Google patches first Chrome zero-day vulnerability of the year
You could say it was a big day for zero-days as Google announced a new patch for the CVE-2024-0519 exploit. The company swiftly addressed the issue by releasing the update less than a week after the first reports rolled in. The zero-day fix is now available for users in the Stable Desktop channel, including versions for Windows (120.0.6099.224/225), Mac (120.0.6099.234), and Linux (120.0.6099.224). Although Google mentioned the security update might take days or weeks to officially roll out, Bleeping Computer reported the updates were already accessible.
Urgent warning from Citrix to patch two zero-day vulnerabilities
The zero-day saga continues, this time Citrix advises customers to promptly apply patches to Netscaler ADC and Gateway appliances to address two identified zero-days. The vulnerabilities, CVE-2023-6548 and CVE-2023-6549, expose unpatched Netscaler instances to the risks of remote code execution and denial-of-service attacks. Citrix clarifies that the patch is specifically required for Netscaler appliances, confirming that Citrix-Managed Cloud Services and Citrix-Managed Adaptive Authentication were unaffected.
New malware strain persists despite patch
The exploitation of CVE-2023-36025 has given rise to a new malware, Phemedrone Stealer. This malicious software specifically targets web browsers, extracting data from cryptocurrency wallets and messaging apps, while also collecting information such as hardware details and location, transmitted through Telegram or a command-and-control (C2) server. Despite Microsoft addressing the vulnerability in November 2023, threat actors persist in exploiting it through Microsoft Windows Defender SmartScreen. This situation prompted Microsoft to release an advisory urging users to update to the latest patched version.
Self-driving cars won’t repo themselves: Ford abandons controversial patent request
Carmaker Ford has ditched their potential future plans to ensure car owners pay their bill. In February 2023, Ford filed a patent to repossess vehicles of delinquent owners, including self-driving cars driving themselves to repo lots. The patent described disabling measures based on payment delays, such as locking the car, disabling steering, brakes, and AC, and playing sounds. The patent was abandoned when Ford stopped responding to the patent office’s inquiries. In a comment to The Record, Ford stated that patent submissions are routine and not indicative of new business or product plans.
Huge thanks to this week’s episode sponsor, Savvy Security
Learn more at savvy.security/headlines
Brought to you by the creators of Androxgh0st: CISA and FBI warn of large botnet
The hackers behind the Androxgh0st malware (spelled A- n-d-r-o-x-g-h-zero-s-t) are building a botnet “focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.” CISA and the FBI released a joint advisory explaining that the botnet scans for websites and servers using versions of the PHPUnit testing framework, PHP web framework, and Apache web server with remote code execution (RCE) vulnerabilities. Androxgh0st is a Python-scripted malware that primarily targets .env files for applications such as, Amazon Web Services (AWS), Microsoft 365, and Send Grid. The agencies recommend reviewing platforms or services that have credentials listed in .env files for unauthorized access or use.
Detained Russian student accused of assisting Ukrainian hackers
A Russian tech student may face charges of treason for allegedly assisting Ukrainian hackers in conducting cyber attacks against Russia. The 18-year-old student, identified as Seymour Israfilov, is accused of working for a Ukrainian hacker group that targeted local authorities and universities. If convicted, he could potentially face up to 20 years in prison.
SonicWall firewall vulnerability puts nearly 200,000 users at risk
Two unauthenticated denial-of-service (DoS) vulnerabilities have exposed more than 178,000 SonicWall next-generation firewall devices to DoS and remote code execution (RCE) attacks. Tracked as CVE-2022-22274 and CVE-2023-0656, these flaws, discovered a year apart, share a fundamental similarity, each requiring a different HTTP URI path for exploitation. SonicWall series 6 and 7 firewalls are affected but so far, there are no reports of exploitation.
Update required: VMware and Atlassian flaws discovered
VMware and Atlassian have disclosed critical vulnerabilities that administrators are urged to patch immediately. Atlassian’s CVE-2023-22527 affects Confluence Data Center and Server 8 versions released before December 5, 2023, allowing unauthenticated remote code execution. Another high-severity flaw, CVE-2020-25649, was found in FasterXML Jackson Databind code used in Jira Software Data Center and Server versions, potentially exposing them to XML external entity attacks. VMware’s critical bug, CVE-2023-34063, involves a missing access control problem in all versions of Aria Automation before 8.16, posing a risk of unauthorized access to remote organizations and workflows. While there have been no reports of the vulnerabilities being exploited yet, both companies implore users to patch immediately.