This Month in Cybersecurity - August edition news roundup is here. 
As the summer wraps up, it’s easy to have missed some of the significant cybersecurity events that unfolded. But don’t worry, we’ve got you covered! This roundup will get you up to speed on the most crucial developments. Let’s dive into the key stories you need to know about to stay ahead of the curve. 
1. Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP’s network infrastructure, allowing them to tamper with software updates delivered to Windows and Mac users. By exploiting unsecure connections that lacked TLS or cryptographic signatures, they used DNS poisoning to redirect update requests for several apps to malicious servers, leading to the installation of malware. The attack, attributed to the Chinese hacking group StormBamboo, highlights the risks of using unencrypted update mechanisms and highlights the importance of securing software updates with proper encryption and authentication methods.
| Date: | Aug 6, 2024 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Dan Goodin |
2. 0.0.0.0 Day: Exploiting localhost APIs from the browser
Oligo Security’s research revealed a critical vulnerability dubbed “0.0.0.0 Day,” which allows malicious websites to exploit local services on MacOS and Linux via web browsers, potentially leading to unauthorized access and remote code execution. This flaw arises from inconsistencies in how different browsers handle network requests, particularly when interacting with the IP address 0.0.0.0. While browser developers are working on fixes, the vulnerability remains exploitable. Developers are advised to implement protective measures, such as PNA headers and CSRF tokens, to safeguard local applications until a standardized browser fix is in place.
| Date: | Aug 7, 2024 |
|---|---|
| Source: | Oligo |
| Author: | Avi Lumelsky |
3. Microsoft: Enable MFA or lose access to admin portals in October
Microsoft has warned Entra global admins to enable multi-factor authentication (MFA) for their tenants by October 15, 2024, to avoid losing access to admin portals. This requirement is part of Microsoft’s Secure Future Initiative (SFI) to protect Azure accounts from phishing and hijacking by enforcing MFA for all Azure sign-ins. Admins can postpone the enforcement until April 2025, but Microsoft cautions that delaying increases security risks. MFA will also become mandatory for accessing various Azure services and tools starting in early 2025. Microsoft emphasizes that MFA significantly reduces the risk of account compromise.
| Date: | Aug 16, 2024 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Sergiu Gatlan |
4. Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio
Researchers discovered a critical security vulnerability (CVE-2024-38206) in Microsoft’s Copilot Studio, which could allow attackers to access sensitive information through a server-side request forgery (SSRF) attack. By exploiting this flaw, attackers could bypass protections and gain unauthorized access to internal cloud resources, including Microsoft’s internal infrastructure and Cosmos DB instances. Although the vulnerability has been fully patched by Microsoft, the issue highlighted the potential risk of impacting multiple tenants due to shared infrastructure. No action is required from users, as the vulnerability has been addressed.
| Date: | Aug 21, 2024 |
|---|---|
| Source: | Security Affairs |
| Author: | Pierluigi Paganini |
5. GitHub patches critical security flaw in Enterprise Server granting admin privileges
GitHub has patched three security flaws in its Enterprise Server product, including a critical vulnerability (CVE-2024-6800) with a CVSS score of 9.5. This flaw could allow attackers to gain site administrator privileges by exploiting SAML single sign-on (SSO) with certain identity providers. Two other medium-severity vulnerabilities were also addressed, which could allow unauthorized updates to issues in public repositories and access to private repository contents. Users of vulnerable GitHub Enterprise Server versions are strongly urged to update to the latest versions to mitigate these risks.
| Date: | Aug 22, 2024 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
6. Oh, no! Windows security update breaks Dual-Boot Linux system
A recent Windows update released on August 13, intended to fix a two-year-old vulnerability (CVE-2022-2601), inadvertently caused issues for users with dual-boot systems running both Windows and Linux. The update, which included changes to the Secure Boot Advanced Targeting (SBAT) mechanism, led to boot failures for Linux distributions, displaying errors related to security policy violations. Microsoft acknowledged the problem and is working with Linux partners to resolve it. Meanwhile, the Linux community has provided a workaround involving disabling Secure Boot and adjusting SBAT settings to restore functionality.
| Date: | Aug 22, 2024 |
|---|---|
| Source: | It’s FOSS News |
| Author: | Sourav Rudra |
7. Debate over “open source AI” term brings new push to formalize definition
The Open Source Initiative (OSI) has released a draft definition of “open source AI” to address the ambiguity around the term, particularly as companies like Meta release AI models with restrictions while claiming they are open source. The draft emphasizes four fundamental freedoms for AI systems, including usage, modification, and sharing without restrictions. It also requires transparency about training data and methods, although not necessarily the release of the raw data. The final definition, expected in October, aims to establish a clear standard for open source AI, potentially influencing industry practices and regulations.
| Date: | Aug 27, 2024 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Benj Edwards |
Conclusion
Thanks for catching up with us in this month’s cybersecurity roundup. We hope these insights help you stay secure and informed. 
If you’ve come across any other noteworthy news or have thoughts on the stories we covered, we’d love to hear from you! Share them in the Passbolt community forum, and you could earn a badge for your contribution 
https://hubs.li/Q02bCy160.
Let’s keep the conversation going and continue to learn from each other.