30.10.2024

Largest DDoS Attack in History: 3.8 Tbps
In September, Cloudflare recorded an unprecedented DDoS attack peaking at 3.8 Tbps, marking the largest known incident to date. The primary targets were the company’s clients, but thanks to autonomous defense systems, the threat was successfully neutralized. The majority of the malicious traffic originated from Vietnam, Russia, Brazil, Spain, and the United States. Attackers exploited vulnerable MikroTik devices, ASUS home routers, and DVRs, likely leveraging the CVE 9.8 vulnerability (critical), which was recently identified by Censys.
Source: https://blog.cloudflare.com/how-cloudflare-auto-mitigated-world-record-3-8-tbps-ddos-attack/#:~:text=Over%20the%20past%20couple%20of%20weeks,%20Cloudflare%27s%20DDoS%20protection

Ubuntu Vulnerability in Authd
A newly discovered vulnerability in Ubuntu authentication modules, CVE-2024-9313 (CVSS 8.8), may allow attackers to impersonate other users within a compromised system, potentially granting unauthorized access to sensitive data and resources. This flaw can be exploited through tools like su, sudo, and ssh, which currently lack robust verification mechanisms to ensure the PAM user at the transaction’s conclusion matches the initiator.
Users of “Authd” are urged to upgrade immediately to version 0.3.5 or later. Administrators should also implement compensatory controls, such as stricter access management and monitoring for suspicious activity, until vulnerable versions of su, ssh, and sudo are updated.
Source: https://securityonline.info/authd-vulnerability-cve-2024-9313-allows-user-impersonation-on-ubuntu-systems/

Microsoft Zero-Day in Windows Management Console
Microsoft has identified a critical vulnerability, CVE-2024-43572, in the Windows Management Console, which allows remote code execution on affected systems. This zero-day flaw is being actively exploited and has led to the release of a significant October patch (Patch Tuesday), which includes over 119 fixes. With a CVSS score of 7.8, this vulnerability is one of 23 zero-day instances identified in 2024. System administrators are advised to apply relevant updates without delay.
Source: https://www.securityweek.com/patch-tuesday-microsoft-confirms-exploited-zero-day-in-windows-management-console/

MEDUZASTEALER Malware Spread via Telegram
CERT-UA has reported a new threat involving the MEDUZASTEALER malware, disseminated via Telegram under the guise of technical support for "Reserve+." Attackers are using the @reserveplusbot account to distribute the malicious "RESERVPLUS.zip" file. To bypass security software, the directory containing the malicious program is added to Microsoft Defender exclusions using a PowerShell commandlet (e.g., 'Add-MpPreference -ExclusionPath "%USERPROFILE%\yqpedcpefpenrwim"').
CERT-UA has already initiated technical measures to counter this threat.
Source: https://cert.gov.ua/article/6281018

macOS "HM Surf" Vulnerability and Unauthorized Data Access
The "HM Surf" vulnerability in macOS allows attackers to bypass Transparency, Consent, and Control (TCC) protections to access user data in Safari. This can lead to unauthorized access to the camera, microphone, and location data. Apple has issued a fix for this vulnerability, now identified as CVE-2024-44133, in the security updates for macOS Sequoia released on September 16, 2024. Currently, only Safari benefits from the new TCC security measures. Microsoft is collaborating with other major browser vendors to explore the advantages of strengthening local configuration files.
Source: https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/