Critical 7-Zip Flaw Needs Manual Update Now

January 23, 2025January 23, 2025

Critical Flaw in 7-Zip File Archiver Exposes Windows Users to Malware Risks

A recent security advisory has uncovered a significant vulnerability in the widely used 7-Zip open-source file archiver tool, posing serious risks for Windows users. This flaw, tracked as CVE-2025-0411, allows cyber attackers to create archives that can bypass crucial Windows security warnings, potentially leading unsuspecting victims to inadvertently launch malware. With a high Common Vulnerability Scoring System (CVSS) score of 7.0, the urgency for users to update their software is paramount.

Understanding the 7-Zip Vulnerability

7-Zip, a popular free file archiving software with approximately 14,000 weekly downloads from users predominantly in the United States, has been a trusted tool since its inception. The application implements a Windows security feature known as the Mark of the Web (MotW), which was integrated starting with version 22.00 in June 2022. This feature labels files from downloaded archives as potentially unsafe, prompting users with a security warning whenever they attempt to open a flagged file.

How Attackers Exploit the Flaw

Bypassing Security Warnings: Attackers can exploit this vulnerability by creating archives that do not apply the MotW to certain files. Consequently, when users extract these files, they receive no security warnings, increasing the risk of executing malicious software.
Nested Archives: The flaw arises particularly from the "Zone.Identifier" stream not propagating for files contained within nested archives, as noted by 7-Zip developer Igor Pavlov in the release notes for version 24.09.

Important Security Measures

To mitigate the risks associated with this vulnerability, users must take immediate action:

Update 7-Zip: Users should manually install 7-Zip version 24.09, which was released on November 30, 2024, to address the flaw. Notably, 7-Zip does not update automatically, making manual installation essential.
Stay Informed: Cybersecurity experts recommend staying updated on vulnerabilities related to software tools frequently used for file compression and extraction.

Historical Context

This is not the first time that vulnerabilities have allowed attackers to bypass MotW warnings. In October 2022, a Windows flaw prevented files extracted from internet-downloaded ZIP archives from being labeled with the MotW, which was addressed through an unofficial patch by 0patch. Similarly, another flaw involving malformed Authenticode signatures was exploited in a Magniber ransomware campaign, further highlighting the need for vigilance among users.

For more information on cybersecurity best practices, consider reading additional resources on Trend Micro’s website and Cyber Risk Alliance.

Stay Safe Online

In conclusion, it is crucial for users of 7-Zip and similar software to remain aware of potential vulnerabilities and act swiftly to protect their systems. By updating to the latest version and exercising caution with downloaded files, users can significantly reduce their risk of malware infection. We encourage readers to share their thoughts on this vulnerability and explore related articles to enhance their cybersecurity knowledge.

MGM Resorts Settles Data Breach Lawsuits for $45M

January 30, 2025January 30, 2025

MGM Resorts has reached a $45 million settlement over class action lawsuits related to significant data breaches affecting over 37 million customers. Finalized on January 21, the settlement awaits federal court approval by June 18. The breaches included a 2019 incident where sensitive customer information was stolen and posted online, and a 2023 ransomware attack that disrupted operations and led to over $100 million in losses. Approximately 30% of the settlement will cover legal fees, with affected customers potentially receiving up to $75 each. The incidents highlight the critical need for enhanced data security in the hospitality sector.

Critical ProjectSend Flaw Under Exploitation: Act Now!

December 1, 2024December 1, 2024

A critical security vulnerability, CVE-2024-11680, has been identified in the open-source file-sharing application ProjectSend, with a high CVSS score of 9.8. Initially patched in May 2023, the official fix was released only in August 2024, prompting urgent updates from users. The flaw allows attackers to execute malicious code on vulnerable servers, enabling unauthorized actions such as activating user registration features. Active exploitation attempts began in September 2024, targeting publicly accessible servers. Currently, only 1% of approximately 4,000 exposed servers are updated. Users must apply the latest patches immediately to prevent significant security breaches.

Is Your Software Development Lifecycle a Toxic Time Bomb?

December 18, 2024December 18, 2024

The concept of “toxic interactions” in Software Development Lifecycle (SDLC) security, highlighted by Wiz Security, refers to new vulnerabilities arising from the convergence of various issues. These interactions occur when human actions and machine processes collide, often due to misconfigurations, excessive developer permissions, and vulnerabilities in code. The recent EmeraldWhale breach exemplifies these risks, emphasizing the need for integrated security measures. To combat these threats, organizations should implement identity governance, secure tool configurations, enhance code security, and adopt a multi-layered defense approach. A comprehensive strategy is essential for safeguarding the development pipeline and fostering innovation.

Industry Groups Urge Federal Action on Data Privacy Law

Wacom Customer Data May Have Been Breached

January 31, 2025January 31, 2025

Wacom has announced a data breach affecting its online store, potentially compromising customers’ personal and credit card information between November 28, 2024, and January 8, 2025. While specific details about the number of affected individuals are unclear, Wacom confirmed it has addressed the security issue. Experts link the breach to the CosmicSting XML external entity vulnerability (CVE-2024-34102) in Magento. Affected customers are advised to monitor their credit card statements for unauthorized transactions, report suspicious charges, and set up fraud alerts. Wacom is investigating the breach further and encourages customers to stay vigilant regarding their data security.

AI Red Teaming Joins Bug Bounty Programs – Michiel Prins

January 27, 2025January 27, 2025

AI red teaming is transforming bug bounty programs by enhancing the identification and mitigation of security vulnerabilities. This approach utilizes artificial intelligence to simulate cyberattacks, enabling organizations to effectively assess their security posture. Key benefits include improved accuracy in spotting vulnerabilities, quicker threat identification, and cost savings by reducing manual testing. Techniques like behavioral analysis, automated scanning, and predictive analytics are employed to bolster cybersecurity efforts. As the landscape of cyber threats evolves, the integration of AI red teaming is expected to become standard in bug bounties, equipping organizations to better protect their assets against attacks.

Real-World Vulnerability Prioritization – PSW #858

January 24, 2025January 24, 2025

Vulnerability prioritization has become essential in cybersecurity management due to the daily emergence of numerous threats. This process involves assessing and ranking vulnerabilities based on their potential impact, allowing teams to allocate resources effectively and mitigate risks. Key highlights from the PSW #858 podcast include the importance of risk assessment frameworks, the use of automation tools for scanning and reporting, and the necessity of continuous monitoring to address new vulnerabilities. By prioritizing critical threats, organizations can enhance operational efficiency and significantly reduce the risk of security breaches, thereby ensuring robust protection of their data and systems.