Category: bridge

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Yes, you read that right. Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure Boot.

“This is the largest release from Microsoft this year and the largest since at least 2017,” said Dustin Childs, from Trend Micro’s Zero Day Initiative (ZDI). “As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time.”

Once again this month, there are no known zero-day vulnerabilities threatening Windows users. Tempering the sheer volume of this month’s patches is the middling severity of many of the bugs. Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users.

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

Ben McCarthy, lead cyber security engineer at Immersive Labs called attention to CVE-2024-20670, an Outlook for Windows spoofing vulnerability described as being easy to exploit. It involves convincing a user to click on a malicious link in an email, which can then steal the user’s password hash and authenticate as the user in another Microsoft service.

Another interesting bug McCarthy pointed to is CVE-2024-29063, which involves hard-coded credentials in Azure’s search backend infrastructure that could be gleaned by taking advantage of Azure AI search.

“This along with many other AI attacks in recent news shows a potential new attack surface that we are just learning how to mitigate against,” McCarthy said. “Microsoft has updated their backend and notified any customers who have been affected by the credential leakage.”

CVE-2024-29988 is a weakness that allows attackers to bypass Windows SmartScreen, a technology Microsoft designed to provide additional protections for end users against phishing and malware attacks. Childs said one ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“I would treat this as in the wild until Microsoft clarifies,” Childs said. “The bug itself acts much like CVE-2024-21412 – a [zero-day threat from February] that bypassed the Mark of the Web feature and allows malware to execute on a target system. Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass Mark of the Web.”

Satnam Narang at Tenable notes that this month’s release includes fixes for two dozen flaws in Windows Secure Boot, the majority of which are considered “Exploitation Less Likely” according to Microsoft.

“However, the last time Microsoft patched a flaw in Windows Secure Boot in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit, which was sold on dark web forums for $5,000,” Narang said. “BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up. While none of these Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that flaws in Secure Boot persist, and we could see more malicious activity related to Secure Boot in the future.”

For links to individual security advisories indexed by severity, check out ZDI’s blog and the Patch Tuesday post from the SANS Internet Storm Center. Please consider backing up your data or your drive before updating, and drop a note in the comments here if you experience any issues applying these fixes.

Adobe today released nine patches tackling at least two dozen vulnerabilities in a range of software products, including Adobe After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Adobe Animate.

KrebsOnSecurity needs to correct the record on a point mentioned at the end of March’s “Fat Patch Tuesday” post, which looked at new AI capabilities built into Adobe Acrobat that are turned on by default. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

“In practice, no document scanning or analysis occurs unless a user actively engages with the AI features by agreeing to the terms, opening a document, and selecting the AI Assistant or generative summary buttons for that specific document,” Adobe said earlier this month.

The incident that shook Baltimore on March 26, 2024, when a cargo vessel collided with the Baltimore Bridge, resulting in its collapse into the Patapsco River, has sparked widespread speculation and concern. In the early hours of March 27, 2024, several publications shared photos of the bridge collapse, raising questions about the possibility of foul play by adversaries.

A hashtag quickly gained traction on social media platform X (formerly Twitter), suggesting that the Francis Scott Key Bridge was targeted in a cyber-attack, leading to the collision with the container ship. This unexpected development captured the attention of many, including politicians from the Western world, and was widely shared among users of X.

Adding fuel to the fire, influencer Andrew Tate, with a massive following of 9 million users, confirmed the cyber-attack narrative, asserting that the Maritime systems on the 300-meter container vessel was indeed compromised. According to Tate, the cyber-attack not only caused the bridge collapse but also resulted in numerous vehicles and their occupants plunging into the Patapsco River, casting doubt on the Maryland Transportation Authority’s handling of the situation.

The question on everyone’s mind is whether the cargo ship was manipulated by external forces, leading to the tragic collapse of the bridge and the loss of an estimated 6-8 lives?

The coming weeks are likely to be rife with speculation, with investigations potentially uncovering more alarming truths that could involve intelligence agencies from adversarial nations. However, the White House has dismissed these conspiracy theories, asserting that the bridge collapse was simply an accident. Nonetheless, the government emphasizes its close monitoring of the situation and its commitment to holding any individuals or groups responsible for malicious intent accountable.

Furthermore, the government has pledged unwavering support to the families affected by this tragedy, promising assistance in locating missing loved ones and offering solace during this difficult time.

The post Cyber Attack suspected behind Baltimore Bridge Collapse appeared first on Cybersecurity Insiders.

The incident that shook Baltimore on March 26, 2024, when a cargo vessel collided with the Baltimore Bridge, resulting in its collapse into the Patapsco River, has sparked widespread speculation and concern. In the early hours of March 27, 2024, several publications shared photos of the bridge collapse, raising questions about the possibility of foul play by adversaries.

A hashtag quickly gained traction on social media platform X (formerly Twitter), suggesting that the Francis Scott Key Bridge was targeted in a cyber-attack, leading to the collision with the container ship. This unexpected development captured the attention of many, including politicians from the Western world, and was widely shared among users of X.

Adding fuel to the fire, influencer Andrew Tate, with a massive following of 9 million users, confirmed the cyber-attack narrative, asserting that the 300-meter container vessel was indeed compromised. According to Tate, the cyber-attack not only caused the bridge collapse but also resulted in numerous vehicles and their occupants plunging into the Patapsco River, casting doubt on the Maryland Transportation Authority’s handling of the situation.

The question on everyone’s mind is whether this incident marks the beginning of World War 3. Was the cargo ship manipulated by external forces, leading to the tragic collapse of the bridge and the loss of an estimated 6-8 lives?

The coming weeks are likely to be rife with speculation, with investigations potentially uncovering more alarming truths that could involve intelligence agencies from adversarial nations. However, the White House has dismissed these conspiracy theories, asserting that the bridge collapse was simply an accident. Nonetheless, the government emphasizes its close monitoring of the situation and its commitment to holding any individuals or groups responsible for malicious intent accountable.

Furthermore, the government has pledged unwavering support to the families affected by this tragedy, promising assistance in locating missing loved ones and offering solace during this difficult time.

The post Has the third world war started with Baltimore Bridge Collapse with Cyber Attack appeared first on Cybersecurity Insiders.