Horizon3 analyzed critical vulnerabilities from the CISA KEV catalog starting from January 2023 through January 2024, categorized the vulnerability root causes, and attempted to analyze if the current efforts in the information security industry match with the current threat vectors being abused.
🔗 https://www.horizon3.ai/analysis-of-2023s-known-exploited-vulnerabilities/
"🔒 When Antivirus Turns Foe: The Shadowy Flipside of AV Software 🔒"
In an enlightening piece by Miguel Mendez Z., a deep dive into the paradoxical world of antivirus (AV) software reveals a concerning trend. Originally designed as cybersecurity guardians, some AV solutions have morphed into vulnerabilities themselves, exposing users to potential threats. The article dissects cases where AV software, instead of acting as a robust security layer, becomes an exploitable loophole for attackers. 🛡️💻🔓
The technical analysis provided highlights how some AV products might execute arbitrary code or misuse their elevated privileges, turning a system's defense mechanism into its Achilles' heel. It calls for a reevaluation of trust placed in these tools and emphasizes the necessity for ongoing vigilance and security hygiene.
To date this year in the United States, 32,500 people have been laid off in the #tech sector. During 2023, 263,000 were laid off, and in 2022 it was 165,000. And these data are only for the U.S. tech sector.
From the #actor POV, it has been fascinating to watch people share their lived layoff experiences, as well as the cycle of job search —> job application —> job interview —> additional job interviews —> no job offer —> repeat, because it’s evident this cycle is not customary for many. 🧵
Author (and fellow Texan) Dr. Brené Brown reminds us, “While #vulnerability is the birthplace of many of the fulfilling experiences we long for — #love, belonging, #joy, #creativity and #trust, to name a few — the process of regaining our emotional footing in the midst of struggle is where our #courage is tested and our values are forged. Rising strong after a fall is how we cultivate wholeheartedness in our lives; it’s the process that teaches us the most about who we are.”
The latest release of Posit Package Manager is now available 📦 and includes two highly-requested features: #security#vulnerability reporting and blocking and #Git builders for #Python packages.
Volexity recently disclosed details related to exploitation of Ivanti Connect Secure VPN, revealing how the attacker chained two zero-day vulnerabilities to achieve remote code execution. When investigating the source of compromise, Volexity employed memory forensics, analyzing a memory sample collected from a suspected compromised VPN device, which allowed Volexity to zero in on the source of the compromise. "The lesson for analysts is to independently verify the integrity and trustworthiness of high-value targets using memory forensics, rather than only relying on tools that run on a potentially compromised device."
🔗 https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
#Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account discovered & reported by [#security researcher arcanicanis] --has a severity rating of 9.4 out of a maximum of 10.
"Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory.
Mastodon said it's withholding additional technical specifics about the flaw until February 15, 2024, to give admins ample time to update the server instances and prevent the likelihood of exploitation.
"Any amount of detail would make it very easy to come up with an exploit." via @thehackernews
#Mastodon has disclosed a critical security #vulnerability that enables malicious actors to impersonate and take over any account "due to insufficient origin validation". Tracked as CVE-2024-23832 the details of the flaw are withheld until Feb15th, 2024:
China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns. Hacks likened to “placing bombs in water treatment facilities, and power plants”
watchTowr reports additional zero-days uncovered on a fully patched Ivanti appliance. No further information due to 90 day vulnerability disclosure policy.
Oopsie... Shane Jones, software engineering manager at Microsoft, has discovered vulnerabilities in #OpenAI’s#DALL-E 3 in early December, allowing users to bypass safety regulations. he sent his concerns in a letter addressed to US #Senators and Washington State Attorney General Bob #Ferguson.
Jones reported the #vulnerability to #Microsoft and was instructed to pass the issue directly to OpenAI, which he did. #privacy#malware#dataprotection#itsecurity
Hot off the press! CISA adds CVE-2022-48618 to the Known Exploited Vulnerabilities (KEV) Catalog.
Apple Multiple Products Improper Authentication Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog (to be replaced later with official announcement)
There's some degree of cybersecurity-hostility (as opposed to user-friendly) that a company can bury an exploited vulnerability affecting their product in a 2 year old security advisory, and the ONLY reason the general public is aware of it is from a government announcement.
New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
"Threat actors are continuing to leverage vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways to capture credentials and/or drop webshells that enable further compromise of enterprise networks. "
CISA issues Emergency Directive 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to CVE-2023-46805 (8.2 high, disclosed by Ivanti on 10 January 2024 as exploited zero-days) authentication bypass in Ivanti Connect Secure VPN Version 9.x and 22.x and CVE-2024-21887 (9.1 critical) command injection in Ivanti Connect Secure VPN Version 9.x and 22.x