Cyber Security News

The latest cyber security stories, summarized by AI

Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users

Security researchers LayerX revealed a zero-click remote code execution flaw in Claude Desktop Extensions (DXT) that leverages the Model Context Protocol to chain untrusted data from Google Calendar into a privileged local executor. An attacker can trigger the payload via a malicious calendar event with no user interaction, potentially compromising the host with the user’s privileges. The issue affects over 10,000 active Claude users and more than 50 DXT extensions; Anthropic has reportedly not fixed it yet, citing the architecture of MCP autonomy. Mitigations include disconnecting high-privilege local extensions from untrusted data sources and awaiting a patch or architectural changes to MCP. This serves as a warning about the security risks of AI agents autonomously bridging data to local systems.

18 days ago•Source: CybersecurityNews

Public Rainbow Tables Sharpen NTLMv1 Attacks, Prompting Urgent Remediation

cyber-security

53.83 min•1 month ago

Public Rainbow Tables Sharpen NTLMv1 Attacks, Prompting Urgent Remediation

Mandiant publicly released Net-NTLMv1 rainbow tables, making NTLMv1 hash cracking practical with modest hardware and lowering barriers for admin-level credential compromise. The dataset, hosted via Google Cloud, underscores the urgent need to disable Net-NTLMv1 and migrate to NTLMv2; organizations should monitor for LM/NTLMv1 usage in Windows Event logs (e.g., Event ID 4624) and implement robust detection and remediation to prevent post-compromise downgrades and broader AD compromise (e.g., DCSync attacks).

via Cyber Security News