Microsoft ceeb toom ntawm Chaw Ua Haujlwm Tseem Ceeb Zero-Hnub, Google Pixel Devices Shipped nrog Critical Vulnerability: Koj Cybersecurity Roundup

Cybersecurity xov xwm banner ntawm xoom-hnub kev hem thawj thiab cov cuab yeej tsis zoo.

Microsoft ceeb toom ntawm Chaw Ua Haujlwm Tseem Ceeb Zero-Day

Microsoft tau tshaj tawm lub suab ceeb toom txog qhov tsis txaus ntseeg tseem ceeb hauv nws qhov Office software suite uas tuaj yeem tso cai rau cov neeg tawm tsam nyiag rhiab. ntaub ntawv. Qhov teeb meem xoom-hnub, raug xaiv CVE-2024-38200, cuam tshuam ntau yam ntawm Chaw Ua Haujlwm, suav nrog kev siv dav dav xws li Office 2016, Office LTSC 2021, Microsoft 365 Apps for Enterprise, thiab Office 2019.

Kev siv qhov tsis zoo no tuaj yeem ua rau cov neeg ua phem ua phem rau cov ntaub ntawv tsim tshwj xeeb uas, thaum qhib los ntawm cov neeg siv tsis raug cai, yuav tso cai nkag mus rau cov ntaub ntawv tsis raug cai. Thaum Microsoft twb tau siv qhov kev txhim kho ib ntus thiab tab tom npaj ib qho kev nthuav dav rau kev tso tawm thaum Lub Yim Hli 13th, lub tuam txhab hais txog qhov tseem ceeb ntawm kev hloov kho Office software kom sai li sai tau.

Qhov tsis muaj peev xwm qhia txog cov teeb meem tsis tu ncua ntawm cov koom haum ntsib hauv kev tswj kom muaj zog cybersecurity kev tiv thaiv, raws li cov neeg tawm tsam pheej nrhiav txoj hauv kev tshiab los cuam tshuam cov kab ke.

Ransomware Gang Leverages nthuav tawm .env Cov Ntaub Ntawv rau Kev Tawm Tsam Loj

Ib pawg ransomware ransomware tau ua tiav extorted ntau lub koom haum los ntawm kev siv cov ntaub ntawv .env uas muaj cov ntaub ntawv pov thawj rhiab heev. Cov neeg tawm tsam tau nqis peev ntau ntawm kev ruaj ntseg yuam kev, suav nrog kev cuam tshuam ntawm ib puag ncig hloov pauv, kev siv cov ntawv pov thawj nyob ntev, thiab kev tswj hwm tsis tsim nyog.

Los ntawm kev nkag mus rau cov neeg raug tsim txom 'AWS ib puag ncig, cov neeg ua phem hem thawj tau pib ua haujlwm scanning loj tshaj 230 lab tus thawj tswj hwm thiab cuam tshuam ntau txhiab ntawm .env cov ntaub ntawv. Cov ntaub ntawv no muaj cov ntaub ntawv pov thawj tseem ceeb rau cov kev pabcuam huab thiab kev tshaj xov xwm hauv social media, muab cov neeg tawm tsam nrog lub foothold los nyiag cov ntaub ntawv rhiab thiab thov them tus nqe txhiv.

Txoj kev sib tw txoj kev vam meej qhia txog qhov tseem ceeb ntawm kev coj noj coj ua kev nyab xeeb, suav nrog kev tiv thaiv cov ntaub ntawv rhiab heev thiab siv cov kev tswj xyuas kom muaj zog. Cov koom haum yuav tsum ua qhov tseem ceeb ntawm kev tiv thaiv .env cov ntaub ntawv thiab lwm yam ntaub ntawv teeb tsa kom tsis txhob muaj kev tso cai nkag.

Google Pixel Devices Shipped nrog Critical Vulnerability

Qhov teeb meem kev nyab xeeb tseem ceeb tau pom nyob rau hauv ib qho kev teeb tsa ua ntej ntawm ntau lab ntawm Google Pixel li. Lub app, "Showcase.apk," uas tsim los rau Verizon khw demos, tau pom tias muaj qhov tsis zoo uas tuaj yeem tso cai rau cov neeg tawm tsam kom tshem tawm cov lej thiab teeb tsa malware.

Qhov teeb meem tshwm sim los ntawm lub app lub peev xwm ntau dhau thiab nws qhov kev cia siab ntawm HTTP kev sib txuas tsis ruaj ntseg rau rub tawm cov ntaub ntawv teeb tsa. Qhov kev sib xyaw ua ke no tsim txoj hauv kev rau cov neeg ua phem phem los cuam tshuam thiab hloov kho cov ntaub ntawv teeb tsa, muaj peev xwm cuam tshuam rau lub cuab yeej.

Txawm hais tias tsis muaj pov thawj ntawm qhov tsis muaj peev xwm raug siv nyob rau hauv cov tsiaj qus, qhov tshwm sim yuav tshwm sim hnyav. Qhov tsis txaus ntseeg tuaj yeem tso cai rau cov neeg tawm tsam kom tau txais kev tswj hwm ntawm lub cuab yeej, nyiag cov ntaub ntawv rhiab, lossis nruab spyware.

Google tau lees paub qhov teeb meem thiab tab tom ua haujlwm tshem tawm lub app los ntawm txhua qhov txhawb nqa Pixel. Txawm li cas los xij, qhov kev tshawb pom qhia txog qhov tseem ceeb ntawm kev ntsuam xyuas kev nyab xeeb, txawm tias cov software ua ntej.

FBI cuam tshuam kev ua haujlwm ntawm Emerging Ransomware Group, Radar / Dispossessor

Nyob rau hauv ib qho tseem ceeb yeej tawm tsam cybercrime, Tsoom Fwv Teb Chaws Saib Xyuas Kev Tshawb Fawb (FBI) tau tshaj tawm txog kev cuam tshuam ntawm cov txheej txheem tseem ceeb hauv online uas yog los ntawm pab pawg nascent ransomware, Radar / Dispossessor. Qhov kev tshem tawm no ua rau muaj kev txhim kho zoo hauv kev sib ntaus sib tua tsis tu ncua txhawm rau txhawm rau txhawm rau thoob ntiaj teb ransomware kev hem thawj.

Radar / Dispossessor, ntseeg tias yuav tsum tau coj los ntawm online persona "Lub hlwb," tau tshwm sim thaum Lub Yim Hli 2023 thiab tsim nws tus kheej sai sai ua kev hem thawj rau cov lag luam me thiab nruab nrab (SMBs) thoob plaws ntau qhov chaw thoob ntiaj teb. Cov pab pawg tau ua haujlwm tam sim no-ib qho "ob npaug ntxiv" kev tawm tsam, encrypting cov ntaub ntawv raug tsim txom thiab hem tias yuav tso tawm rau pej xeem tshwj tsis yog qhov kev thov nqe txhiv tau ua tiav. Kev tshawb nrhiav pom tias muaj peev xwm txuas ntawm Radar / Dispossessor thiab yav dhau los cov tswv cuab ntawm LockBit ransomware laib tsis zoo.

FBI txoj haujlwm tau ua tiav kev tswj hwm cov servers nyob hauv Tebchaws Meskas, United Kingdom, thiab Lub Tebchaws Yelemees uas yog qhov tseem ceeb rau pab pawg ua haujlwm. Tsis tas li ntawd, yim lub txim txhaum cai sau npe hauv Asmeskas thiab ib qho hauv Tebchaws Yelemees cuam tshuam nrog Radar / Dispossessor tau xiam.

Qhov kev tshem tawm no qhia txog kev loj hlob thoob ntiaj teb kev koom tes ntawm cov koom haum tub ceev xwm hauv kev tawm tsam ransomware. FBI txoj kev vam meej qhia txog kev nthuav dav ntawm kev sib koom tes thiab kev sib koom ua ke txhawm rau txhawm rau cuam tshuam cov haujlwm ransomware. Txawm li cas los xij, kev sib ntaus tawm tsam cybercrime tseem nyuaj thiab hloov mus tas li.