Security Roundup August 2024

Darren Kewley
Darren Kewley
Technical Director
Published
30 August 2024
Share

August 2024: DDoS Attack During Musk’s Call with Trump, Telegram’s CEO Arrest in France, Microsoft to Host Conference on Windows Security Changes, and More!

DDoS Attack During Musk’s Call with Trump

On August 13th, X (Twitter) owner Elon Musk claimed the platform was a victim of a massive Distributed Denial of Service (DDoS) attack, just as the platform was about to host a highly-anticipated conversation between Musk and former US President Donald Trump in one of its live spaces.  

The interview with the Republican presidential nominee was due to begin at 20:00 EST (midnight GMT). However, many users took to X to complain they could not access the space. Musk said his team was working to combat the attack but did not provide further information. Musk claimed Twitter had stress-tested the platform earlier in preparation for the event with 8 million users. Still, only around 120,000 were able to join. The interview eventually went live at around 20:30 EST and lasted two hours. Musk said, “As this massive attack illustrates, there’s a lot of opposition to people just hearing what President Trump has to say,”.

Opinions on whether or not X was actually under attack are varied and usually depend upon the political views of the person giving their opinion. Twitter has suffered DDoS attacks in the past but has also faced capacity issues around significant political events, such as Ron DeSantis’s announcement to run as a presidential nominee on the platform.

In recent months, Elon Musk has been busy making enemies and prodding global elites on the platform in response to what he sees as attacks on freedom of expression. After the government’s response to recent riots, he went to war with British Prime Minister Sir Keir Starmer, even calling him ‘two-tier Keir’. Musk also mocked the EU Commissioner for the Internal Market, Thierry Breton, regarding a letter he sent to Musk warning him that his interview with the 45th President could ‘amplify harmful content’.

Telegram CEO Arrested in France

The CEO of the popular messaging app Telegram has been arrested in France. Pavel Durov was arrested when he landed in a private jet at Le Bourget Airport, just north of Paris.

Since then, French prosecutors have charged the Russian-born billionaire, who is a resident of the UAE but also has French citizenship, with charges including refusal to communicate with authorities and complicity in other offences relating to drug trafficking, cryptography and child sexual abuse material. Durov is now awaiting trial with bail set at €5 million, and he cannot leave France.

Telegram has over 900 million active users and is particularly popular in Iran, much of French-speaking Africa and Eastern Europe. Both Russian and Ukrainian sides have widely used the platform in the Russo-Ukraine war for information sharing, propaganda and open-source intelligence gathering (OSINT).

Telegram and Durov have been reluctant to hand over information and cooperate with law enforcement agencies. Durov grew up in the Soviet Union and sees himself as an advocate for free expression. Other high-profile free speech advocates and tech community members have voiced concern that Durov’s arrest may be part of a broader attempt to censor free expression on social media.

Microsoft to Host Conference on Windows Security Changes

On September 10th, Microsoft will host the Windows Endpoint Security Ecosystem Summit at its headquarters in Redmond. The summit has been arranged in the wake of July’s CrowdStrike outage, which brought over 8 million Windows devices offline. The summit will examine how Microsoft can implement better security and resiliency for its customers to avoid a similar incident. Vendors and other key partners, including Crowdstrike, will attend the summit.

Microsoft’s Corporate Vice President of Microsoft Windows and Devices, Aidan Marcuss, stated, “Our discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future.”

Most endpoint detection and response (EDR) solutions operate at the kernel level, which is the operating system’s core, to detect and respond to threats at lower levels in the system. However, the downside to applications having such access is that bugs or malicious activity in the software can potentially cause more damage. Kernel access is expected to be a central talking point at the summit and will likely be heavily debated. Attempts by Microsoft to restrict access to the Windows Vista kernel in 2006 received pushback from government regulators and cyber security vendors alike.

Some of This Month’s Vulnerabilities

Critical SonicWall Vulnerability

SonicWall has issued urgent security updates to fix a critical vulnerability in its firewalls, which, if exploited, could allow unauthorised access to the devices. The flaw tracked as CVE-2024-40766, with a CVSS score of 9.3, is caused by improper access control in SonicOS management access. If exploited, it could lead to unauthorised access and, under certain conditions, result in a firewall crash.

The vulnerability impacts SonicWall Gen 5 and Gen 6 firewalls and Gen 7 appliances running SonicOS version 7.0.1-5035 and earlier. The vendor has released patches for the affected versions and urges administrators to update them immediately.

Microsoft Patch Tuesday

This month’s security updates from Microsoft fix 85 vulnerabilities, including six actively exploited in the wild. As reported by our partners at CrowdStrike, six of the vulnerabilities are rated as critical, with the remainder rated as important or moderate.

One of the critical vulnerabilities that has been patched is CVE-2024-38063. This Windows TCP/IP stack flaw could allow an unauthenticated attacker to repeatedly send IPv6 packets, including specially crafted packets, to a Windows machine, enabling remote code execution.

WPML WordPress Plugin RCE

A critical vulnerability (CVSS 9.9) has been identified in the WPML multilingual plugin for WordPress sites. The plugin has over a million installs and is used on multilingual websites. In July, a researcher called Stealthcopter identified and submitted the flaw and received a bug bounty payment.

The plugin developers, OnTheGoSystems, have released WPML 4.6.13 to patch the vulnerability.

That’s all from August, see you next month! 

Need Advice?

If you need any advice on this issue or any other cyber security subjects, please contact Protos Networks.

Email: [email protected]
Tel: 0333 370 1353