What is Remote Unauthenticated Code Execution Vulnerability in OpenSSH server? 

A security regression (CVE-2024-6387) was found in OpenSSH’s server (sshd). This issue arises from a race condition that causes sshd to handle certain signals unsafely. A remote attacker, without authentication, might exploit this by failing to authenticate within a specified time frame. The Qualys Threat Research Unit (TRU) discovered an unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. This marks the first OpenSSH vulnerability in nearly twenty years and allows an unauthenticated RCE that provides full root access. The vulnerability affects the default configuration and requires no user interaction, representing a significant exploit risk. 

What is affected? 

OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE2006-5051 and CVE-2008-4109. Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure. Versions from 8.5p1 up to, but not including, 9.8p1 are vulnerable due to the accidental removal of a critical component in a function. OpenBSD systems 

The post Unmasking CVE-2024- 6387: The Critical OpenSSH first appeared on Nangia & Co LLP.

What is the vulnerability 

A zero-day command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. Threat actors have been able to exploit the vulnerability to compromise the firewall to introduce a python based backdoor, create a reverse shell, download further tools on the device, exfiltrate data and move laterally within the network. The exact origins of the threat actor exploiting the flaw are presently unknown but Palo Alto Networks Unit 42 is tracking the malicious activity under the name Operation MidnightEclipse. 

How do you protect yourself? 

This issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Hotfixes for other commonly deployed maintenance releases will also be made available to address this issue. Palo Alto Networks states that hotfixes for rest of the versions will be released by the date 19/04/2024.

The post Don’t Get Hacked: Fixing the PAN-OS Flaw first appeared on Nangia & Co LLP.

In recent years, India has witnessed a significant rise in white-collar and corporate crimes, driven by rapid economic growth and technological advancements. These crimes, often committed by individuals in high social and professional positions, have a profound impact on our society and economy. They encompass fraud, embezzlement, bribery, insider trading, money laundering, and cybercrimes. Several factors contribute to this increase: 

Technological Advancements: 

The digitalization of financial transactions and corporate operations has created new opportunities for cybercrimes and financial frauds. A recent report by the Indian Cybercrime Coordination Centre (I4C) revealed that digital financial frauds accounted for a staggering INR 1.25 lakh crore over the last three years. According to the National Cybercrime Reporting Portal (NCRP), in 2023, at least INR 10,319 crore was reported to be lost by victims of digital financial fraud. 

Economic Growth: 

India’s rapid industrial and economic development has inadvertently facilitated corporate frauds. The need for effective fraud risk management is underscored by the disappearance of companies from stock exchanges. For instance, 2750 companies vanished from the Bombay Stock Exchange, highlighting the urgency of implementing robust fraud risk management measures. 

The post RBI Strengthens Fraud Risk Management in Banks  first appeared on Nangia & Co LLP.

What are the different Vulnerabilities found in Microsoft Products? 

Remote Code Execution via MSMQ: 

An attacker can exploit the flaw in Microsoft Message Queuing component (MSMQ) by sending a specially crafted malicious MSMQ packet to a server with the MSMQ service enabled. Successful exploitation allows the attacker to execute arbitrary code on the server which may leads to takeover of the system. This vulnerability highlights the critical security concern for CVE-2024-30080. 

Remote Code Execution via Outlook: 

An attacker can exploit this vulnerability in Microsoft Outlook by bypassing the registry block lists to create and load malicious DLL files, which can execute without user interaction if the auto-open email feature is enabled. The vulnerability arises from improper handling of certain registry keys related to DLL handling and can be triggered by opening a specially crafted email in the Preview Pane. This vulnerability highlights the critical security concern for CVE-2024-30103. 

The post Multiple remote code execution Vulnerabilities first appeared on Nangia & Co LLP.

 Comments on the Proposed Norms 

1. Stringency and Achievability  

• Proposed Norms 

o CAFE-III: 91.7 gCO2/km (2027-2032)  

o CAFE-IV: 70 gCO2/km (2032-2037)  

• Current Norms: CAFE-II (113 gCO2/km) 
• Global Comparison: 

o US (2024-2026): 40 miles per gallon (approximately 58 gCO2/km) (Center for Automotive Research).  

o EU (2021): 95 gCO2/km with further reductions planned (Wikipedia).  

• Feasibility in India: Achieving these targets will be challenging due to the current technological and infrastructural limitations in India. While the targets align well with global efforts to reduce emissions, the pace of technological adoption and infrastructure development in India may not be sufficient to meet these stringent norms within the proposed timeline.

1. Infrastructure Development 

• Current State: India’s EV infrastructure, including charging stations and service facilities, is underdeveloped compared to countries like the US and EU. Rapid and extensive investment is needed to support the widespread adoption of electric and hybrid vehicles required to meet the CAFE-III and CAFE-IV norms.  
• • Global Standards: Countries like Norway, which leads in EV adoption, have robust infrastructure and incentives for electric vehicles. The EU and the US are also significantly investing in EV infrastructure to support their stringent emission norms (Center for Automotive Research).  
•  Recommendation: To make the proposed norms achievable, India must prioritize the development of EV infrastructure, including expanding the network of charging stations and enhancing testing facilities 

The post Analysis of the Proposed CAFE – 3 and CAFE – 4 first appeared on Nangia & Co LLP.

A critical Remote Code Execution (RCE) vulnerability, CVE-2024-32002, has been identified in Git’s repository cloning process. This flaw allows attackers to exploit submodule configurations, executing arbitrary code during the clone operation without user intervention. As a result, malicious actors can gain control over the affected system, potentially installing malware or exfiltrating data. Developers cloning repositories from platforms like GitHub and GitLab are at heightened risk. Our Cyber Security Team has documented a detailed advisory outlining the vulnerability, associated risks and mitigation steps. 

What is the RCE Vulnerability while Cloning Git Repositories? 

A critical Remote Code Execution (RCE) vulnerability has been identified in the process of cloning Git repositories. This issue arises when repositories containing submodules are manipulated to exploit a flaw in Git, allowing files to be written not in the submodule’s work tree but directly into the “.git/” directory. This exploit causes a hook to execute during the cloning process, giving users no opportunity to inspect or interrupt the code execution. As a result, this vulnerability poses a significant security risk, as it enables automatic code execution without user verification. Malicious actors can leverage repositories with submodules to exploit this bug, leading to the execution of a hook from the “.git/” directory during the cloning process, and potentially resulting in Remote Code Execution (RCE). This type of attack is especially dangerous because it can provide attackers with control over the system, allowing them to run arbitrary code, install malware, or carry out other malicious actions without the user’s knowledge or consent. The RCE vulnerability while cloning Git repositories underscores the critical security concern identified as CVE-2024-32002. 

What is affected? 

Version prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 are affected 

The post Git clone Catastrophe: Unpatched Vulnerability first appeared on Nangia & Co LLP.

What is XZ Utils Backdoor Vulnerability? 

The CVE-2024-3094 vulnerability, also known as the xz supply chain attack, represents a significant security issue identified within the xz/liblzma package, beginning from version 5.6.0. This flaw involves the discovery of malicious code within the upstream tarballs of xz, posing a threat to the software supply chain, especially in opensource environments. Exploitation of this backdoor may potentially grant unauthorized entry and control over compromised systems.XZ Utils is a vital data compression tool widely integrated into Linux distributions. It is utilized in compressing diverse file types like release tarballs, software packages, kernel images, and initramfs images. 

Background of the Vulnerability: 

A Microsoft engineer involved in contributing to PostgreSQL projects encountered performance issues on a Debian system linked to SSH. These issues were characterized by heightened CPU usage during SSH logins and errors flagged by valgrind, a memory monitoring tool. Subsequent investigation uncovered that certain versions of the xz libraries contained malicious code, highlighting the significance of CVE-2024-3094 as a critical concern for Linux security.  

The post Supply Chain Attack Leads to Backdoor vulnerability  first appeared on Nangia & Co LLP.

What is “BatBadBut” Vulnerability 

The BatBadBut Vulnerability is a critical flaw affecting the handling of batch files (bat and cmd extensions) on Windows platforms across various programming languages/ technologies. It allows attackers to execute arbitrary shell commands by bypassing the escaping mechanism. This vulnerability may also affect the application that executes commands without specifying the file extension. 

Background of Vulnerability 

Flatt Security has discovered a critical vulnerability called BatBadBut “bad, but not the worst” that could allow attackers to inject malicious commands into Windows applications. The flaw, discovered by Flatt Security’s security engineer RyotaK, affects multiple programming languages. It was reported to the CERT Coordination Center and registered as CVE2024-24576 on GitHub with a severity score of 10.0. 

The post “BatBadBut” Bug Bites: Critical Windows Injection first appeared on Nangia & Co LLP.

• Every Company in India using accounting software  

• No exception for SMCs, banks or NBFCs, foreign or section 8 companies  

• Excludes where books are entirely maintained manually  

• • Applicable from April 1, 2023

Read More                                                                                                                                                                                                                                                                                                                 

The post What you ought to know about Audit Trail  first appeared on Nangia & Co LLP.