So what’s being exploited?

Topic

New Reply

Ever wonder what’s REALLY being exploited? The government publishes a web site that lists known exploited vulnerabilities.  I like to keep an eye on i
[See the full post at: So what’s being exploited?]

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

Noel Carboni, JD, Norio, lmacri, Alex5723

Reply | Quote

Replies

I use Chrome (beta) as my default browser yet have Edge, portable Firefox esr, portable Brave on my system.
I find myself using the other browsers, not from (in)security reasons, but when Chrome fail to operate properly on some site.

Reply | Quote

I would be most interested in trying Brave, but hear that the installed version is difficult to cleanly uninstall.

You indicate that you use a portable version of Brave.  Would much appreciate knowing your source for the portable version.  The Older Geeks version doesn’t reference portable and appears to be an installed version.

Many thanks!

Reply | Quote

Brave is good, but you need to keep in mind – just as with (the also good) site and script blocking uBlock and uMatrix add-ons – that sometimes it might block things that break your web pages.

I always figure that if a site requires me to allow things I don’t otherwise want to allow, there’s sure a heckuva lot of other good stuff out there to browse…

-Noel

Reply | Quote

I quickly looked at CISA’s the https://www.cisa.gov/known-exploited-vulnerabilities-catalog and very near the top of the list was CVE-2024-30088 for a Windows kernel vulnerability.  Maybe I don’t understand the dating system being used, but the item had a Date Added of 2024-10-15 and a Due Date of 2024-11-05.

But when I look at https://www.cve.org/CVERecord?id=CVE-2024-30088 it was first published on 6/11/2024!!!.  And Microsoft remediated the vulnerability with June updates according to https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30088.

It sure makes me wonder about the accuracy of the CISA’s catalog.

Reply | Quote

I think the message is that federal agencies were very slow to patch critical vulnerabilities, so now they get an extra push to take care of those which are being actively exploited:

In 2015, CISA—then named the National Protection and Programs Directorate—determined the amount of time it took federal agencies to remediate the vulnerabilities that affected them—sometimes 200-300 days—was a significant risk. In response, CISA issued BOD 15-01 requiring federal agencies to fix or resolve known “critical risk” vulnerabilities detected on their systems within 30 days. Although agencies vastly improved in this area, four years later CISA found it necessary to issue another directive, BOD 19-02, requiring agencies to mitigate “critical risk” vulnerabilities within 15 days. BOD 19 02 also required agencies to resolve “high risk” vulnerabilities within 30 days.
…
On November 3, 2021, CISA issued BOD 22-01, changing CISA’s strategy of vulnerability management for federal agencies. Instead of only focusing on vulnerabilities that carry a specific CVSS score, CISA is targeting vulnerabilities for remediation that have known exploits and are being actively exploited by malicious cyber actors. Also, rather than issue individual Emergency Directives for each vulnerability of concern, BOD 22-01 institutes a mechanism that:

• Establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise; and
• Requires federal civilian agencies to remediate these vulnerabilities within a more aggressive timeline.

BOD 22-01 drives federal agencies to mitigate the vulnerabilities on their networks that are most likely to result in a damaging intrusion, sends a clear message to all organizations across the country to focus remediation efforts on the subset of vulnerabilities that are causing harm now, and enables CISA to provide continuous prioritization of vulnerabilities based on our understanding of adversary activity.

Reducing the Significant Risk of Known Exploited Vulnerabilities

1 user thanked author for this post.

WCHS

Reply | Quote

I’d suggest also checking CISA’s Cybersecurity Alerts & Advisories page (I view it at least weekly) as it covers a lot more subjects than just “known exploited vulnerabilities“.

Note: it’ll also include a notice whenever they add a new vulnerability to the “known exploited” list.

1 user thanked author for this post.

Norio

Reply | Quote

KWGuy wrote:

but hear that the installed version is difficult to cleanly uninstall.

It is not difficult to uninstall when using 3rd party free uninstaller like GeekUninstall, Revo uninstaller, HiBit Uninstaller.

KWGuy wrote:

Would much appreciate knowing your source for the portable version

This is the source : https://github.com/brave/brave-browser/releases (scroll and find Release versions).
I run the portable release version Release v1.71.113

Click on the Release version and you will get list of downloads.

Example ;

Try https://github.com/brave/brave-browser/releases/tag/v1.71.113

As it is portable app you can just delete the folder. No uninstall needed.

1 user thanked author for this post.

KWGuy

Reply | Quote

Was reading a linked article earlier today posted by ronjor over on Wilders Security Forums that may be beneficial to this thread as a reminder to plug security holes ANYWHERE on or within an OS.

The article by Stu Sjouwerman contains descriptions of various underrated phishing techniques that’s worth a read.

Techniques, methodology and detail are becoming far more complex and plausible these days..especially when AI is being used to take advantage of the unsuspecting.

Amoungst others, ‘Content Injection Attacks’ caught my eye and ties directly into the ‘exploited vulnerabilities’ not only for browsers but, across software, devices, applications and websites in general..

Windows - commercial by definition and now function...

Reply | Quote

I think the link to the CVE is incorrect. I believe it should be https://www.cve.org/CVERecord?id=CVE-2024-9680. The link has the CVE listed double.

Win 10 ver. 22H2 x64

1 user thanked author for this post.

b

Reply | Quote

The subject of this thread touched a nerve. Under my tin foil hat? You be the judge.

Y’know what’s never been exploited, at least not by malware authors?

Spectre. Meltdown. Remember those?

Wait… Why did I say “at least not by malware authors?” DID someone exploit them? IMO, none other than those who would seek to herd users into action by nipping at their heels in the name of “security”.

As far as anyone knows, including the site linked above, the Spectre and Meltdown “vulnerabilities” – which if you recall came with their own marketing campaigns and cute little icons – were never exploited in the traditional sense in the wild.

In the name of security certain hardware makers wanted – needed – to publicize a sensational story, perhaps something to push us off our beloved computers that were still fast enough, running a perfectly good Windows 7 OS, a year or two sooner.

Here we are almost 7 years later and every subsequent Windows installation out-of-the-box suffers from performance hits and additional energy usage because of architectural changes that seek to avert software that might seek to break through barriers and steal information. In theory.

You might say the mitigations have been very successful. No lost secrets, right? Those who stood to benefit by making all our CPUs suddenly seem sluggish likely do think it was successful. How many millions of users bought new computers or updated their OS sooner? How much money and materials and energy have been wasted?

What’s being exploited, indeed!

For those curious and with a few minutes to spare, you might want to take some time to google a tool called InSpectre by Gibson Research. Try switching the Windows OS mitigations off and on. Do benchmarks. Do things before and after on your user interface and with your disks that are intensive, and you may notice those performance differences. Make your own choices about how to leave the settings, bearing in mind that those actual engineers who were made to implement the performance-robbing changes left a clear and direct way to turn them off.

Security probably should not be a marketing lever.

-Noel

4 users thanked author for this post.

Cybertooth, PKCano, satrow, samak

Reply | Quote

Noel Carboni wrote:

What’s being exploited, indeed!

@Noel Carboni, Very interesting observation.  Maybe the question should be who, not what?

Reply | Quote

Thanks Noel. I’ve always appreciated your articulate opinions and insights (whether others agreed with them or not) and missed them when you went AWOL for a while. I hope we see more of them.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

2 users thanked author for this post.

satrow, windbg

Reply | Quote