Jun 11 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that reels in the cyber-threats and doesnβt believe in catch and release π¨βπ£β
Todayβs hottest cybersecurity news stories:
π§Ή Google cleans house. 1000s of Chinese accounts removed ποΈ
π Microsoft warns of hackers targeting Azure vulnerabilities π¨βπ»
π§ͺ PHP flaw exposes Windows servers to remote code attacks π°οΈ
Major Takedown! π οΈπΊ Google has dismantled 1,320 YouTube channels and 1,177 Blogger blogs tied to a coordinated influence operation linked to the People's Republic of China (PRC). The content, in Chinese and English, focused on China and U.S. foreign affairs.
Key Actions! ππ°
PRC Operation: Thousands of accounts across YouTube, Blogger, Ads, and AdSense terminated.
Β Indonesia Influence: Accounts promoting the ruling party were shut down.
Russian Network: 378 YouTube channels promoting pro-Russia content and disparaging Ukraine were taken down.
Global Reach! ππ»
Pakistan: 59 channels sharing Urdu content critical of local political figures.
Β France: 11 channels with French content critical of political figures.
Russia: 11 channels supporting Russia and criticising Ukraine.
Myanmar: 2 channels supporting the military government.
Emerging Threats! π¨
OpenAI and Meta disrupted a Tel Aviv-based firm, Stoic, spreading pro-Israel messaging in the U.S. and Canada amid the Gaza conflict. This campaign included Facebook comments and links to operation websites, often criticised by genuine users as propaganda.
Olympic Concerns! π π
Microsoft warns of escalating Russian disinformation campaigns targeting the 2024 Paris Olympics. AI-generated content is used to undermine the Games and deter spectators through fabricated terrorism threats and claims of IOC corruption.
Stay Alert! π
As these coordinated operations show, the battle against disinformation is ongoing. Stay informed and critical of the content you consume online.
Whether youβre starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.
Instantly calculate how much time you can save with Vanta.
Potential Threat! π»β οΈ Microsoft is alerting users about the risk of malicious actors exploiting Azure Service Tags to forge requests from trusted services, potentially bypassing firewall rules and gaining unauthorised access to cloud resources.
Key Insights! ππ
Service Tags Risk: Using service tags as the sole mechanism for vetting incoming traffic can be risky. They should not be considered a security boundary but rather a routing mechanism with validation controls.
Affected Services: Tenable identified vulnerabilities in 10 Azure services, including Azure DevOps, Azure Machine Learning, and Azure API Management.
How It Works! π οΈπ
Attackers could potentially craft web requests that appear to be from a trusted service, gaining access to resources in another tenant if the target relies solely on service tags for inbound traffic.
Microsoft's Response! π
Guidance Update: Documentation now states that service tags alone aren't sufficient to secure traffic.
Security Measures: Customers should review and enhance their security protocols to authenticate trusted network traffic.
Tenable's Findings! π§
Tenable researcher Liv Matan emphasised that attackers could impersonate trusted Azure services, bypassing network controls based on service tags, which are often used to prevent public access to internal assets and services.
Top Tips π‘οΈ
Enhance Validation: Use additional validation controls alongside service tags.
Review Configurations: Regularly audit and update firewall rules and authentication mechanisms.
Stay Informed: Keep up with Microsoft's updates and security recommendations.
Stay vigilant and ensure your Azure configurations are secure! ππ
New Vulnerability Alert! π» A critical security flaw in PHP has been identified, potentially allowing remote code execution (RCE) on Windows systems. Tracked as CVE-2024-4577, this CGI argument injection vulnerability affects all PHP versions on Windows.
Key Details! π
Vulnerability: CVE-2024-4577 allows bypassing protections from CVE-2012-1823.
Affected Versions: All PHP versions on Windows; fixed in PHP 8.3.8, 8.2.20, and 8.1.29.
Locale-Specific: Default vulnerability in XAMPP installations using Traditional Chinese, Simplified Chinese, or Japanese locales.
Research Findings! π§ͺπ
DEVCORE security researcher Orange Tsai highlights the flaw's origin in the Best-Fit feature of Windows encoding conversion. This allows unauthenticated attackers to bypass previous protections and execute arbitrary code on remote PHP servers.
Rapid Response! β‘
Patch Release: Fixes available as of May 7, 2024.
Security Recommendations: DEVCORE advises switching from outdated PHP CGI to more secure alternatives like Mod-PHP, FastCGI, or PHP-FPM.
Exploitation in the Wild! ππ£
Immediate Detection: The Shadowserver Foundation detected exploitation attempts within 24 hours of disclosure.
Proof of Concept: watchTowr Labs successfully developed an exploit, emphasising the urgency of applying patches.
Expert Advice! π’
"A nasty bug with a very simple exploit," noted security researcher Aliz Hammond. "Systems running affected configurations under the specified locales must patch immediately due to the high risk of mass exploitation."
Top Tips π‘οΈ
Apply Updates: Ensure PHP installations are updated to the latest versions.
Review Configurations: Shift to secure execution methods like Mod-PHP, FastCGI, or PHP-FPM.
Stay Informed: Monitor security advisories and apply patches promptly.
Stay secure and protect your PHP servers from this critical vulnerability! ππ
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think.
So long and thanks for reading all the phish!