The CyberWire-Daily Briefing
"Microsoft patches zero-click RCE vulnerability."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 16 August 2024, 1400 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing.
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 08.15.24
Announcement
N2K Pro members now have exclusive access to Pro Academy.
As part of N2K’s commitment to your professional growth, we’re thrilled to introduce N2K’s Pro Academy–an exclusive benefit to our N2K Pro community. With this expansion, N2K Pro provides all the resources you need to stay current, prepare for certification exams, advance your cybersecurity skills, and network with industry peers– all in one cost-effective platform. Learn more and subscribe today.
Summary
As part of N2K’s commitment to your professional growth, we’re thrilled to introduce N2K’s Pro Academy–an exclusive benefit to our N2K Pro community. With this expansion, N2K Pro provides all the resources you need to stay current, prepare for certification exams, advance your cybersecurity skills, and network with industry peers– all in one cost-effective platform. Learn more and subscribe today.
At a glance.
- Microsoft patches zero-click RCE vulnerability.
- Iran's APT42 targets US presidential campaigns.
- Texas sues General Motors over alleged privacy violations.
- Microsoft patches zero-click RCE vulnerability.
- Iran's APT42 targets US presidential campaigns.
- Texas sues General Motors over alleged privacy violations.
Microsoft patches zero-click RCE vulnerability.
Microsoft has issued a patch for a zero-click remote code execution vulnerability (CVE-2024-38063) that affects all Windows machines using IPv6, which is enabled by default, BleepingComputer reports. Microsoft says "[a]n unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution." The vulnerability was discovered by a researcher at Kunlun Lab, who noted that the bug is triggered before the packet reaches the Windows firewall.
There's no evidence of exploitation so far, but Microsoft has given the flaw its "Exploitation more likely" label. Users are urged to update Windows as soon as possible or disable IPv6 until patches can be applied.
If you're on the front line, we've got your back.Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
Microsoft has issued a patch for a zero-click remote code execution vulnerability (CVE-2024-38063) that affects all Windows machines using IPv6, which is enabled by default, BleepingComputer reports. Microsoft says "[a]n unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution." The vulnerability was discovered by a researcher at Kunlun Lab, who noted that the bug is triggered before the packet reaches the Windows firewall.
There's no evidence of exploitation so far, but Microsoft has given the flaw its "Exploitation more likely" label. Users are urged to update Windows as soon as possible or disable IPv6 until patches can be applied.
Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
Iran's APT42 targets US presidential campaigns.
Google’s Threat Analysis Group (TAG) has published a report on the Iran-aligned threat actor APT42's targeting of US presidential campaigns. Google confirms that APT42 has targeted both the Trump and Biden-Harris campaigns with spearphishing attacks: "In May and June, APT42 targets included the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump, including current and former officials in the U.S. government and individuals associated with the respective campaigns. We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals." TAG adds that the group "successfully gained access to the personal Gmail account of a high-profile political consultant."
The researchers note that APT42 has also ramped up its phishing attacks against users in Israel, targeting "people with connections to the Israeli military and defense sector, as well as diplomats, academics, and NGOs."
Fight Cloud Threats Faster with the Power of AICloud attacks happen fast, making it difficult for security teams to keep up and perform thorough investigations. Sysdig Sage™ is the first AI cloud security analyst capable of multistep reasoning, and is designed to address the inherent complexity of securing cloud infrastructures. Read the blog to learn how security teams, through simple AI conversation, can quickly analyze cloud threats and get contextual guidance on how to respond.
Google’s Threat Analysis Group (TAG) has published a report on the Iran-aligned threat actor APT42's targeting of US presidential campaigns. Google confirms that APT42 has targeted both the Trump and Biden-Harris campaigns with spearphishing attacks: "In May and June, APT42 targets included the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump, including current and former officials in the U.S. government and individuals associated with the respective campaigns. We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals." TAG adds that the group "successfully gained access to the personal Gmail account of a high-profile political consultant."
The researchers note that APT42 has also ramped up its phishing attacks against users in Israel, targeting "people with connections to the Israeli military and defense sector, as well as diplomats, academics, and NGOs."
Cloud attacks happen fast, making it difficult for security teams to keep up and perform thorough investigations. Sysdig Sage™ is the first AI cloud security analyst capable of multistep reasoning, and is designed to address the inherent complexity of securing cloud infrastructures. Read the blog to learn how security teams, through simple AI conversation, can quickly analyze cloud threats and get contextual guidance on how to respond.
Texas sues General Motors over alleged privacy violations.
Texas Attorney General Ken Paxton has filed a lawsuit against General Motors, claiming the company violated the privacy rights of millions of Texans by selling their vehicle location data to data brokers, POLITICO reports. The lawsuit states, "General Motors deceptively collected scores of data points from consumers about their driving habits, monetized that data by selling it to other commercial actors, and permitted those actors to use the ill-gotten data to make adverse decisions when dealing with those same consumers."
POLITICO notes that this is the first state-level enforcement against an automaker for data sales.
D.C.’s Premier Gathering of Cybersecurity Visionary LeadersN2K CyberWire is proud to partner with DMV Rising 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, and provide a unique opportunity to foster new connections and innovative ideas. Join us on September 12, 2024 to experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Texas Attorney General Ken Paxton has filed a lawsuit against General Motors, claiming the company violated the privacy rights of millions of Texans by selling their vehicle location data to data brokers, POLITICO reports. The lawsuit states, "General Motors deceptively collected scores of data points from consumers about their driving habits, monetized that data by selling it to other commercial actors, and permitted those actors to use the ill-gotten data to make adverse decisions when dealing with those same consumers."
POLITICO notes that this is the first state-level enforcement against an automaker for data sales.
N2K CyberWire is proud to partner with DMV Rising 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, and provide a unique opportunity to foster new connections and innovative ideas. Join us on September 12, 2024 to experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Notes.
Today's issue includes events affecting Iran, Israel, and the United States.
Sponsored EventsUpcoming Cyber Security Summits (Multiple Cities, Aug 20 - Sep 6, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 8/20 in Detroit, 8/22 in Portland, 8/27 in San Antonio and 9/6 in Chicago! Learn about the latest threats and solutions from The FBI, U.S. DHS/CISA, City of Detroit, City of Chicago & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)Upcoming webinar: Unpacking the 2024 Ransomware Landscape (Virtual, Aug 22, 2024) Join David Bittner and Deepen Desai, Chief Security Officer at Zscaler, on August 22nd for an exclusive deep dive into the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report. In this discussion, we will highlight critical insights into the most targeted industries and regions, uncover the dynamics behind a record ransom payout, discuss emerging ransomware families to watch, and share predictions for the upcoming year. Register now to secure your spot.DMV Rising, D.C.’s Premier Conference for Cyber Execs. (Virtual and Washington, DC, US, Sep 12, 2024) The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!Step into the heart of excitement at the Finance & Accounting Technology Expo! (New York, NY, Oct 29 - 30, 2024) FATE is the leading expo in the finance industry, bringing together experts, innovators, and professionals like yourself to connect, explore and expand! There will be over 70 technologies, more than 60 learning sessions, incredible networking with over 1000 finance and accounting professionals -- and great keynote speakers. Our keynote speakers range from Shark Tank Judge Daymond John to CFO Glenn Hopper and even a TechStack of Sports panel, bringing you CFOs of some of the most recognized brands in sports sharing how technology powers their decisions and their growth! This premier event will leave you with the latest insights, strategies, and tools necessary to excel in the dynamic landscape of finance, accounting, and technology. And the best part is that – it's FREE! Use Code: wko735 and reduce your ticket price to $0. Register here today!Selected Reading
Today's issue includes events affecting Iran, Israel, and the United States.
Attacks, Threats, and Vulnerabilities
Stealthy phishing attack uses advanced infostealer for data exfiltration (Barracuda) hishing attacks featuring an advanced, stealthy technique designed to exfiltrate a wide range of sensitive information have been observed by Barracuda threat analysts.
Doppelgänger operation rushes to secure itself amid ongoing detections, German agency says (The Record) Recent scrutiny of the Russia-linked Doppelgänger influence operation has disrupted how it behaves, according to the BayLfV, an agency of the Bavarian state government.
A new extortion crew, Mad Liberator, emerges on the scene (The Register) Anydesk is its access tool of choice
Stealthy phishing attack uses advanced infostealer for data exfiltration (Barracuda) hishing attacks featuring an advanced, stealthy technique designed to exfiltrate a wide range of sensitive information have been observed by Barracuda threat analysts.
Doppelgänger operation rushes to secure itself amid ongoing detections, German agency says (The Record) Recent scrutiny of the Russia-linked Doppelgänger influence operation has disrupted how it behaves, according to the BayLfV, an agency of the Bavarian state government.
A new extortion crew, Mad Liberator, emerges on the scene (The Register) Anydesk is its access tool of choice
Security Patches, Mitigations, and Software Updates
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR (SecurityWeek) Palo Alto Networks has patched multiple vulnerabilities, including ones rated high severity, in several products.
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR (SecurityWeek) Palo Alto Networks has patched multiple vulnerabilities, including ones rated high severity, in several products.
Litigation, Investigation, and Law Enforcement
Kim Dotcom is being Megauploaded to the US for trial (The Verge) The order follows a 12-year battle to remain in New Zealand.
Industry EventsFor a complete running list of events, please visit the Event Tracker.
Kim Dotcom is being Megauploaded to the US for trial (The Verge) The order follows a 12-year battle to remain in New Zealand.
For a complete running list of events, please visit the Event Tracker.
Events
Unpacking the 2024 Ransomware Landscape: Insights and Strategies from ThreatLabz (Virtual, Aug 22, 2024) This live discussion on the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report highlights the most targeted industries and regions, the dynamics behind a ransom payout, emerging ransomware families, and predictions for 2025. Register now.
SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
Unpacking the 2024 Ransomware Landscape: Insights and Strategies from ThreatLabz (Virtual, Aug 22, 2024) This live discussion on the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report highlights the most targeted industries and regions, the dynamics behind a ransom payout, emerging ransomware families, and predictions for 2025. Register now.
SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
Comments
Post a Comment
Please leave a comment about our recent post.