Aggregator

在 SEC Consult 漏洞实验室的 Michael Baer 最近进行的漏洞分析中，发现 Palo Alto Networks 的 GlobalProtect MSI 安装程序存在一个严重的本地权限升级漏洞 (CVE-2024-9473)。该漏洞一旦被利用，本地低权限攻击者就能获得受影响计算机的 SYSTEM 级访问权限，给软件用户带来严重的安全风险。 CVE-2024-9473 漏洞存在于 GlobalProtect 的 MSI 安装程序中。根据 Baer 的研究结果，问题出现在使用 MSI 文件安装 GlobalProtect 时。低权限用户可以在不需要用户账户控制（UAC）提示的情况下启动安装程序，从而触发安装修复。在修复过程中，一个名为 PanVCrediChecker.exe 的子进程会以 SYSTEM 权限执行，并与程序文件目录下的 libeay32.dll 文件交互。 Baer 解释说，这个过程打开了一个重大漏洞： “在使用 msiexec.exe 的修复功能时，发现 GlobalProtect MSI 安装程序文件的配置会产生一个以 SYSTEM 用户身份运行的可见 conhost.exe 窗口。这样，攻击者就可以通过打开 SYSTEM 级命令提示符来操纵系统，从而完全控制机器。” 开发过程出人意料地简单明了。攻击者可以在机器上找到 MSI 安装程序文件（即使该文件已从其原始位置删除）并触发修复过程。利用谷歌零项目中的工具 SetOpLock.exe，攻击者可以锁定 libeay32.dll，修复过程中会多次访问 libeay32.dll。 通过在特定时间点小心地释放和保持锁，攻击者可以确保 conhost.exe 窗口保持打开，从而提升权限。“PanVCrediChecker.exe执行时打开的conhost窗口不会关闭，因此可以与之交互，”Baer解释说。最后一步是通过浏览器打开 SYSTEM 级命令提示符并执行 cmd.exe。 分析显示，GlobalProtect 的多个版本都存在漏洞。测试的版本包括 5.1.5 和 5.2.10 以及 6.1.2，但 Palo Alto Networks 已确认 6.2.5 之前的所有版本都受到了影响。不过，5.2.x 版本已达到使用寿命，将不会收到补丁。强烈建议运行任何受影响版本的用户立即升级到已打补丁的 6.2.5 版本，以降低风险。     转自安全客，原文链接：https://www.anquanke.com/post/id/300697 封面来源于网络，如有侵权请联系删除

В Москве выбрали лучший проект по автомобильной киберзащите.

A vulnerability was found in Pocketmags Classic Racer. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7535. The attack needs to be done within the local network. There is no exploit available.

加拿大多伦多大学的 Geoffrey E. Hinton 教授因在 AI 神经网络上的基础性工作而获得了 2024 年度的诺贝尔物理学家，在 AI 上的工作也让他赢得了 AI 教父的美名。他在周二的演讲中特别称赞了一名学生——前 OpenAI 首席科学家 Ilya Sutskever——参与解雇了 CEO Sam Altman 的行动。Hinton 教授说，我特别幸运，有许多非常聪明的学生——比我更聪明——他们完成了真正的工作。他们之后都取得了杰出的成就。我尤其为其中一名学生解雇 Sam Altman 而自豪。Ilya Sutskever 所在的 OpenAI 董事会去年底做出了解雇这家炙手可热 AI 创业公司 CEO 的决定，但这次行动最终未取得成功，Sam Altman 恢复了 CEO 职位，包括 Sutskever 在内的主要参与者在一年之内都离开了 OpenAI。

电信巨头康卡斯特（Comcast）正在通知受金融商业和消费者解决方案公司（FBCS）数据泄露事件影响的约 23.8万名客户。 FBCS 是一家第三方债务催收机构，它收集客户的个人信息，以便代表这些客户开展债务催收活动。 今年 4 月，Financial Business and Consumer Solutions (FBCS) 披露了一起数据泄露事件，1,955,385 人可能受到影响。后来，该公司确定受该事件影响的人数超过 425 万。 该机构于 2024 年 2 月 26 日发现未经授权的访问，并立即采取措施保护受影响的基础设施，同时在第三方取证专家的帮助下展开调查。 据该机构称，被泄露的信息可能包括姓名、出生日期、社会安全号和账户信息。 该机构发现，未经授权的访问发生在 2024 年 2 月 14 日至 2 月 26 日之间。 “2024 年 2 月 26 日，FBCS 发现其网络中的某些系统遭到未经授权的访问。这次事件没有影响到 FBCS 网络以外的计算机系统，包括其客户的计算机系统。”数据泄露通知中写道。“调查确定，在 2024 年 2 月 14 日至 2 月 26 日期间，该环境受到了未经授权的访问，未经授权的行为者有能力在访问期间查看或获取 FBCS 网络上的某些信息。” 据 FBCS 所知，在此次事件之后，没有任何暴露的信息被滥用。自 2024 年 4 月 4 日起，该机构开始通知受影响的客户。 该公司为可能受到影响的个人提供 12 个月的免费信用监控服务。 电信供应商 Comcast 是受此次事件影响的 FBCS 客户之一。 康卡斯特正在通知近 23.8 万人，他们的个人信息在 FBCS 的安全漏洞事件中遭到泄露。 根据康卡斯特公司与缅因州总检察长办公室共享的数据泄露通知函，此次数据泄露事件影响到 237703 名现有客户和前客户。 2024年3月13日，FBCS通知Comcast，它经历了一次数据泄露事件，但Comcast的消费者数据并未受到影响。然而，2024 年 7 月 17 日，FBCS 通知 Comcast 其新的调查结果，即 Comcast 的数据受到了影响。 FBCS 提供了以下信息： 2024 年 2 月 14 日至 2 月 26 日期间，一名未经授权的人员进入了 FBCS 的计算机网络和部分计算机。在此期间，该未经授权方下载了 FBCS 系统中的数据，并作为勒索软件攻击的一部分对一些系统进行了加密。 2024 年 2 月 26 日发现攻击后，FBCS 在第三方网络安全专家的协助下展开了调查。在调查过程中，FBCS 发现未经授权方下载的文件包含个人信息，其中包括您的个人信息。FBCS 还向联邦调查局（FBI）通报了这一攻击事件 这起安全事件完全发生在 FBCS，而不是 Xfinity 或 Comcast 系统。 FBCS 通知 Comcast：“由于其目前的财务状况，无法再向受此次事件影响的个人提供通知或信用监控保护。因此，我们将直接与您联系并提供支持服务。FBCS 收到您的信息是因为他们之前曾为 Comcast 提供拖欠付款的相关催收服务，直到 2020 年 Comcast 停止与 FBCS 合作。由于 FBCS 受康卡斯特与 FBCS 工作关系之外的数据保留要求的限制，因此有关您的被泄露信息的时间约为 2021 年。” 被泄露的数据包括： 姓名、地址、社会保险号、出生日期以及客户的 Comcast 账号和 FBCS 内部使用的 ID 号。 FBCS 指出，没有迹象表明在此次事件中泄露的任何个人信息被进一步滥用。 Comcast 向受影响的客户提供为期一年的信用监控和身份保护服务。     转自安全客，原文链接：https://www.anquanke.com/post/id/300706 封面来源于网络，如有侵权请联系删除

A vulnerability was found in Mycfnuke Cf Nuke up to 4.6. It has been rated as problematic. This issue affects some unknown processing of the file index.cfm. The manipulation of the argument cat leads to basic cross site scripting. The identification of this vulnerability is CVE-2005-4075. The attack may be initiated remotely. Furthermore, there is an exploit available.

Critical Infrastructure Firms Are Hiring - and Paying Well
As digital transformation continues to reshape industries, the convergence of operational technology and cybersecurity has emerged as a critical area of focus. But there's a noticeable gap in the workforce. Professionals who truly understand both OT and cybersecurity are in short supply.

Justice Department Aiming to Emphasize Privacy and Security in AI Deployment
The U.S. Department of Justice is drafting new guidelines for law enforcement on the use of artificial intelligence and facial recognition tools to enhance public safety while safeguarding civil rights and ensuring ethical deployment, a senior official said Wednesday.

WestCap-Led Funding to Drive Click-Fraud Protection, Ad Integrity Expansion
Human Security's recent $50 million growth funding, led by WestCap, will drive the development of click-fraud defense and enhance advertising integrity solutions. CEO Stu Solomon aims to leverage the funding for scaling the engineering and data science teams, addressing emerging fraud threats.

Hotel Chain Also Settles with Federal Trade Commission
The world's largest hotel chain agreed Wednesday to pay $52 million and agree to two decades of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The multi-million payout is part of a settlement reached with 50 U.S. attorneys general.

Cyber Bill Says the Government Can't Use Information to Prosecute Victims
Ransom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require require larger businesses to report ransom payments to the government.

A vulnerability was found in libarchive up to 3.7.4 and classified as problematic. Affected by this issue is the function execute_filter_delta of the file archive_read_support_format_rar.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-48958. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in libarchive up to 3.7.4 and classified as problematic. Affected by this vulnerability is the function execute_filter_audio of the file archive_read_support_format_rar.c. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-48957. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Fortra Robot Schedule Enterprise Agent up to 3.04. Affected is an unknown function of the component FTP. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2024-8264. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Elliptic Package up to 6.5.5 on Node.js. This issue affects the function verify in the library lib/elliptic/eddsa/index.js. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-48949. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in LemonLDAP::NG up to 2.19.2. This vulnerability affects unknown code of the component Login Page. The manipulation of the argument username leads to cross site scripting. This vulnerability was named CVE-2024-48933. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Syracom Secure Login Plugin up to 3.1.4.5 on Jira/Confluence/Bitbucket. This affects an unknown part of the file plugins/servlet/twofactor/public/pinvalidation of the component 2FA PIN Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is uniquely identified as CVE-2024-48942. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Syracom Secure Login Plugin up to 3.1.4.5 on Jira. It has been rated as critical. Affected by this issue is some unknown functionality of the file /rest. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-48941. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in open-webui up to 0.3.8. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/documents/ of the component API Endpoint. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-7048. The attack can be launched remotely. There is no exploit available.