CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.21.MAY.24

Lots of updates, Threats of personal GitHub repositories and Ransomware payments

PreviousCCTR.22.MAY.24NextCCTR.20.MAY.24

Last updated 11 months ago

Monday morning Cyber coffee read CCTR.21.MAY.24 Microsoft has fixed a high-risk vulnerability that was exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the DWM (Desktop Window Manager) core library. Successful exploitation allows attackers to gain SYSTEM privileges. Ref Kaspersky Google has released an urgent security update for its Chrome browser to fix a high-risk vulnerability, CVE-2024-4761, that attackers are already exploiting. This flaw allows attackers to bypass the browser's security measures and potentially access other parts of your computer or network through a specially crafted web page. Ref Apple has also released new security updates for a number of vulnerabilities that could lead to remote code execution, data leakage, and privacy breaches. A particular concern for iPhone users is a lockscreen bypass, CVE-2024-27835, which allows someone with physical access to the device to access Notes files even when the device is locked. This poses a risk for users who store sensitive information, such as credit card details and login passwords, in the Notes app, as someone could quickly capture this data by taking a photo with another device. Ref Ransomware remains a significant cyber security threat to organisations, with attacks increasing and evolving. The National Cyber Security Centre (NCSC) has issued new guidance for responding to ransomware incidents. Instead of advising against paying ransoms outright, the guidance encourages victims to consider all alternatives and understand the incident's impact before deciding. The NCSC and the insurance industry jointly express that taking time to review options can lead to better decision-making and outcomes. This guidance marks their first joint stance on handling ransomware attacks. Ref

When employees, such as software developers, use personal GitHub repositories for side projects, they can unintentionally expose corporate secrets and credentials, posing significant insider security risks to organisations. Personal repositories are often not scanned for sensitive data, unlike official corporate ones, extending the organisation's attack surface. According to Aqua, a privileged Azure Container Registry Token was found that allowed unauthorised access to several internal Azure projects at Microsoft, risking internal operations and user data. Ref

https://securelist.com/cve-2024-30051/112618/
https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2024-051
https://www.ncsc.gov.uk/files/Guidance-for-organisations-considering-payment-in-ransomware-incidents.pdf
https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/