cause harm.

What is Tenable doing to help mitigate this risk?

Tenable Research has developed a new set of plugins for Tenable Nessus, Tenable Security Center, Tenable Vulnerability Management and Tenable One to help practitioners gain visibility into the risky third-party drivers on their assets.

First, the Windows System Driver Enumeration plugin will list the third-party (i.e., those not provided by Microsoft) kernel-mode drivers installed on a Windows machine. Scan results will document all detected third-party system drivers and can provide an inventory across an organization’s Windows population. The results are not indicative of malicious activity by themselves – they are a way to provide awareness of which drivers have privileged access to Windows machines. Second, the LOLDrivers Detected plugin will cross-reference the list of drivers detected in the prior plugin with the list published by the LOLDrivers project. These drivers are either known to be malicious or are vulnerable to known attacks and should be remediated.

Tenable Research recommends regularly reviewing the results for the second plugin and investigating them by reviewing the relevant entry on the LOLDrivers website. If a malicious file is detected, initiating an incident investigation is appropriate, as you would in any case of detecting malware. A known vulnerable driver should be updated in accordance with the instructions from the vendor that provided the driver.

If there is a concern about a legitimate driver that might cause an impact to the environment, the enumeration plugin will allow a broader view into the organization’s driver inventory for a faster way to identify affected assets. Unsure what you should do about a specific driver that’s been detected? Contact the vendor that created the driver, as they’re the best resource to provide details on how it is used with their software and why it needs kernel access.

Enhancing security awareness with driver enumeration tools

Staying ahead of potential threats is crucial. The new driver enumeration plugin, leveraging the power of the LOLDrivers project, offers a practical and effective solution for enhancing system security by improving a security team’s awareness of a source of risk to their Windows assets. 

Authors/Presenters:Wen-jie Lu, Zhicong Huang, Qizhi Zhang, Yuchen Wang, Cheng Hong

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Squirrel: A Scalable Secure Two-Party Computation Framework for Training Gradient Boosting Decision Tree appeared first on Security Boulevard.

The CISA guidance prioritizes product security alongside the manufacturer's enterprise security