RedHat issued an urgent security alert after discovering a backdoor in XZ Utils versions 5.6.0 and 5.6.1, impacting major Linux distributions. The malicious code, with a maximum severity CVSS score, allows unauthorized remote access and interferes with the sshd daemon process. The compromised packages are present in Fedora 41 and Fedora Rawhide, prompting recommendations for users to downgrade to a safe version. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised users to downgrade XZ Utils to an uncompromised version.
Google's Gemini large language model (LLM) is found to be susceptible to security threats that could lead to the disclosure of system prompts, generation of harmful content, and indirect injection attacks. The vulnerabilities impact consumers using Gemini Advanced with Google Workspace and companies using the LLM API. These findings highlight the need for testing models for prompt attacks, training data extraction, model manipulation, adversarial examples, data poisoning, and exfiltration, emphasizing the importance of continuously improving safeguards against adversarial behaviors.
The US Commerce Department is launching an investigation into the potential national security risks posed by smart car technology from China and other countries, citing concerns about the potential for data collection and exploitation. The probe will focus on "connected vehicles," and while no immediate restrictions are being imposed, new regulations may be considered in the future. This move reflects broader tensions between the US and China over technology and trade, with both countries accusing each other of using unfair practices.
Leaked documents from Chinese hacking company I-Soon have revealed insights into state surveillance, showing the company's services including accessing private websites, disinformation campaigns, and hacking social media accounts for clients. The documents also revealed targets such as foreign governments, telecom providers, and various organizations, shedding light on China's state-backed hacking tactics. The leak has sparked investigations and concerns about Chinese authorities' monitoring tactics and cybersecurity threats.
Fortinet has disclosed a critical security flaw in FortiOS SSL VPN, likely being actively exploited, allowing for the execution of arbitrary code and commands. The vulnerability impacts multiple versions of FortiOS, and patches have been issued for other CVEs affecting FortiSIEM supervisor. Recent reports reveal Chinese state-sponsored actors exploiting known flaws in Fortinet devices, underscoring the growing threat faced by internet-facing edge devices lacking endpoint detection and response support.
A new security flaw in the GNU C library (glibc) allows local attackers to gain root access on Linux machines, impacting major distributions like Debian, Ubuntu, and Fedora. The vulnerability, tracked as CVE-2023-6246, is a heap-based buffer overflow in the __vsyslog_internal() function and was accidentally introduced in glibc 2.37. Further analysis also revealed two more flaws in the same function and a bug in the qsort() function, affecting all glibc versions released since 1992. This comes after a previous high-severity flaw in glibc was detailed by Qualys, emphasizing the critical need for strict security measures in software development.
A security flaw in Microsoft Outlook, tracked as CVE-2023-35636, could allow threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file, potentially through email or web-based attack scenarios. The vulnerability, now patched, was discovered by Varonis security researcher Dolev Taler and could lead to NTLM hashes being leaked. Microsoft has announced plans to discontinue NTLM in Windows 11 in favor of Kerberos for improved security.
Microsoft plans to phase out the NT LAN Manager (NTLM) authentication protocol in Windows 11 and focus on strengthening the Kerberos authentication protocol for improved security. New features in Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. NTLM, introduced in the 1990s, has been supplanted by Kerberos since Windows 2000 but continues to be used as a fallback mechanism. NTLM has inherent security weaknesses and is vulnerable to relay attacks, prompting Microsoft to encourage the use of Kerberos instead.
