Beyond Information Security

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

“The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and installed,” Patchstack’s Rafie Muhammad said in a Wednesday report.

The vulnerability, tracked as CVE-2024-28000 (CVSS score: 9.8), has been patched in version 6.4 of the plugin released on August 13, 2024. It impacts all versions of the plugin, including and prior to 6.3.0.1.

LiteSpeed Cache is one of the most widely used caching plugins in WordPress with over five million active installations.

In a nutshell, CVE-2024-28000 makes it possible for an unauthenticated attacker to spoof their user ID and register as an administrative-level user, effectively granting them privileges to take over a vulnerable WordPress site.

The vulnerability is rooted in a user simulation feature in the plugin that uses a weak security hash that suffers from the use of a trivially guessable random number as the seed.

Source: The hacker news / Bleeping computer

Link: https://thehackernews.com/2024/08/critical-flaw-in-wordpress-litespeed.html

Link: https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-bug-in-litespeed-cache-plugin/


Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.

Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.

“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page,” according to a description of the bug in the NIST National Vulnerability Database (NVD).

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the flaw on August 19, 2024.

No additional details about the nature of the attacks exploiting the flaw or the identity of the threat actors that may be weaponizing it have been released, primarily to ensure that a majority of the users are updated with a fix.

Source: The hacker news / Bleeping computer / Dark reading / Securityweek / Helpnet Security / Google Chrome releases

Link: https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html

Link: https://www.bleepingcomputer.com/news/security/google-fixes-ninth-actively-exploited-chrome-zero-day-in-2024/

Link: https://www.darkreading.com/vulnerabilities-threats/google-chrome-update-fixes-flaw-exploited-in-the-wild

Link: https://www.securityweek.com/google-patches-sixth-exploited-chrome-zero-day-of-2024/

Link: https://www.helpnetsecurity.com/2024/08/22/cve-2024-7971/

Link: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html


Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information.

Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.

“An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network,” Microsoft said in an advisory released on August 6, 2024.

Source: The hacker news / Dark reading / Securityweek

Link: https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html

Link: https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data

Link: https://www.securityweek.com/microsoft-copilot-studio-vulnerability-led-to-information-disclosure/


New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints.

The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report.

The attack, detected in July 2024, involved infiltrating the target network via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA), with the threat actors conducting post-exploitation actions 18 days after initial access took place.

“Once the attacker reached the domain controller in question, they edited the default domain policy to introduce a logon-based Group Policy Object (GPO) containing two items,” researchers Lee Kirkpatrick, Paul Jacobs, Harshal Gosalia, and Robert Weiland said.

The first of them is a PowerShell script named “IPScanner.ps1” that’s designed to harvest credential data stored within the Chrome browser. The second item is a batch script (“logon.bat”) contacting commands to execute the first script.

“The attacker left this GPO active on the network for over three days,” the researchers added.

“This provided ample opportunity for users to log on to their devices and, unbeknownst to them, trigger the credential-harvesting script on their systems. Again, since this was all done using a logon GPO, each user would experience this credential-scarfing each time they logged in.”

Source: The hacker news / Bleeping computer / Infosecurity magazine

Link: https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html

Link: https://www.bleepingcomputer.com/news/security/qilin-ransomware-now-steals-credentials-from-chrome-browsers/

Link: https://www.infosecurity-magazine.com/news/qilin-steal-credentials-google/


GitHub Enterprise Server vulnerable to critical auth bypass flaw

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine.

The security issue is identified as CVE-2024-6800 and received a 9.5 severity rating as per the CVSS 4.0 standard. It is described as an XML signature wrapping problem that occurs when using the Security Assertion Markup Language (SAML) authentication standard with certain identity providers.

“On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges.”

Source: Bleeping computer / Securityweek / Helpnet Security

Link: https://www.bleepingcomputer.com/news/security/github-enterprise-server-vulnerable-to-critical-auth-bypass-flaw/

Link: https://www.securityweek.com/critical-authentication-flaw-haunts-github-enterprise-server/

Link: https://www.helpnetsecurity.com/2024/08/22/cve-2024-6800/


NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

The release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.

No longer relegated to post-doctorate physics academia and sad Schrödinger’s cat thought experiments, post-quantum computing remediation has arrived in the real world.

Quantum computing is expected to emerge in earnest a decade from now, with the power to crack existing public key infrastructure (PKI) cryptography schemes like RSA and the Advanced Encryption Standard (AES). And with NIST’s recent release of three final quantum encryption standards, security teams are now racing against that 10-year clock to update vulnerable cryptography before quantum algorithms go into production that are capable of crushing them and unlocking reams of secret data.

Source: Dark reading / NIST Gov.

Link: https://www.darkreading.com/cyber-risk/nist-post-quantum-cryptography-work-cyber-teams

Link: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards


How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS operating system. An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions.

Permissions regulate whether an app can access resources such as the microphone, camera, folders, screen recording, user input and more. So if an adversary were to gain access to these, they could potentially leak sensitive information or, in the worst case, escalate privileges. This post also provides an overview of the macOS security model and illustrates how vulnerabilities within macOS applications could be exploited by adversaries to steal app permissions.

Source: CISCO Talos intelligence group

Link: https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/


Cost of a data breach: The industrial sector

Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement.

According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.

These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost industrial organizations 13% more than the $4.88 million global average.

Clearly, the industrial sector is facing strong headwinds when it comes to dealing with data breaches. Let’s take a closer look at some of the challenges tied to the sector, as well as solutions that can help reduce the impact of cyberattacks on industrial organizations.

Source: IBM security intelligence

Link: https://securityintelligence.com/articles/cost-of-a-data-breach-industrial-sector/