Notices by Not Simon 🐐 (screaminggoat@infosec.exchange)

Business Insider: Microsoft's Copilot has an oversharing problem. The company is trying to help customers fix it. (non-paywalled link)
"On Tuesday, Microsoft released new tools and a guide to help customers mitigate a Copilot security issue that inadvertently let employees access sensitive information, such as CEO emails and HR documents."

WHAT DID I FUCKING SAY ABOUT PUTTING AI INTO EVERYTHING? h/t: @Viss

#microsoft #copilot #vulnerability #ai #infosec #cybersecurity

ICC: Situation in the State of Palestine: ICC Pre-Trial Chamber I rejects the State of Israel’s challenges to jurisdiction and issues warrants of arrest for Benjamin Netanyahu and Yoav Gallant
This will definitely provoke strong comments from everyone: The International Criminal Court (ICC) issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and Israeli Minister of Defense Mr Yoav Gallant or crimes against humanity and war crimes committed from at least 8 October 2023 until at least 20 May 2024.

#news #icc #warcrimes #israel #netanyahu #gallant #humanrights #IsraelWarCrimes #israelhamaswar

Recorded Future Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY
An ongoing cyber-espionage campaign by Russian threat actor TAG-110 targets government entities, human rights groups, and educational institutions in Central Asia, East Asia, and Europe with custom malware. TAG-110's efforts are likely part of a broader Russian strategy to gather intelligence on geopolitical developments and maintain influence in post-Soviet states. Indicators of compromise and Yara rules provided. See the 16 page PDF report.

#Russia #TAG110 #cyberespionage #intelligence #IOC #yara #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

CISA: Joint Statement from FBI and CISA on the People's Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure
CISA-hosted copy of the joint statement that I already mentioned. To add some value to this toot, I'll link an article written by @serghei at Bleeping Computer: US govt officials’ communications compromised in recent telecom hack

#china #cyberespionage #cyberthreatintelligence #CTI #infosec #cybersecurity #threatintel #nationalsecurity #news #FBI #CISA

FBI: Joint Statement from FBI and CISA on the People's Republic of China Targeting of Commercial Telecommunications Infrastructure
FBI and CISA state that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders.

#china #cyberespionage #cyberthreatintelligence #CTI #infosec #cybersecurity #threatintel #nationalsecurity #news #fbi #cisa

Evil Socket: Attacking UNIX Systems via CUPS, Part I

• CVE-2024-47176 cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL.
• CVE-2024-47076 libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing attacker controlled data to the rest of the CUPS system.
• CVE-2024-47175 libppd <= 2.1b1 ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker controlled data in the resulting PPD.
• CVE-2024-47177 cups-filters <= 2.0.1 foomatic-rip allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter.

cc: @chillybot @Viss @evilsocket @morb @cR0w @Enigma

FYSA: Simone Margaritelli @evilsocket dropping what appears to be vulnerability details of a Linux RCE in CUPS at 4pm EST (2000 UTC) today or 1 hour from now.

cc: @Viss @morb @cR0w

#cups #vulnerability #RCE

SAN ISC: Patch for Critical CUPS vulnerability: Don't Panic

CUPS may use "filters", executables that can be used to convert documents. The part responsible ("cups-filters") accepts unverified data that may then be executed as part of a filter operation. An attacker can use this vulnerability to inject a malicious "printer". The malicious code is triggered once a user uses this printer to print a document. This has little or no impact if CUPS is not listening on port 631, and the system is not used to print documents (like most servers). An attacker may, however, be able to trigger the print operation remotely. On the local network, this is exploitable via DNS service discovery. A proof of concept exploit has been made available.

There is no patch right now. Disable and remove cups-browserd (you probably do not need it anyway). Update CUPS as updates become available. Stop UDP traffic on Port 631.

#CVE_2024_47076 #CVE_2024_47177 #CVE_2024_47175 #CVE_2024_47176 #CUPS #linux #vulnerability #cve

Palo Alto Networks advisory: CVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products. Based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues.

Note: PAN on top of the social media scene or have people giving them a heads up.

#CVE_2024_47076 #CVE_2024_47177 #CVE_2024_47175 #CVE_2024_47176 #CUPS #linux #PaloAltoNetworks #vulnerability #cve

Tenable: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
This is perhaps the most informative and comprehensive guide to the CUPS vulnerabilities yet. While I question the use of the phrase zero-days, they were publicly announced prematurely due to a leak ahead of a coordinated disclosure date, and proof of concept has been released. Fortunately, it's not the 9.9 doomsday that everyone was hawk tuahing about. Skibidi I don't think anyone reads what I write anyway. Only in Ohio though.

As @CraigHRowland said:

The bad news is there is a vulnerability in the CUPS printer system on Linux. The good news is nobody has ever gotten their printer working on Linux so they are safe.

#CVE_2024_47076 #CVE_2024_47177 #CVE_2024_47175 #CVE_2024_47176 #CUPS #linux #vulnerability #cve

@ryanc Blåhaj is love

FBI: Joint ODNI, FBI, and CISA Statement
See parent toot above for original statement. The FBI has learned additional details about Iran’s efforts to sow discord and shape the outcome of U.S. elections.

• Iranian malicious cyber actors in late June and early July sent unsolicited emails to individuals then associated with President Biden’s campaign that contained an excerpt taken from stolen, non-public material from former President Trump’s campaign as text in the emails.
• Iranian malicious cyber actors have continued their efforts since June to send stolen, non-public material associated with former President Trump’s campaign to U.S. media organizations.

Foreign actors are increasing their election influence activities as November approaches. In particular, Russia, Iran, and China are trying by some measure to exacerbate divisions in U.S. society for their own benefit, and see election periods as moments of vulnerability. Efforts by these, or other foreign actors, to undermine our democratic institutions are a direct threat to the U.S. and will not be tolerated.

#fbi #electionsecurity #iran #election2024 #influenceoperations #china #russia #news

CISA: Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts
The Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a statement regarding Iran's influence operations targeting the American public and malicious cyber operations targeting Presidential campaigns. FBI and CISA provide recommendations for staying safe online, and to report suspicious or criminal activity to their local Election Crime Coordinators via FBI field office.

#iran #election2024 #influenceoperations #cyberespionage #odni #irgc #fbi #cisa #charmingkitten #apt42 #mintsandstorm #electionsecurity

@infosec_jcp My wife asked me why I carry a gun in the house. I looked at her and said "Decepticons." She laughed, I laughed, the toaster laughed, I shot the toaster, it was a good time.

@DaveMWilburn

1. only use Mastodon during business hours
2. "Notify me when @screaminggoat posts"
3. ???
4. go outside and touch grass, you're free!

Washington Post: Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO
Apple asked a court Friday to dismiss its three-year-old hacking lawsuit against spyware pioneer NSO Group, arguing that it might never be able to get the most critical files about NSO’s Pegasus surveillance tool and that its own disclosures could aid NSO and its increasing number of rivals. h/t @JosephMenn @evacide @wyat

#news #apple #nso #spyare #pegasus #humanrights

@ryanc Some USB 1.1 kind of problems

watchTowr: We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Yo what the fuck. watchTowr had inadvertently undermined the CA process for the entire .mobi TLD:

we took control of a chunk of the Internet’s infrastructure, opened up a big slab of juicy attack surface, and found a neat way of undermining TLS/SSL - the fundamental protocol that allows for secure communication on the web.

No spoilers, this is a must-read.

#mobi #tls #ssl #vulnerability

FBI: Business Email Compromise: The $55 Billion Scam
This is an update and companion piece to a 09 June 2023 FBI PSA about business email compromise. This includes new complaint information and updated statistics from October 2013 to December 2023. The FBI defines what Business Email Compromise/Email Account Compromise (BEC) is, provides statistical data about it, and gives prevention tips on how to protect yourself or your business.

#fbi #bec #businessemailcompromise #cybercrime

🖼