Articles of interest from the week of September 16, 2024

Intel Firmware Vulnerability: Critical Update for System Security (2024.3 IPU - UEFI Firmware Advisory)

Potential security vulnerabilities in UEFI firmware for some Intel® Processors may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing UEFI firmware updates to mitigate these potential vulnerabilities. (Intel)

“The numerous high-severity vulnerabilities in Intel's UEFI/BIOS firmware point to a trend of sophisticated attacks targeting low-level system components. Firmware security may be overlooked where software updates and patches take up the majority of routine maintenance in personal and enterprise environments. OEM distributors (like Dell, Lenovo, and HP), in addition to providing information on their website, will often work with Microsoft to perform BIOS updates along with regular Windows updates or support centralized deployment via SCCM. However, some environments may require manual review and processes. Firmware security is still cybersecurity, and the impact of these vulnerabilities - ranging from information disclosure to privilege escalation - emphasizes the need for organizations to include firmware maintenance in their security practices alongside software.” – Hunter Landry, Senior SOC Analyst at Ingalls Information Security

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

Microsoft has revealed that a new zero-day vulnerability in Windows Update is being actively exploited to undo crucial security fixes. This alarming exploit undermines protective measures, leaving systems vulnerable to attacks. Discover how hackers are leveraging this flaw and what steps can be taken to safeguard your devices in this eye-opening article. (SecurityWeek)

CISA Warns of Windows Flaw Used in Infostealer Malware Attacks

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group.

The vulnerability (CVE-2024-43461) was disclosed during this month's Patch Tuesday, and Microsoft initially classified it as not exploited in attacks. However, Microsoft updated the advisory on Friday to confirm that it had been exploited in attacks before being fixed. (BleepingComputer)

Fortinet Data Breach Impacts Customer Information

Fortinet has suffered a data breach, potentially exposing sensitive customer information. As cyberattacks grow more sophisticated, even industry giants aren't immune. Dive into the details of the breach, how it happened, and what this means for Fortinet's customers in this critical report. (SecurityWeek)

FreeBSD Gets €686,400 to Boost Security Features

FreeBSD, a critical operating system for many servers and embedded devices, has received a significant boost in security funding from the Secure the Future (STF) initiative. With these new resources, FreeBSD aims to enhance its security features, safeguarding millions of systems worldwide. Discover how this funding will strengthen the OS and what it means for the future of open-source security in this insightful article. (Dark Reading)

New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals

A groundbreaking cyberattack, dubbed "RAMBO," is now capable of stealing data from air-gapped systems by exploiting radio signals emitted by a computer's RAM. This sophisticated technique bypasses traditional security measures, posing a significant threat to highly secure environments. Learn how this innovative attack works and what it means for the future of data protection in this fascinating article. (SecurityWeek)