Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.221/5.15.162/6.1.99/6.6.40/6.9.9. Affected is the function swap_endian of the component allowedips. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-42247. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.10.221/5.15.162/6.1.99/6.6.40/6.9.9. This issue affects the function usb_kill_urb of the component mos7840. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-42244. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.9.9. This vulnerability affects the function blk_queue_max_segment_size of the component sdhci. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-42242. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.162/6.1.99/6.6.40/6.9.9. This affects the function entry_SYSENTER_compat. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-42240. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.40/6.9.9. It has been rated as problematic. Affected by this issue is the function bpf_timer_cancel of the component bpf. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-42239. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.9. It has been declared as critical. Affected by this vulnerability is the function pte_offset_map. The manipulation leads to use after free. This vulnerability is known as CVE-2024-42233. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.99/6.6.40/6.9.9. It has been classified as critical. Affected is the function detach_tasks. The manipulation leads to excessive iteration. This vulnerability is traded as CVE-2024-42245. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.9 and classified as critical. This issue affects the function delayed_work of the component libceph. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-42232. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.40/6.9.9 and classified as problematic. This vulnerability affects unknown code in the library lib/xarray.c. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-42241. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.40/6.9.9. This affects an unknown part in the library lib/xarray.c. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-42243. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

We’re thrilled to announce that Angelboy, senior security researcher at DEVCORE, is named one of Microsoft’s MSRC 2024 Most Valuable Security Researchers! He not only secured the #33 spot on the overall list but also achieved the #9 position in the Windows category.

This is the first time Angelboy has been shortlisted on this annual leaderboard, and he is also the highest-ranked Taiwanese security researcher featured. This prestigious accomplishment highlights his exceptional expertise and significant contributions to the field.

The Microsoft Security Response Center (MSRC) has long recognized the efforts of security researchers who partner with Microsoft in reporting vulnerabilities through its Microsoft Researcher Recognition Program (MRRR). The program expresses gratitude for their contributions to the security of Microsoft’s global customers and products.

The MSRC 2024 Most Valuable Security Researchers list, announced on August 7th, is based on the total number of points the researchers earned for each valid report from July 2023 to June 2024. Angelboy secured the #33 spots on the leaderboard. Specifically, his dedicated passion for Windows Kernel research earned him a #9 ranking in the Windows category, placing him in the TOP 10. He was also awarded “Accuracy” and “Volume” badges, further highlighting his significant contributions to vulnerability research.

References:

• Microsoft official announcement - Congratulations to the MSRC 2024 Most Valuable Security Researchers!
• Microsoft MSRC 2024 leaderboard

恭喜 DEVCORE 資深資安研究員 Angelboy 榮獲 Microsoft 的 MSRC 2024 Most Valuable Security Researchers 的殊榮！除了在不分項 TOP 100 名單中榮獲 #33 名，在 Angelboy 長年研究的 Windows 領域中，他更以 #9 的名次擠入前十大行列。

這不僅是 Angelboy 首次登上該年度榜單，同時也是該名單中排名最高的台灣資安研究員。

Microsoft 旗下的 Microsoft Security Response Center（MSRC，或稱 Microsoft 安全性回應中心）長期藉 Microsoft Researcher Recognition Program（MRRR）計畫，公開表揚協助 Microsoft 挖掘系統安全漏洞的資安研究員，以此致謝優秀資安研究員為 Microsoft 的客戶及產品安全所付出的努力。

Microsoft 於 7 日公布的 MSRC 2024 Most Valuable Security Researchers 名單，是根據 2023 年 7 月至 2024 年 6 月，全球各地資安研究員向 MSRC 回報的漏洞得分所統計而得。在整體不分項名單中，Angelboy 獲得了 #33 名的殊榮。而針對 Microsoft 旗下各類型產品的 Windows 類別中，Angelboy 則入列 TOP 10，獲得 #9 的成績，並經認證全數漏洞回報皆為有效回報。

再次恭喜 Angelboy 奪得此一殊榮！

參考資料：

• Microsoft official announcement - Congratulations to the MSRC 2024 Most Valuable Security Researchers!
• Microsoft MSRC 2024 leaderboard

今日暂未更新资讯~
更多最新文章，请访问SecWiki

猫通常被认为是独立、冷漠和善变的动物，但发表在《Applied Animal Behaviour Science》上的一项研究发现，猫并没有那么反社会，它们会对同一家庭的其它宠物死亡表现出悲痛之情——即使死去的是家犬。研究人员称，这意味着生离死别的经历具有普遍性。哀悼在动物王国里是一种广泛认可的现象，大象、海豚和黑猩猩会做出复杂的行为如守卫死去同伴的尸体，狗在家中另一只狗死亡后也会改变行为。

• HYAS Protect protective DNS uses advanced data analytics to proactively block cyber threats, a feature unavailable in legacy systems relying on static DNS filtering.
• AV-TEST, one of the cybersecurity industry’s most trusted evaluators, rates HYAS as the most effective protective DNS solution on the market.
• With quick deployment and numerous integrations, HYAS Protect works out of the box for organizations of any size.

Protective DNS Is Trusted by Governments Worldwide

Protective DNS is one of the most effective strategies in modern cybersecurity. The National Security Agency (NSA) recently named it as one of the best defenses against evolving phishing attacks. As cyber threats become more sophisticated, organizations find an increasingly pressing need for advanced, proactive solutions.

While DNS filtering has existed for decades, legacy systems rely on static blocklists that bad actors can circumvent simply by switching domains. A protective DNS (PDNS) solution, however, uses advanced algorithms and data analytics to pinpoint a threat before it becomes damaging. Protective DNS from HYAS takes a proactive approach by identifying and blocking malicious activity dynamically.

Read on to see what makes HYAS Protect protective DNS a standout security solution and trusted tool of governments worldwide.

What Is HYAS Protect?

HYAS Protect is a machine-learning-powered threat intelligence tool that uses advanced telemetry and authoritative domain based intelligence to proactively block malicious infrastructure. Put another way, it detects network breaches before they cause damage.

Like all PDNS systems, HYAS Protect blocks requests to potentially harmful domains, but it doesn’t require a predetermined list of domain names. Built on the advanced threat intelligence platform HYAS Insight, HYAS Protect uses aggregated data from leading cybersecurity sources around the globe and real-time, dynamic analysis to identify a threat days, weeks or even months before it is activated.

If a particular DNS request is potentially harmful, the HYAS Protect system blocks the query. To identify these threats, HYAS Protect runs a pattern analysis across IP addresses, name servers, registrars, and other factors to determine how closely a potentially harmful domain aligns known adversarial infrastructure — even if that domain has never before appeared in a cyberattack.

The HYAS solution doesn't care if a suspicious domain is on a list or if it's been seen yet. We know that based on specific telemetry, even if it hasn't been used or weaponized, it most likely will in the future.

How Does HYAS Protect Work?

No matter how a network breach occurs—whether through ransomware, phishing, or another cyberattack—the malicious software needs to “beacon out” to the attack’s infrastructure, also known as command-and-control (C2). HYAS Protect detects this C2 beacon and terminates the connection before the attack can continue. For security-minded organizations, HYAS brings three core advantages.

1. Predictive Threat Detection

Firstly, the domain filtering in HYAS Protect is based on predictive data, leveraging advanced analytics to identify and block potentially malicious DNS requests before they can cause harm. This predictive approach uses a variety of data points and threat intelligence to assess the risk associated with each DNS query. If a request appears unusual or aligns with patterns often seen in cyberattacks, it is proactively blocked. By predicting and preventing threats at this early stage, HYAS Protect helps to secure the network against a wide range of potential cyber threats, from ransomware to phishing and beyond. This approach is designed to provide robust security by stopping threats before they can gain a foothold in the network.

Additionally, HYAS Protect also allows for active list management and advanced rule sets that users can configure to allow acceptable traffic while still dynamically blocking suspicious domains. There’s even an inspection mode that provides platform analytics and telemetry without actually blocking any sites — this can be useful when organizations first start with HYAS to understand the system without interrupting any workflows.

2. Customized Analytics

HYAS Protect also offers insightful analysis that increases overall traffic visibility. Although people usually think of web browsing and clicking on email links as the biggest cybersecurity threats, Internet of Things (IoT) and operational technology (OT) devices are also at risk of compromise. Because they often run in the background, suspicious beaconing from IoT or OT devices may otherwise go undetected.

That’s where HYAS steps in. This isn't just user-generated traffic – this is machine-driven traffic, too. HYAS analytics identifies an organization’s riskiest users, riskiest devices and which domains are triggering the most blocked queries. The data gives a more comprehensive, security-focused picture than a typical static blocklist, and the detailed logs can expedite an investigation if needed.

3. Easy Integration Into Your Existing Stack

Lastly, HYAS Protect is designed to work right out of the box. Our DNS resolver is fully cloud-based; it takes only a few minutes to deploy across your organization’s infrastructure. HYAS Protect also has an agent version compatible with all major operating systems, which is useful if you have company devices frequently roaming off the global network. With device-level installation, HYAS can still work even on public Wi-Fi networks in coffee shops or airport lounges.

HYAS also offers third-party integrations with major endpoint protection solutions including SentinelOne and Microsoft Defender. These systems work together — HYAS Protect parses data from endpoint detection and response programs to identify any DNS requests to suspicious infrastructure.

HYAS Protect Is the Public Sector Solution of Choice

Recent recognition for HYAS includes the prestigious 2024 Govies Awards for the public Sector, 2024 Globee Cybersecurity Awards, and the 2024 Global InfoSec Awards.

In 2023, AV-TEST, considered the industry’s most rigorous third-party evaluator, gave HYAS Protect the highest efficacy rating of all PDNS solutions tested. This is particularly relevant in the public sector as cyberattacks increasingly target government agencies. To combat these threats, the NSA recommends PDNS as a core component of a multilayered security strategy, and HYAS is one of the providers meeting the NSA’s specifications.

Being effective in blocking the unknown and known threats is what HYAS is all about. No matter how sophisticated cyberattacks become, HYAS Protect keeps organizations one step ahead.

Additional Learning

How to Select a Protective DNS Solution

Watch a Demo of HYAS Protect Protective DNS

Guide to Protective DNS Security

Protective DNS eBook

AV-TEST evaluation of HYAS Protect

Want to talk to an expert to learn more about how Protective DNS can transform your organization? Contact us today to find out what HYAS security solutions can do for you.

The post Why Governments Worldwide Recommend Protective DNS appeared first on Security Boulevard.

Microsoft 365's anti-phishing tip can be hidden via CSS, as shown by Certitude's Moody and Ettlinger

最近越来越喜欢使用 Perplexity，觉得他们的产品做得很有灵气。然后找了他们的两个访谈，读来很有收获，做些摘录和意译。

过去一个月，马斯克（Elon Musk）正式表态支持共和党总统候选人特朗普（Donald Trump）之后通过个人账号转发了多条与民主党相关的虚假信息。他还表示将成立一个支持特朗普的政治行动委员会，一度承诺每月向特朗普阵营捐赠 4500 万美元，但之后又反悔了。Twitter 前员工表示，马斯克正在做他曾经指责 Twitter 前领导层做的事情：玩弄政治。前员工称这是虚伪，马斯克知道社交媒体是一种媒体，是一种控制叙事方式。因担心报复而不愿意透露姓名的三名前员工表示，马斯克代表了一种新型的表演者——试图积极利用平台重塑美国及外国的政治，愿意为此承受监管罚款和广告收入下降。前员工称，他在巩固权力，系统性的摧毁公司所有的信誉标志，当他瞄准一位总统候选人时，意义就额外不同了。马斯克多年来一直在为此做准备。皮尤研究中心的研究发现，X 已表现出明显的党派倾向，它更受共和党选民的欢迎，而不再受民主党选民的欢迎，民主党人称他们的观点在 X 上受欢迎的可能性小于共和党人。X 的用户群也已经发生了变化，曾因违反社区规则而封杀的用户被解禁，大量公开宣称是白人至上主义者、阴谋论者和新纳粹分子都涌入了该平台。