This Month in Cybersecurity - December 2023

:wave: Welcome to this edition of “This Month in Cybersecurity - December 2023.” Together, let’s explore a topic that affects us all: cybersecurity and privacy in the digital age.

This month has witnessed a spectrum of noteworthy developments. From the emergence of LogoFAIL firmware impacting Windows and Linux devices to an autospill vulnerability revealing user credentials, and GitHub vulnerabilities complicating threat detection, December has been a month of diverse challenges and advancements. So sit back, relax, grab a cup of coffee and enjoy these short summaries below:

1. Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

LogoFAIL is a new attack affecting two dozen newly discovered vulnerabilities in Unified Extensible Firmware Interfaces (UEFI) found in Windows and Linux computers. These long-standing vulnerabilities can evade common defences, like Secure Boot, and allow for execution of malicious firmware during the early boot process. The attack, named after logos displayed during boot-up, provides remote execution capabilities, posing a significant threat to platform security. The vulnerabilities impact a wide range of hardware models across the x64 and ARM ecosystem. To mitigate LogoFAIL attack, users are advised to install the UEFI security updates released by manufacturers.

Date: Dec 6, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Vulnerability, Cyber Risk/Cyber Threats

2. Your mobile password manager might be exposing your credentials

A vulnerability called “AutoSpill” was found to inadvertently spill user credentials due to a flaw in an autofill functionality of Android apps. Discovered by researchers at IIT Hyderabad, the flaw occurs when an Android app loads a login page in WebView, and certain password managers can get “disoriented” about where they should target the user’s login information and instead expose their credentials to the underlying app’s native field. This could be exploited by a malicious app for unauthorized access. The researchers have alerted Google and the affected password managers like Enpass, 1Password, Keeper, Lastpass who are currently working on a fix and introducing a mitigation process in place.

Date: Dec 6, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Password Security, Vulnerability

3. Discord adds Security Key support for all users to enhance security

Discord has extended security key multi-factor authentication (MFA) to all of its 500+ million users, providing enhanced security against phishing and credential theft. Users can now utilise WebAuthn feature to replace the legacy MFA system, enabling configurations with Windows Hello, Apple’s Face ID or Touch ID, and hardware security keys for authentication. WebAuthn, a password-less authentication developed by W3C and the FIDO Alliance offers a more non-phishable and non-guessable authentication, making it more secure and resistant to replay attacks. Discord plans to continue working on introducing WebAuthen-based password-less login in the future, but also still maintaining the legacy MFA option for those who prefer it.

Date: Dec 14, 2023
Source: Bleeping Computer
Author: Bill Toulas
Tag: Authentication, Tech

4. Hackers abusing GitHub to evade detection and control compromised hosts

Threat actors are increasingly utilising GitHub for malicious purposes through tactics like abusing secret Gists and issuing malicious commands via git commit messages. This method makes it challenging to detect and report such attacks. The abuse of GitHub secret gists enables threat actors to use them as some sort of a pastebin service for malicious commands. Researchers found PyPI packages masquerading as network proxying libraries, containing Base64-encoded URLs pointing to secret Gists with malicious commands. Another technique involves extracting commands from git commit messages in a PyPI package named easyhttprequest. These fraudulent packages have been taken down from the Python Package Index repository.

Date: Dec 19, 2023
Source: The Hacker News
Author: The Hacker News
Tag: Software Security, Cyber Risk/Cyber Threats

5. Google Cloud resolves privilege escalation flaw impacting Kubernetes Service

Google Cloud has addressed a medium-severity security flaw that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. Discovered by Palo Alto Networks Unit 42, the vulnerability involves compromising the Fluent Bit logging container and leveraging high privileges in Anthos Service Mesh. The issue, fixed in specific GKE and ASM versions, could lead to data theft, and disrupt the cluster’s operations. In order to mitigate the risks, Google has removed Fluent Bit’s access to the service account tokens and re-architected the functionality of ASM to remove excessive RBAC permissions. There has been no evidence of exploitation in the wild. It is advised to always update to the latest versions to mitigate against such attacks.

Date: Dec 28, 2023
Source: The Hacker News
Author: Newsroom
Tag: Cloud Security, Data Protection

Conclusion

That concludes the “This Month in Cybersecurity - December 2023 edition” news roundup. :newspaper:

We hope that these brief summaries have provided you with valuable insights into the significant cybersecurity trends that shaped the digital landscape this month. Our commitment is to empower the community with the latest information, to foster a culture of proactive cybersecurity practices.

Your engagement is valuable to us so don’t hesitate to share any interesting article or news update in the "In the News"section of the passbolt community forum: In the news - Passbolt community forum

We wish you a secure and prosperous New Year ahead! :partying_face: :tada:

Stay safe!

1 Like