Critical CUPS vulnerability compromises Linux systems
Several critical security vulnerabilities were found in the Common Unix Printing System (CUPS) for Linux, identified as CVE-2024-47175 through CVE-2024-47177.
Security research by Simone Margaritelli has shown that a foreign unauthorized attacker can silently replace existing printers (or install new ones) resulting in arbitrary command execution when running a print job.
The vulnerability stems from a lack of network data authentication, which allows attackers to allow a vulnerable system to install a malicious printer driver, send a print job to that driver, and trigger the execution of malicious code.
Rapid7 has warned that affected systems are vulnerable either from the public Internet or across network segments only if UDP port 631 is available.
Patches are currently being created and are expected to be released in the coming days.
It is recommended that you disable and remove the cups-browsed service if it is not required, and block or restrict traffic on UDP port 631.
According to Shodan, at the time of writing there were 355 public IP addresses with CUPS open to the Internet in the Czech Republic and Slovakia.
Millions of Kia cars could be remotely controlled by attackers
Millions of Kia cars could be remotely hacked with license plate information until the manufacturer fixed a bug that allowed such access in mid-August.
Researcher Sam Curry said he discovered the Kia vulnerability during additional research into vulnerabilities he and colleagues discovered several years ago in cars from Kia, Honda, Infiniti, Nissan, Acura, BMW, Mercedes and others. At that time, the researchers showed how anyone could exploit the vulnerabilities and it was possible to remotely lock and unlock the vehicles, turn the engine on and off, and activate the vehicle’s lights and horn.
The new vulnerability that Curry and his colleagues discovered was linked to the API used to send commands to Kia cars. An attacker could quietly obtain personal information including the owner’s name, phone number, email address and physical address.
Interestingly, these attacks could be carried out remotely on any vehicle within approximately 30 seconds, regardless of whether it had an active Kia Connect subscription.
Telegram will share users’ phone numbers and IP addresses with police
Telegram has announced that it will now share users’ phone numbers and IP addresses with law enforcement authorities based on applicable legal requirements. This measure should only be applied if the user is suspected of criminal activity and there is a valid court order. Previously, this data was only shared in cases involving suspected terrorism.
The change was announced by Telegram CEO Pavel Durov, who also said that any data sharing will be included in quarterly transparency reports.
The measures were introduced after Pavel Durov, the Russian founder and CEO of Telegram, was arrested in France in connection with an investigation into the use of Telegram for fraud, drug trafficking and the distribution of illegal content. Durov was later released on bail.
Microsoft announced the end of WSUS development
Microsoft has announced the official end of development of Windows Server Update Services (WSUS).
WSUS, originally introduced in 2005 as Software Update Services (SUS), enables IT administrators to manage and distribute Microsoft product updates across large corporate networks.
Despite the fact that new features and development for WSUS will cease, Microsoft plans to support existing functionality and updates to the service that will continue to be distributed after its retirement.
This change will affect enterprise environments that depend on WSUS to manage updates delivered to many devices, but will not affect home users or those using Microsoft Configuration Manager.
With the retirement of WSUS, Microsoft recommends that enterprises move to cloud-based solutions for client and server update management, such as Windows Autopatch, Microsoft Intune and Azure Update Manager.
‘Necro’ malware infects 11 million devices via Google Play
A new version of the Trojan called Necro has hit 11 million Android devices via Google Play.
Cybersecurity firm Kaspersky has detected the presence of the Necro Trojan in two apps on Google Play. The first is Benq’s Wuta Camera, a photo editing and beautification tool that has been downloaded by over 10 million users on Google Play. The second infected app is Max Browser by WA message recover-wamr, a browser with a million downloads that was subsequently removed from Google Play following reports from Kaspersky.
According to analysts at Kaspersky LAB, Necro appeared on the Wuta Camera app with the release of version 6.3.2.148 and remained there until version 6.3.6.148. Although the trojan was removed in version 6.3.7.138, some payloads installed via earlier versions may still remain on Android devices.
Max Browser has been removed and users are advised to uninstall the application and switch to another browser.
The number of devices infected by this wave of the Necro trojan is unknown, but Google Play data puts the number at least 11 million.