"0.0.0.0 Day" browser vulnerability. Windows Update downgrade attack unpatches systems. No action by the SEC against MOVEit vendor.  

News

Hi friends,

I hope you had a good week! I sure did, I passed my exam! :-) There are more to come in the next few months, but that's a concern for future me. For now I'm wrapping a few things up, and then off to a glorious week of vacation.

Have a good one folks!

Cheers,

Dieter

"0.0.0.0 Day" vulnerability lets websites interact with services on a local network

Websites can have client-side code make requests to 0.0.0.0, and browsers will interpret this is a request to the localhost or local network, yet won't block it.

Fixes are being rolled out, but it's note-worthy that the vulnerability was first reported 18 years ago, and only now is getting attention. Especially since it has been exploited in the wild, with a recent uptick in popularity. It only works on Mac and Linux though, surprisingly.

bleepingcomputer.com

Windows Update downgrade attack "unpatches" fully-updated systems

Don't worry Windows, you get some love too. Researchers discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, 11, and Server systems to reintroduce old vulnerabilities.

The way the researchers describe it, the attack is "undetectable because it cannot be blocked by endpoint detection and response (EDR) solutions, and it's also invisible since Windows Update reports that a device is fully updated (despite being downgraded)". Great. Kudos to the researchers though, very interesting find.

Microsoft hasn't been able to release patches yet, even though the research was disclosed to them six months ago. They do share some mitigation advice. No exploit attempts have been seen in the wild, let's hope it stays that way.

bleepingcomputer.com

SEC ends probe into MOVEit attacks impacting 95 million people

The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day, saying it will not recommend any enforcement action regarding the security incident. That's sort of unfortunate, I think. It could have been a powerful signal. They still face hundreds of class-action lawsuits though.

bleepingcomputer.com

UN cybercrime treaty passes in unanimous vote

I'm not sure what this will mean in practice, but it sounds significant.

therecord.media

Quick links

  • Easterly: Potential Chinese cyberattack could unfold like CrowdStrike error: link.
  • Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault: link.
  • Microsoft 365 anti-phishing feature can be bypassed with CSS: link.
  • Gov. Tim Walz, Harris’ VP pick, has a notable record on cyber: link.
  • US dismantles laptop farm used by undercover North Korean IT workers: link.
  • Microsoft: Iran makes late play to meddle in U.S. elections: link.
  • US offers $10 million for info on Iranian leaders behind water utility attacks: link.

Breaches and leaks

  • NHS software supplier Advanced faces £6m fine over ransomware attack failings: link.
  • McLaren hospitals disruption linked to INC ransomware attack: link.
  • Russian spies hacked UK government systems earlier this year, stole data and emails: link.
  • Russia's Kursk region suffers 'massive' DDoS attack amid Ukraine offensive: link.
  • Hacker wipes 13,000 devices after breaching classroom management platform: link.
  • Keytronic reports losses of over $17 million after ransomware attack: link.
  • Nearly 40 French museums reportedly affected by ransomware attack: link.
  • Hackers directly email customers of immigration firm after damaging cyberattack: link.
  • UK IT provider faces $7.7 million fine for 2022 ransomware breach: link.
  • ADT confirms data breach after customer info leaked on hacking forum: link.
  • Ronin Network hacked, $12 million returned by "white hat" hackers: link.
  • Cybercriminals target Canadian restaurant chain with Chameleon malware: link.

Issues and fixes

  • Google says Android zero-day was exploited in the wild: link.
  • Critical Progress WhatsUp RCE flaw now under active exploitation: link.
  • CISA warns about actively exploited Apache OFBiz RCE flaw: link.
  • Exploit released for Cisco SSM bug allowing admin password changes: link.
  • Cisco warns of critical RCE zero-days in end of life IP phones: link.

What 1Password can do for developers

If you're an engineer, it's really worth checking out 1Password's developer tools. It can manage secrets for your infrastructure and CI/CD pipeline, manage SSH keys, and inject tokens into CLI scripts. Play around with it and see how it can fit in your development flow. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.