Google patches Quick Share vulnerability
The app, formerly known as Nearby Share, is “a peer-to-peer file-sharing utility similar to Apple AirDrop that allows users to transfer files, photos, videos, and other documents between Android devices, Chromebooks, and Windows desktops and laptops in close physical proximity.” Researchers at SafeBreach Labs disclosed details of this new vulnerability that “could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target’s device without their approval,” in other words a zero-click. The vulnerability was one of 10 that the researchers discovered last August.
ChatGPT suffered brief outage Wednesday
The AI-powered chatbot suffered some issues mid-morning Eastern Time on Wednesday, with users worldwide experiencing failures when asking follow up questions to answers delivered. Instead, they encountered the message “Something went wrong while generating the response. If this issue persists please contact us through our help center at help.openai.com.” The issue was quickly resolved by OpenAI’s team. When asked about the outage 24 hours later, ChatGPT did not offer a clear cause, but quoted Sam Altman, who attributed the disruptions to “capacity challenges” due to a surge in demand for the AI chatbot.
(BleepingComputer and ChatGPT)
UK’s Royal Mail investigates data leak claims
The Royal Mail, the UK’s national postal service, is looking into a potential security breach after a threat actor “leaked over 144GB of data allegedly stolen from the company’s systems.” The incident actually occurred at Spectos GmbH, a third-party company involved in data collection, analytics and logistics services. Spectos has confirmed in a statement shared with BleepingComputer that “its systems were breached on March 29, and the attackers gained access to customer data.” This is the second breach incident in the Royal Mail’s 500-year history.
CISA adds Apache Tomcat flaw to its KEV catalog
This is in relation to an Apache Tomcat path equivalence vulnerability, which became actively exploited just 30 hours after a public PoC was released, as we reported in mid-March. The issue, confirmed by researchers at API Security company Wallarm, is “a path equivalence flaw in Apache Tomcat that allows remote code execution or information disclosure if specific conditions are met.” As with all additions to the Known Exploited Vulnerabilities catalog, federal agencies must fix this vulnerability promptly, specifically by April 22.(Security Affairs)
Huge thanks to our sponsor, Qualys
Juniper Networks and Palo Alto Networks devices in mystery scanning event
The Register is reporting that scanning of login portals for devices made by both companies has increased substantially in recent weeks. “On Wednesday, SANS Institute’s Johannes Ullrich said he noticed a surge in scans for the username “t128,” which, when accompanied by the password “128tRoutes,” is a well-known default account for Juniper’s Session Smart Networking products.” Internet scanning security firm GreyNoise has also spotted mass probing, in this case directed at the login portals of Palo Alto Networks’ PAN-OS GlobalProtect remote access products. They believe “anonymous scanners are searching for exposed or vulnerable product and noted almost 24,000 unique IP addresses attempting to login over the past 30 days.”
Security companies clash over CrushFTP CVE number
This issue starts with a critical vulnerability in the CrushFTP enterprise file transfer solution. In short, its own developers alerted customers to the vulnerability which could have exposed systems to remote hacking. Five days later, with no CVE number announced, the vulnerability intelligence firm VulnCheck assigned one. However, CrushFTP itself rejected this number, arguing that the “real CVE had been pending,” and 10 days after disclosure, a new CVE, assigned by Outpost24, a security firm that had been credited for “responsibly disclosing the flaw to the vendor.” The crux of the issue was around a suitable delay period intended to keep the vulnerability under wraps to avoid malicious exploitation, something that did not happen, and in fact, according to The Shadowserver Foundation are still continuing. A link to this story from Security Week, which contains more details and background, is available in the show notes to this episode.
France and UK governments meet to discuss commercial hacking tools
Representatives from the two governments are meeting in Paris this month to “to tackle the proliferation and irresponsible use of commercial hacking tools known as commercial cyber intrusion capabilities (CCICs). This summit, formally known as the Pall Mall Process, faces the joint challenge of establishing categories and a regulatory process alongside convincing the other member countries and individual companies to amend their own practices.
Russian state railway suffers cyber disruption
The state-owned railway, RZD, has reported a cyberattack that temporarily disrupted its website and mobile application. This is the second incident this week for Russia’s transit systems, following a Monday attack and disruption on the app and website for Moscow’s subway system. This RZD attack is being confirmed by RZD officials as a DDoS attack, which meant that ticket sales remained operational at physical offices across stations and terminals. No group has yet claimed responsibility for this attack.