AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/28/2024

Google tags a tenth Chrome zero-day as exploited this year

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is described as an inappropriate implementation in Google Chrome’s V8 JavaScript engine that can let remote attackers exploit heap corruption via a crafted HTML page. This was announced in an update to a blog post where the company revealed last week that it fixed another high-severity zero-day vulnerability (CVE-2024-7971) caused by a V8 type confusion weakness.

 

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China. Versa Director systems are primarily used by Internet service providers (ISPs), as well as managed service providers (MSPs) that cater to the IT needs of many small to mid-sized businesses simultaneously. In a security advisory published Aug. 26, Versa urged customers to deploy a patch for the vulnerability (CVE-2024-39717), which the company said is fixed in Versa Director 22.1.4 or later.

 

Microsoft security tools questioned for treating employees as threats

Software designed to address legitimate business concerns about cyber security and compliance treats employees as threats, normalizing intrusive surveillance in the workplace, according to a report by Cracked Labs. The report, titled “Employees as Risks” – released today by the Vienna-based non-profit – explores software from Microsoft and formerly from Forcepoint – specifically SIEM (security information and event management) and UEBA (user and entity behavior analytics) applications. Part of an ongoing series of reports titled “Surveillance and Digital Control at Work,” the paper examines the way in which expansive information gathering in the workplace turns employees into suspects without cause.

 

US Marshals Service disputes ransomware gang’s breach claims

The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group’s leak site on Monday. “USMS is aware of the allegations and has evaluated the materials posted by individuals on the dark web, which do not appear to derive from any new or undisclosed incident,” a spokesperson told BleepingComputer when asked to confirm the cybercrime group’s claims. While the ransomware group has not yet released any allegedly stolen documents, they have already included thumbnail screenshots of some of those files in the USMS entry as evidence to support their claims.

 

PoC Exploit for Zero-Click Vulnerability Made Available to the Masses

A security researcher named “Ynwarcs” has published analysis of a proof-of-concept exploit code for a critical zero-click vulnerability in Windows TCP/IP. The vulnerability is tracked as CVE-2024-38063, and is a remote code execution flaw that affects all Windows systems that have IPv6 enabled. Originally discovered by XiaoWei of Kunlun Lab, CVE-2024-38063 can be exploited by threat actors on Windows 10, Windows 11, and Windows Server systems, requiring no user interaction. 

Related Posts