Intel’s latest patch set plugs some serious holes in CPU, Bluetooth, server, and — ironically — security lines
Intel has pushed out a raft of security advisories for June, bringing its total discovered “potential vulnerabilities” for the year to date to 132, only a quarter of which were reported by external contributors and the company’s bug bounty programme.
“Today we released 29 security advisories addressing 73 vulnerabilities,” Intel’s Jerry Bryant said of the company’s latest updates. “40 of those, or 55 per cent, were found internally through our own proactive security research. Of the remaining 33 CVEs being addressed, 29, or 40 per cent, were reported through our bug bounty programme.”
While the bug bounty programme may have accounted for a minority of this month’s vulnerabilities, in the context of 2021 so far, that’s more than usual. For the 132 “potential vulnerabilities” patched, a whopping 75 per cent were discovered by Chipzilla’s internal security team — and 70 per cent patched out before public disclosure.
This month’s patch set includes fixes for a range of issues, several of them rated as high severity — including four local privilege escalation vulnerabilities in firmware for its CPU products; another local privilege escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d); a somewhat ironic network-exploitable privilege escalation vulnerability in the Intel Security Library; yet another locally exploitable privilege escalation in the NUC family of computers; still more in its Driver and Support Assistant (DSA) software and RealSense ID platform; and a denial-of-service (DoS) vulnerability in selected Thunderbolt controllers.
Source — https://www.theregister.com/2021/06/09/intels_latest_patch_set/
Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances
Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine cryptocurrency. Microsoft said the deployments witnessed an uptick towards the end of May.
Kubeflow is an open-source machine learning platform designed to deploy machine learning workflows on Kubernetes, an orchestration service used for managing and scaling containerized workloads across a cluster of machines. The deployment, in itself, was achieved by taking advantage of Kubeflow, which exposes its UI functionality via a dashboard that is deployed in the cluster. In the attack observed by Microsoft, the adversaries used the centralized dashboard as an ingress point to create a pipeline to run TensorFlow images that perform cryptocurrency mining tasks. The intrusions also echo similar attacks observed by Microsoft’s Azure Security Center last April that abused Internet-exposed Kubeflow dashboards to deploy a backdoor container for a crypto-mining campaign.
Source — https://thehackernews.com/2021/06/crypto-mining-attacks-targeting.html
Microsoft June Patch Tuesday Addresses 50 Security Vulnerabilities Including 6 Zero-Day Bugs
The most important fixes from Microsoft with June patch Tuesday revolve around six different bugs publicly exploited. One of these bugs, CVE-2021–33742, achieved a critical severity rating with a CVSS score of 7.5. It not only caught public attention but also went under attack before a fix could arrive. This vulnerability directly affected the Trident (MSHTML) engine, thereby impacting numerous apps. Exploiting this bug could allow remote code execution attacks on target systems. Similarly, two other important severity bugs CVE-2021–31199 and CVE-2021–31201, affecting the Microsoft Enhanced Cryptographic Provider, also went under attack. Exploiting these bugs allows an attacker to gain elevated privileges on target devices. Like these two vulnerabilities, two other important bugs also went under attack stealthily. These include an information disclosure bug in Windows Kernel (CVE-2021–31955) and a privilege escalation flaw in Windows NTFS (CVE-2021–31956). The sixth zero-day vulnerability affecting the Microsoft DWM Core Library (CVE-2021–33739) has also received a patch this month. Microsoft labeled it as an important severity bug that allowed privilege escalation.
From the 50 different security fixes, the above six are the most notable ones since Microsoft has detected active exploitation of them. Nonetheless, the update bundle addresses four other critical severity bugs that allow remote code execution attacks. These vulnerabilities exist in Microsoft Defender (CVE-2021–31985), Microsoft SharePoint Server (CVE-2021–31963), VP9 Video Extensions (CVE-2021–31967), and Scripting Engine (CVE-2021–31959).
Malvertising: What It Is and How to Stay Safe
Hackers and fraudsters try every trick in the book to steal user data, and one of the weapons in their arsenal is malvertising. Delivering malware using online ads is a sneaky ploy to infect phones or computers with viruses and malicious programs. However, the use of appropriate tools can help you shield against malicious online ads. In this article, we shall dive deeper into the world of malvertising and learn about the sophisticated cybersecurity tools to prevent attacks through online ads.
When cybercriminals use online advertising to install and spread malware into your computer, it’s called malvertising. The process involves injecting malicious ads into legitimate advertising networks displaying ads on websites of reputable organizations. What’s worrisome is that these malicious ads infect your computer with malware even if you don’t click on them. The latter is called a drive-by download, which means that the infection spreads with little to no user participation.
You can end up a victim of malvertising even if you just visit the website where the corrupt ad has been displayed. As mentioned before, it is referred to as a drive-by download where an infected ad can infect your device only by finishing its loading when you are on the website. Here’s how cybercriminals use the complex online advertising mechanism to inject malware. They buy advertising space from advertising networks which they use to submit images infected with malicious code. These ads are run on legitimate sites, and the cybercriminal’s job is done when you unsuspectingly either click on them or simply allow them to load to infect your computer.
Source — https://latesthackingnews.com/2021/06/10/malvertising-what-it-is-and-how-to-stay-safe/
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT