Security Boulevard

Permalink

The post Daniel Stori’s Turnoff US: ‘Disney Buys Linux’ appeared first on Security Boulevard.

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s Turnoff.US: ‘’ appeared first on Security Boulevard.

via the inimitable Daniel Stori at Turnoff.US! Take a moment and go to Daniel’ Stori’ terrific site - Turnoff.us - to view the bonus panel!

Permalink

The post Daniel Stori’s Turnoff.US: ‘Disney Buys Linux’ appeared first on Security Boulevard.

Enhance cybersecurity post-breach with 7 strategies using NodeZero™ for continuous testing, threat detection, and improved defenses for lasting protection.

The post Enhancing Cybersecurity Post-Breach: A Comprehensive Guide appeared first on Horizon3.ai.

The post Enhancing Cybersecurity Post-Breach: A Comprehensive Guide appeared first on Security Boulevard.

In this episode of Below the Surface, host Paul Ascadorian and guest Patrick Garrity discuss the complexities of vulnerability tracking and prioritization. They explore various sources of vulnerability data, the significance of known exploited vulnerabilities, and the concept of weaponization in cybersecurity. The conversation delves into the challenges posed by supply chain vulnerabilities, the importance […]

The post BTS #38 - The Role of SBOMs in Modern Cybersecurity - Patrick Garrity appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post BTS #38 – The Role of SBOMs in Modern Cybersecurity – Patrick Garrity appeared first on Security Boulevard.

Authors/Presenters:Diogo S. Antunes, Afonso N. Oliveira, André Breda, Matheus Guilherme Franco, Henrique Moniz, and Rodrigo Rodrigues, Instituto Superior Técnico (ULisboa) and INESC-ID

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Alea-BFT: Practical Asynchronous Byzantine Fault Tolerance appeared first on Security Boulevard.

Critical vulnerability (CVE-2024-43491) in the Microsoft Windows Update process allows attackers to bypass previous security patches, exposing systems to high risk.  Affected Platform  CVE-2024-43491 impacts Windows 10 version 1507, specifically the Enterprise 2015 LTSB and IoT Enterprise 2015 LTSB editions. This version, released with long-term support, has been particularly targeted due to the way updates...

The post CVE-2024-43491 – Windows 10 Security Vulnerability – September 2024 appeared first on TrueFort.

The post CVE-2024-43491 – Windows 10 Security Vulnerability – September 2024 appeared first on Security Boulevard.

New and updated coverage for Windows Downdate Attacks, Quick Share Vulnerability Exploit, MagicRAT, and More

The post Cicada3301 Ransomware, LummaC2 Infostealer, Obfuscated Net Loader, and More: Hacker’s Playbook Threat Coverage Round-up: September 2024 appeared first on SafeBreach.

The post Cicada3301 Ransomware, LummaC2 Infostealer, Obfuscated Net Loader, and More: Hacker’s Playbook Threat Coverage Round-up: September 2024 appeared first on Security Boulevard.

Learn how GitGuardian can help you go from a world of secrets sprawl to a future with secrets-free machine identity frameworks by adopting SPIFFE/SPIRE.

The post How To Get There: Bridging The Technology Gap Preventing You From Adopting A Secrets-free Machine Identity Framework appeared first on Security Boulevard.

While the FTC has been a pivotal player in advancing data privacy and security standards, the evolving legal landscape underscores the need for clearer statutory guidance.

The post Supreme Court Ruling May Question FTC Authority to Regulate Privacy and Security appeared first on Security Boulevard.

Enter ALPR’s. Automated License Plate Readers have been a boon to law enforcement agencies and a bane to privacy advocates.

The post An Unexamined Life – Virginia Court Strikes Down Automated License Plate Readers (ALPRs) appeared first on Security Boulevard.

Congress decided who was required to compensate for fraudulent consumer transactions, and banks should never require their customers to waive their rights as a condition precedent for the bank doing its job.

The post See No Evil – NY AG Letitia James Cracks Down on Banks Refusing to Foot the Bill for Consumer Phishing and Fraud appeared first on Security Boulevard.

By investing in robust ITDR solutions and avoiding the common pitfalls of underfunding, over-relying on single solutions and chasing trends, organizations have the power to stop potentially devastating data breaches in their tracks.

The post Are You Sabotaging Your Cybersecurity Posture? appeared first on Security Boulevard.

Artificial intelligence (AI) is emerging as a top concern in the cybersecurity world, with 48% of respondents identifying it as the most significant security risk facing their organizations, according to a HackerOne survey of 500 security professionals.

The post Security Professionals Cite AI as Top Security Risk appeared first on Security Boulevard.

California court refuses to dismiss computer crime charges against an entity that analyzed Hunter Biden’s laptop.

The post The Return of the Laptop From Hell appeared first on Security Boulevard.

But as we start delegating LLMs and LAMs the authority to act on our behalf (our personal avatars), we create a true data privacy nightmare.

The post How the Promise of AI Will Be a Nightmare for Data Privacy appeared first on Security Boulevard.

Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS). We will update this blog as more information becomes available.

FAQ

What is CUPS?

Common UNIX Printing System (CUPS) is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP (Internet Printing Protocol) to allow for printing with local and network printers.

What are the vulnerabilities associated with the recent CUPS disclosure?

As of September 26, the following four CVE identifiers were assigned for vulnerabilities related to CUPS:

CVE Description Affected Component CVSSv3* CVE-2024-47076 libscupsfilters Improper Input Validation or Sanitization Vulnerability libcupsfilters 8.6 CVE-2024-47175 libppd Improper Input Validation or Sanitization Vulnerability libppd 8.6 CVE-2024-47176 cups-browsed Binding to an Unrestricted IP Address Vulnerability cups-browsed 8.4 CVE-2024-47177 cups-filters Command Injection Vulnerability cups-filters 9.1

*These CVSSv3 scores are current as of September 26..

What are CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177?

CVE-2024-47076 is a flaw in the libcupsfilters library in which IPP packets are not validated or sanitized. This provides the attacker the ability to send malicious data to the CUPS system.

CVE-2024-47175 affects the libppd library and is an input validation issue. IPP data is not properly validated or sanitized before being written to a temporary PostScript Printer Description (PPD) file. This can result in an attacker injecting malicious data into the PPD file.

CVE-2024-47176 was assigned to a bug affecting the cups-browsed library. According to the blog post from Simone Margaritelli, the package allows any packet from any source to be trusted on the IPP port (default 631). Because of this, an attacker could send a crafted packet that would trigger a Get-Printer-Attributes IPP request, which would then reach out to an attacker controller URL.

CVE-2024-47177 impacts the cups-filters library and could allow an attacker to execute arbitrary commands using “via the FoomaticRIPCommandLine PPD parameter.”

The combination of these vulnerabilities could result in an attacker crafting a fake printer, thereby allowing them to execute arbitrary code whenever a print job has been started by the impacted host.

How severe are these vulnerabilities?

While there has been a lot of attention given to these vulnerabilities prior to disclosure, based on what has been disclosed as of September 26, these flaws are not at the level of something like Log4Shell or Heartbleed. We encourage organizations not to panic about these flaws as most attackers continue to exploit known vulnerabilities in internet facing assets.

When were these vulnerabilities first disclosed?

On September 23, Simone Margaritelli posted on X (formerly Twitter) that he recently reported a critical severity, CVSSv3 9.9 unauthenticated remote code execution (RCE) vulnerability that affects “all GNU/Linux systems” to Canonical, Red Hat and others. According to Margaritelli, disclosure and coordination with multiple Linux vendors was not a smooth process. Over the next several days, Margaritelli provided additional details about the disclosure woes and several media outlets began publishing warnings over this critical vulnerability.

* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and… pic.twitter.com/N2d1rm2VeR

— Simone Margaritelli (@evilsocket) September 23, 2024

On September 26, Margaritelli posted on X that full disclosure would be happening at 20:00 UTC despite the early posts suggesting that full disclosure would be withheld until early October.

Full disclosure happening at 20:00 UTC today, in a bit more than 2 hours.

— Simone Margaritelli (@evilsocket) September 26, 2024

Were these exploited as zero-days?

No. There is currently no evidence that these vulnerabilities have been exploited in the wild as zero-days prior to disclosure on September 26.

Is there a proof-of-concept (PoC) available for these vulnerabilities?

A proof-of-concept (PoC) developed by Margaritelli is included in the GitHub advisory for CVE-2024-47176.. Additionally, a PoC has been published on GitHub based on a commit in the OpenPrinting CUPS repository.

Are patches or mitigations available?

Due to the early public disclosure, there are currently no patches available for the four vulnerabilities disclosed on September 26. However, to mitigate these flaws until the patches are available, it is advised to disable and remove cups-browsed from vulnerable systems. Additionally, CUPS is set to listen on UDP port 631, so it is advised to block all traffic to UDP port 631.

A security bulletin published by Red Hat highlights mitigations for high availability and non-high availability scenarios, the latter essentially stopping and disabling the cups-browsed service. In high availability scenarios they advised changing the BrowseRemoteProtocols directive values from default “dnssd cups” to “none.”

How many internet facing assets are potentially impacted by these vulnerabilities?

CUPS is not installed by default with many *nix distributions. In many distributions, the default configuration should limit the ability to access the default port.

As of September 26, a search on Shodan.io showed just over 75,000 internet-accessible hosts running CUPS. A search on the FOFA Search Engine returned over 270,000 unique IP addresses with nearly 70,000 linked specifically to IPP. Based on these findings, there are a significant number of hosts that do appear to be internet-accessible with a majority of the results using the default port, 631.

Source: Shodan.io

Source: FOFA

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages as they’re released:

• CVE-2024-47076
• CVE-2024-47175
• CVE-2024-47176
• CVE-2024-47177

This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

Get more information

• Blog: Attacking UNIX Systems via CUPS, Part I
• GitHub Advisory for CVE-2024-47076 in libcupsfilters
• GitHub Advisory for CVE-2024-47175 in libppd
• GitHub Advisory for CVE-2024-47176 in cups-browsed
• GitHub Advisory for CVE-2024-47177 in cups-filters
• GitHub: Leaked CUPS disclosure prior to publication

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities appeared first on Security Boulevard.

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe).

Dall-E via Copilot, prompt “security blog quarterly, steampunk”

Top 7 posts with the most lifetime views (excluding paper announcement blogs):

1. Security Correlation Then and Now: A Sad Truth About SIEM
2. Can We Have “Detection as Code”?
3. Revisiting the Visibility Triad for 2020 (update for 2024 is coming soon BTW!)
4. Beware: Clown-grade SOCs Still Abound
5. Detection Engineering is Painful — and It Shouldn’t Be (Part 1)
6. Why is Threat Detection Hard?
7. A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next

(the above is the same as last quarter)

Top 4 posts with paper announcements:

• New Paper: “Future of the SOC: SOC People — Skills, Not Tiers”
• New Paper: “Future of the SOC: Forces shaping modern security operations”
• New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)
• New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” (the classic 2021 ASO paper!)

Top 10 Cloud Security Podcast by Google episodes (excluding the oldest 3!):

1. EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
2. EP8 Zero Trust: Fast Forward from 2010 to 2021
3. EP47 “Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security”
4. EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
5. EP103 Security Incident Response and Public Cloud — Exploring with Mandiant
6. EP17 Modern Threat Detection at Google
7. EP71 Attacking Google to Defend Google: How Google Does Red Team
8. EP12 Threat Models and Cloud Security
9. EP105 Security Architect View: Cloud Migration Successes, Failures and Lessons
10. EP107 How Google Secures It’s Google Cloud Usage at Massive Scale

Now, fun posts by topic.

Security operations / detection & response:

• “Security Correlation Then and Now: A Sad Truth About SIEM”
• Migrate Off That Old SIEM Already! (VIDEO!)
• “Can We Have “Detection as Code”?”
• “Revisiting the Visibility Triad for 2020”
• “Beware: Clown-grade SOCs Still Abound”
• “Why is Threat Detection Hard?”
• “A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next”
• “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…”
• “Top 10 SIEM Log Sources in Real Life?” (NEWER VERSION)
• “Debating SIEM in 2023, Part 1”
• “Debating SIEM in 2023, Part 2”
• “How to Make Threat Detection Better?”
• “SIEM Content, False Positives and Engineering (Or Not) Security”
• “Modern SecOps Masterclass: Now Available on Coursera”

Cloud security:

• “Using Cloud Securely — The Config Doom Question”
• “Who Does What In Cloud Threat Detection?”
• “How to Solve the Mystery of Cloud Defense in Depth?”
• “Does the World Need Cloud Detection and Response (CDR)?”
• “Use Cloud Securely? What Does This Even Mean?!”
• “How CISOs need to adapt their mental models for cloud security”
• “Who Does What In Cloud Threat Detection?”
• “Cloud Migration Security Woes”
• “Move to Cloud: A Chance to Finally Transform Security?”
• “It’s a multicloud jungle out there. Here’s how your security can survive“

CISO, culture, FMC, etc

• “New Office of the CISO Paper: Organizing Security for Digital Transformation”

AI security:

• ”Our Security of AI Papers and Blogs Explained” [this has a whole lot of AI security fun links that you so want to click!]
• “No Deep AI Security Secrets In This Post!”
• New Paper: “Securing AI: Similar or Different?“
• “The Prompt: What to think about when you’re thinking about securing AI”
• “To securely build AI on Google Cloud, follow these best practices”

Enjoy!

Previous posts in this series:

• Anton’s Security Blog Quarterly Q2 2024
• Anton’s Security Blog Quarterly Q1 2024 Lite
• Anton’s Security Blog Quarterly Q3 2023
• Anton’s Security Blog Quarterly Q2 2023
• Anton’s Security Blog Quarterly Q1 2023
• Anton’s Security Blog Quarterly Q4 2022
• Anton’s Security Blog Quarterly Q3 2022
• Anton’s Security Blog Quarterly Q2 2022
• Anton’s Security Blog Quarterly Q1 2022
• Anton’s Security Blog Quarterly Q4 2021
• Anton’s Security Blog Quarterly Q3 2021
• Anton’s Security Blog Quarterly Q2 2021
• Anton’s Security Blog Quarterly Q1 2021
• Anton’s Security Blog Quarterly Q3.5 2020

The post Anton’s Security Blog Quarterly Q3 2024 appeared first on Security Boulevard.

As recent events have shown, our technology systems are so connected that any interruption can cause global chaos. Organizations need robust defenses to protect their data and operations, and it starts with identity.  The NIST Cybersecurity Framework is comprised of six core functions: Identify, Protect, Detect, Respond, Recover, and Govern. It provides a structured approach to...

The post How The NIST Cybersecurity Framework is enhanced by Identity Continuity appeared first on Strata.io.

The post How The NIST Cybersecurity Framework is enhanced by Identity Continuity appeared first on Security Boulevard.

Keep Your Organization Safe with Up-to-Date CVE Information  The National Institute of Standards and Technology (NIST) continues to identify critical cybersecurity vulnerabilities that require immediate action via reports from its National Vulnerability Database (NVD). These reports clarify the ongoing risks organizations face if vulnerabilities are not promptly addressed, including data breaches and system compromises. Recent...

The post New Threats in Cybersecurity: September 2024 CVE Roundup appeared first on TrueFort.

The post New Threats in Cybersecurity: September 2024 CVE Roundup appeared first on Security Boulevard.