The Ministry of Industry and Information Technology will jointly launch the AI face-changing fraud risk warning function, which can be operated locally on mobile phones.

• is Google Pixel no longer secure? Millions of mobile phone users face the risk of privacy disclosure

74% of CISO think human error is the biggest threat to network security

68% of British enterprises have begun to develop deep forged threat response plans.

• A serious WPS Office remote code execution vulnerability or has been exploited

• Microsoft Entra ID serious security flaws allow attackers to easily bypass authentication

• Oracle NetSuite configuration errors or leakage of thousands of website customer data

• SolarWinds releases emergency RCE vulnerability security updates

china Mobile plans to purchase more than 2,000 intrusion prevention devices, with a maximum amount of 96.68 million yuan.

• Tianrongxin releases next-generation WAAP comprehensive solution

According to CCTV, in order to cope with the security challenges brought by AI deep forgery technology, the anti-fraud work class of the Ministry of Industry and Information Technology recently announced an important measure-to jointly launch the AI face-changing fraud risk warning function with mobile phone terminal enterprises, it aims to protect users from such high-tech fraud from the source. The function is currently in the testing stage, and its core highlight is that it can run locally on the user's mobile phone without uploading any personal information to the cloud, thus ensuring that while cracking down on fraud crimes, respect and maintain the security of user data.

Li Kun, an expert in the anti-fraud work class of the Ministry of Industry and Information Technology, emphasized when introducing this function: "With the popularization of AI face-changing technology, there are frequent cases of fraudsters using this technology to forge identities and carry out fraud, it has seriously threatened the property safety of the people. Therefore, we urgently need an efficient and convenient preventive measure to deal with this new type of fraud. The launch of the AI face-changing fraud risk warning function is based on such background and needs."

in practical applications, this function will be automatically started after user authorization. When a user is making a video call, if the system detects that the other party may have AI face-changing signs, a risk warning message will pop up immediately on the screen, such as "the other party is suspected to have a fake identity". Users only need to tap the detection button, the system will quickly scan and analyze the image, and give the evaluation results of AI face-to-face synthesis probability, such as "AI face-to-face synthesis probability 93%", this helps users quickly identify fraud risks.

Original link:

https://mp.weixin.qq.com/s/-b1Yr7XRU5jVvysjHdtYhg

Is Google Pixel no longer secure? Millions of mobile phone users face the risk of privacy disclosure

recently, Pixel mobile phones with security as their core feature have been questioned for failing to solve a key security defect problem in time. The Android flaw was discovered in May 2023 by researchers from iVerify, a mobile device security company. This defect is related to the pre-installed application software package named "Showcase.apk" and has been existing in Google Pixel smartphone series since September 2017. Showcase is developed by Smith Micro for Verizon and is specially designed for displaying and demonstrating smartphones in a retail environment.

Because this is a system-level defect, users are invisible, but have higher permissions and deeper system access rights, including remote code execution and remote software installation, and download the configuration file through an unencrypted HTTP network connection. Attackers may use this flaw to hijack the unencrypted HTTP connection, control the Showcase application, and then control the entire device.

A Google spokesman said that no evidence of active use has been found and promised to remove Showcase from all supported Pixel devices through software updates in the next few weeks. Google also stressed that the application does not exist in the newly released Pixel 9 series devices.

Original link:

https://www.wired.com/story/google-android-pixel-showcase-vulnerability/

74% of CISO think human error is the biggest threat to network security

human error has become the most concerned network security risk for chief information security officers (CISO). Proofpoint recently released the 2024 CISO Voice report data, 74% of CISO believe that human error is the biggest threat to network security, this proportion is significantly higher than last year's 60%. In addition, the survey also revealed that there is a gap between CISO and the board of directors in the cognition of human error risk. Nearly 63% of the board members believe that human error is the primary threat to network security.

The survey results show that the main cause of data loss is closely related to employee behavior. 42% of the interviewees believe that the negligence and carelessness of internal employees are the primary causes of data leakage, and other causes include malicious or criminal internal personnel (36%), stolen employee credentials (33%), lost or stolen equipment (28%).

In order to effectively reduce the network security risks caused by human errors, organizations need to take active security measures such as using AI tools, providing continuous staff training and creating a network security culture.

Original link:

https://securityintelligence.com/articles/cisos-list-human-error-top-cybersecurity-risk/

68 percent of British enterprises begin to develop deep forged threat response plans

recently, the serious threat posed by deep forgery attacks to enterprises has aroused widespread concern. According to the recently released GetApp 2024 senior management network security survey, 68% of the enterprises interviewed in Britain have formulated deep forgery response plans to cope with the sharp increase in social engineering attacks driven by artificial intelligence.

The survey also found that more than two thirds of employees need to use biometric technology in the workplace. Although 92% of the interviewees believe that the safety measures used are effective, their trust in these systems is declining. Nearly 30% of British interviewees are worried that AI may be used for biometric identity fraud, while 42% are worried that the use of biometric authentication may lead to identity theft.

In addition, according to Medius's research, nearly two thirds of financial professionals have encountered deep fraud, and 44% have indeed been cheated. ISMSonline research found that nearly one-third of British enterprises have encountered deep pseudo-security problems, mainly through commercial email fraud.

The GetApp report suggests that attention should be paid to possible dark and pseudo signs in videos, such as "shaking" body movements, blurred facial features, unnatural eye movements, abnormal color or inconsistent audio. In addition, requiring the other party to turn his head 90 ° to show his side face may also help to identify deep and pseudo videos.

Original link:

https://www.itpro.com/security/deepfake-attacks-are-prompting-drastic-security-changes-at-enterprises

A serious WPS Office remote code execution vulnerability or has been exploited

recently, WPS Office has been exposed to two serious vulnerabilities that may be used by attackers to execute remote code attacks. These vulnerabilities are identified as CVE-2024-7262 and CVE-2024-7263 with a CVSS score of 9.3.

These vulnerabilities were found in the promecefpluginhost.exe component of WPS Office, involving versions 12.2.0.13110 to 12.2.0.13489(CVE-2024-7262) and 12.2.0.13110 to 12.2.0.17153(CVE-2024-7263). Both vulnerabilities are caused by improper path verification, allowing attackers to load and execute any Windows library. The CVE-2024-7262 vulnerability lies in how the promecefpluginhost.exe process verifies the file path. Attackers can lure users to open a deceptive spreadsheet document to load malicious Windows libraries and execute arbitrary code on the victim's machine, resulting in data theft, ransomware attacks, or further system compromise. CVE-2024-7263 affects versions earlier than 12.2.0.17153 (not included). Because an additional parameter was ignored and not cleaned in the original fix, attackers are allowed to load any Windows library and bypass the initial security measures implemented by Kingsoft.

ESET's security researchers found that the current CVE-2024-7262 has been exploited by attackers in the field, and malicious actors have distributed deceptive spreadsheet documents to trigger the vulnerability. Kingsoft has released a patch of version 12.2.0.16909 to fix CVE-2024-7262. It is recommended that all WPS Office users update the software to the latest version (12.2.0.17153 or later) as soon as possible.

Original link:

securityonline.info/wps-office-vulnerabilities-expose-200-million-users-cve-2024-7262-exploited-in-the-wild/

Microsoft Entra ID security flaws allow attackers to easily bypass authentication

recently, researchers have discovered a method to manipulate the credential verification process in the Microsoft Entra ID identity environment with security flaws. Attackers can use this method to bypass identity verification in the hybrid identity infrastructure. This attack mainly affects organizations that synchronize multiple local Active Directory domains to a single Azure tenant, causing serious security risks, including unauthorized access and potential data leakage.

This attack requires obtaining the administrator access permission of the server hosting the pass-through authentication (PTA) proxy. The PTA proxy allows you to log on to the cloud service using a local Microsoft Entra ID (formerly known as Azure Active Directory) credential and use this access permission to log on to the cloud service as an Entra ID user in different regions, no separate authentication is required. This security flaw makes the PTA proxy become a dual proxy. Attackers can log on as any synchronized AD user without knowing the actual password.

The core problem of this defect is that PTA agents sometimes make errors when handling authentication requests in different regions. When a user attempts to log on to the Entra ID, the password verification request is placed in the service queue and retrieved by any available PTA proxy. Sometimes, the PTA agent will incorrectly retrieve the user name and password from different local regions and try to verify with its Windows Server AD, resulting in identity authentication failure.

Original link:

https://www.darkreading.com/application-security/unfixed-microsoft-entra-id-authentication-bypass-threatens-hybrid-clouds

Oracle NetSuite configuration errors or leakage of thousands of website customer data

A few days ago, a research by AppOmni, a security provider, revealed that Oracle's NetSuite SuiteCommerce product had configuration errors, which may lead to customer data leakage on thousands of commercial websites.

NetSuite SuiteCommerce is a business platform that integrates e-commerce, POS (point of sale) and back-end systems. This problem is not due to the security vulnerabilities of SuiteCommerce itself, but due to the defects in the configuration methods of these websites. Because many organizations that use NetSuite do not plan to deploy the functions of commercial stores, they do not know that the instances they purchase are pre-deployed with publicly accessible inventory websites by default. In addition, many websites have defects in API calls, allowing unauthorized users to extract customer records. These enable threat actors to obtain user records by creating HTML requests, including address information and contact details.

Moreover, it may be difficult for many customers to perceive that their websites have been exploited by threat actors, because in many cases it is very difficult to obtain log information. Researchers suggest that if organizations suspect that they may be victims of similar attacks, they should contact NetSuite as soon as possible for support and request raw log data.

Original link:

https://www.scmagazine.com/news/thousands-of-oracle-netsuite-sites-said-to-be-exposing-customer-data

SolarWinds releases emergency RCE vulnerability security updates

recently, SolarWinds issued an emergency notice reminding its customers to fix the key vulnerabilities found in the Web Help Desk platform. The serial number is CVE-2024-28986, and the CVSS v3 score is as high as 9.8. Researchers pointed out that if the vulnerability is not fixed in time, attackers may exploit the vulnerability to execute arbitrary commands on the affected hosts.

According to reports, the vulnerability is a Java deserialization remote code execution (RCE) defect, which was initially discovered by Inmarsat Government researchers. Although the vulnerability is marked as an unauthenticated vulnerability, SolarWinds said in the announcement that the vulnerability could not be reproduced without authentication after thorough testing. This means that attackers may need to obtain certain access rights to interview and launch attacks, but there are still potential security risks.

SolarWinds recommends that all versions of Web Help Desk should be upgraded to version 12.8.3 and hot fixes should be installed to ensure system security.

Original link:

https://www.darkreading.com/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch

China Mobile plans to purchase more than 2,000 intrusion prevention devices, with a maximum amount of 96.68 million yuan.

On August 17th, China Mobile released "China Mobile's centralized procurement project of intrusion prevention equipment (IPS) from 2024 to 2026_bidding announcement", involving a Maximum Purchase Amount of 96.68 million yuan.

According to the bidding announcement, the total number of intrusion prevention devices (IPS) purchased this time is 2018, of which 695 are equipped with 1(100g) and 1131 are equipped with 2(40g), classic with 3(20g) 192 sets.

This project adopts mixed bidding and is divided into two bidding packages. The specific bidding packages are divided as follows:

bid package 1: 100g standard allocation, the highest bid price is 67.5401 million yuan (total price excluding tax), select 2 suppliers to win the bid;

bid package 2: 40g and 20g standard allocation, the highest bid price is 29.1426 million yuan (total price excluding tax), select 2 to 3 suppliers to win the bid.

The corresponding shares of each winning bidder are as follows: if three suppliers win the bid, the winning shares are: the first 50%, the second 27%, the third 23%; If two suppliers win the bid, the bid-winning shares are: 70% for the first place and 30% for the second place. This project allows tenderers to win a bid at the same time with a maximum of 2 bid packages.

Original link:

https:// B2B .10086.cn/#/noticeDetail? publishId=1824735427896606721&publishUuid=9c51a4a3a94045539529e1e31d992be0&publishType=PROCUREMENT&publishOneType=PROCUREMENT

tianrongxin releases next-generation WAAP comprehensive solution

A few days ago, tianrongxin released a new-generation WAAP comprehensive solution, which aims to integrate four major application security capabilities, quickly detect Web vulnerabilities, accurately control security risks, and comprehensively protect customer application security.

According to introduction, the scheme has four aspects of secure application capabilities:

• first, integrate the three mechanisms of prevention, disposal, recovery and rectification in traditional WAF functions to strengthen WAF protection capabilities;

  
  

• the second is to provide five capabilities, namely, API compliance detection, API threat protection, API access control, API protection and throttling, and API dynamic learning, to build a strong protection line for API security;

  
  

• third, it integrates BOT recognition and control capabilities such as brute-force cracking, scanner protection, crawler protection, and man-machine verification. It uses the mechanism that the scanner cannot handle JS responses to intelligently identify malicious BOT traffic;

  
  

• fourthly, relying on the intelligent traffic learning mode of tianrongxin, a customized traffic cleaning policy is generated based on the customer's on-site environment to provide DDoS traffic cleaning capability at the application layer, with the help of HTTP slow Attack Check and unique URL access ratio monitoring technology, various DDoS attacks against application sites are effectively alleviated.

The relevant person in charge of tianrongxin said that WAAP comprehensive solutions are the trend of application security development. Application Security, API security, the deep integration of BOT management requirements and anti-DDoS defense capabilities will effectively improve the application security protection capabilities of customers and build a more complete application security defense system.

Original link:

https://mp.weixin.qq.com/s/wJNQ0dfuxyrc_m1J2TlUzQ