Featured Story
Unpatched Active Directory Flaw Can Crash Any Microsoft Server
CVE-2024-49113 affects Microsoft’s Lightweight Directory Access Protocol (LDAP) and can crash unpatched Windows servers, including domain controllers with internet-connected DNS. Although patched in December 2024, many systems remain vulnerable. Proof-of-concept code has been released, increasing the risk of exploitation.
This flaw allows direct targeting of domain controllers, putting entire infrastructures at risk. Even without current active exploitation, organizations should patch immediately and monitor for signs of LDAP abuse. Use firewall rules and detection signatures to limit exposure while patching.
Other Stories
New Details Reveal How Hackers Hijacked 35 Google Chrome Extensions
Attackers hijacked 35 popular Chrome extensions, including one from Cyberhaven, via a phishing campaign that tricked developers into authorizing a malicious OAuth app. This app allowed injection of data-stealing code targeting Facebook accounts. Over 2.6 million users were affected.
This was a highly targeted developer attack. We recommend checking for the known attacker domains:
- supportchromestore.com
- forextensions.com
- chromeforextension.com
If affected, review Chrome extension lists and educate users on phishing awareness. Our SOC can assist with awareness campaigns and detection.
New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections
The « DoubleClickjacking » vulnerability uses a timing trick to bypass protections like X-Frame-Options and SameSite cookies. By manipulating users into a rapid double-click, attackers can approve OAuth permissions or perform other sensitive actions unknowingly.
Traditional web defenses don’t fully mitigate this method. Consider adding behavioral protections like additional gesture or keyboard checks. WAF rules for abnormal redirections or double-click patterns can also help defend against this class of attack.
Critical Deadline: Update Old .NET Domains Before January 7, 2025
Microsoft is retiring Edgio-based CDN domains used for .NET downloads. Systems still relying on dotnetcli.azureedge.net or dotnetbuilds.azureedge.net must migrate to new Azure Front Door domains by January 7 or risk service disruptions after January 15, 2025.
This is more of an operational than security issue, but ignoring it could result in software outages or failed builds. Review infrastructure scripts, CI/CD pipelines, and deployment tools for outdated references and prepare for the domain migration.
Contact the Approach Cyber SOC team for tailored support and training programs.
