30.08.2024

$75 Million Ransom: Dark Angels Threat
The Dark Angels, a cybercriminal group focused on large corporations, has secured a record ransom of $75 million from an unnamed Fortune 50 company. This group targets pharmaceutical, technology, and telecommunications companies, stealing sensitive data and threatening to expose it. According to Zscaler ThreatLabz, such attacks have surged by 18% compared to last year, highlighting the urgent need for enhanced cybersecurity measures within the corporate sector.
Source: https://www.forbes.com/sites/daveywinder/2024/07/31/record-breaking-75-million-ransom-paid-to-dark-angels-gang/

Flaws in Windows Smart App Control and SmartScreen
Cybersecurity experts have identified vulnerabilities in Microsoft’s Smart App Control (SAC) and SmartScreen, which are integral components of Windows 11’s security infrastructure. These flaws could allow attackers to gain system access without any warnings, by manipulating LNK files. Researchers note that these LNK files, when clicked, morph into explorer.exe with canonical formatting, effectively removing the Mark of the Web (MotW) before security checks are performed. Users are advised to exercise heightened caution when handling suspicious files.
Source: https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html 

AWS Patches Critical Vulnerabilities with Account Takeover Potential
AWS recently addressed critical vulnerabilities that could have enabled attackers to take over accounts and execute arbitrary code across several services, including CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar. The issue involved the predictable names of automatically generated S3 buckets, which attackers could exploit to create malicious buckets. While AWS has resolved these vulnerabilities, Aqua Security advises companies to review their security configurations and implement additional protective measures. They also announced a new open-source tool for current accounts for these vulnerabilities.
Source: https://www.securityweek.com/aws-patches-vulnerabilities-potentially-allowing-account-takeovers/ 

Six New Zero-Day Vulnerabilities in Windows
Microsoft has reported six new zero-day vulnerabilities that are currently being exploited by attackers. These vulnerabilities affect various Windows components, including:
● CVE-2024-38178 — Memory corruption in Windows Scripting Engine, enabling remote code execution through manipulated links in Edge’s Internet Explorer mode (CVSS 7.5/10).● CVE-2024-38189 — Flaw in Microsoft Project allowing malicious code execution via unsafe Office Project files when macro-blocking policies are disabled (CVSS 8.8/10).● CVE-2024-38107 — Privilege escalation in Windows Power Dependency Coordinator, allowing attackers to gain SYSTEM privileges without compromise indicators (CVSS 7.8/10).● CVE-2024-38106 — Kernel privilege escalation in Windows, exploitable by attackers through race condition manipulation to gain SYSTEM privileges (CVSS 7.0/10).● CVE-2024-38213 — Security bypass in Windows Mark of the Web, allowing attackers to circumvent SmartScreen protection (CVSS 7.0/10).● CVE-2024-38193 — Privilege escalation in Windows Ancillary Function Driver for WinSock, granting SYSTEM privileges without available technical details (CVSS 7.0/10).
These vulnerabilities underscore ongoing threats to Windows users, particularly those related to remote code execution risks in Windows Reliable Multicast Transport Driver (CVSS 9.8/10) and other critical components.
Source: https://www.securityweek.com/microsoft-warns-of-six-windows-zero-days-being-actively-exploited/

New OpenVPN Vulnerabilities
Microsoft has disclosed vulnerabilities discovered in March 2024 within OpenVPN components, including openvpnserv and the TAP driver for Windows. These vulnerabilities, CVE-2024-27459 and CVE-2024-27903, pose significant risks due to their potential for remote code execution (RCE) and privilege escalation (LPE). Microsoft emphasizes that these vulnerabilities are client-side, with the OpenVPN server considered secure. Users are strongly advised to update to OpenVPN version 2.6.10 and enhance their protective measures, including regular system monitoring for suspicious activity.
Source: https://www.securityweek.com/microsoft-warns-of-openvpn-vulnerabilities-potential-for-exploit-chains/

Critical Chrome Vulnerability Discovered by Google
Google has identified a critical vulnerability, CVE-2024-7965, in the Chrome browser that cybercriminals actively exploit. This vulnerability, related to improper implementation in the V8 engine for JavaScript and WebAssembly, allows attackers to cause memory corruption via specially crafted HTML pages. Discovered by a security researcher known as TheDog, this flaw earned the researcher an $11,000 reward.
Since early 2024, Google has uncovered nine zero-day vulnerabilities in Chrome, including:
● CVE-2024-0519: Out-of-bounds memory access in V8.● CVE-2024-2886: Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024).● CVE-2024-2887: Type confusion in WebAssembly (demonstrated at Pwn2Own 2024).● CVE-2024-3159: Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024).● CVE-2024-4671: Use-after-free in Visuals.● CVE-2024-4761: Out-of-bounds write in V8.● CVE-2024-4947: Type confusion in V8.● CVE-2024-5274: Type confusion in V8.● CVE-2024-7971: Type confusion in V8.
Users are strongly encouraged to update Chrome to the latest version to safeguard against these threats.
Source: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html