Windows TCO: Serious Flaws, Breaches, and Worse
-
Threat Source ☛ Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
Cisco Talos’ Vulnerability Research team discovered four of the vulnerabilities Microsoft patched this week: CVE-2024-38184, CVE-2024-38185, CVE-2024-38186 and CVE-2024-38187. These are elevation of privilege vulnerabilities in the Microsoft Windows kernel-mode driver that could allow an attacker to gain SYSTEM-level privileges.
The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP. An unauthenticated attacker could exploit this vulnerability by repeatedly sending specially crafted IPv6 packets to a targeted Windows machine that could enable remote code execution. Systems that have IPv6 disabled are not susceptible to this vulnerability.
-
The Register UK ☛ Patch Tuesday: 6 Microsoft fixes for flaws already exploited
Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known.
-
Cyble Inc ☛ Ransomware-as-a-Service Model Architect Extradited To U.S.
Silnikau, who also used aliases like “xxx” and “lansky,” is accused of playing a key role in the creation of Reveton, a pioneering ransomware strain credited with introducing the Ransomware-as-a-Service (RaaS) model in 2011. RaaS simplifies ransomware attacks, allowing even low-skilled criminals to launch them for a small fee.
-
Krebs On Security ☛ Six 0-Days Lead Microsoft’s August 2024 Patch Push
CVE-2024-38106, CVE-2024-38107 and CVE-2024-38193 all allow an attacker to gain SYSTEM level privileges on a vulnerable machine, although the vulnerabilities reside in different parts of the Windows operating system.
Microsoft’s advisories include little information about the last two privilege escalation flaws, other than to note they are being actively exploited. Microsoft says CVE-2024-38106 exists in the Windows Kernel and is being actively exploited, but that it has a high “attack complexity,” meaning it can be tricky for malware or miscreants to exploit reliably.
-
The Register UK ☛ FBI busts minor league Radar/Dispossessor ransomware gang
The FBI said it took down the "Radar/Dispossessor" group. For the uninitiated, the slash there could raise questions. It's not one group that goes by two names, it's actually two groups that operate as two distinct units but share project work.
-
[Old] Medium ☛ Everything Is Broken. Once upon a time, a friend of mine…
Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piece of software and started playing with it. In the process, he figured out how to get total administration access over a network. He put it in a script, and ran it to see what would happen, then went to bed for about four hours. Next morning on the way to work he checked on it, and discovered he was now lord and master of about 50,000 computers. After nearly vomiting in fear he killed the whole thing and deleted all the files associated with it. In the end he said he threw the hard drive into a bonfire. I can’t tell you who he is because he doesn’t want to go to Federal prison, which is what could have happened if he’d told anyone that could do anything about the bug he’d found. Did that bug get fixed? Probably eventually, but not by my friend. This story isn’t extraordinary at all. Spend much time in the hacker and security scene, you’ll hear stories like this and worse.
It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.
-
Security Week ☛ Radar/Dispossessor Ransomware Operation Disrupted by Authorities
To date, the group has made at least 43 victims in Argentina, Australia, Belgium, Brazil, Canada, Croatia, Germany, Honduras, India, Peru, Poland, the UAE, and the UK. However, the group also focused on the US and authorities believe that many targeted organizations have not been identified yet.
-
Security Week ☛ Ransomware Hits Australian Gold Mining Firm Evolution Mining
In a filing (PDF) with the Australian Securities Exchange (ASX), the company said that the attack was identified on August 8 and that it believes it has been contained.
-
Los Angeles Times ☛ Editorial: Full accounting of ransomware attack on L.A. courts needed
Six weeks later, the court was hit by a ransomware attack that infected its computer system with damaging software, forcing it to temporarily close. The new security systems spotted the breach early on Friday, July 19, and court personnel who began their workdays early found ransom notes on their devices before 7 a.m. that day. The court remained unavailable to the public until the following Tuesday, and even then, it operated at severely diminished capacity for several more days.