Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit - Forbidden Stories
Documents reveal how Israel seized files, suppressed information related to WhatsApp’s lawsuit against Pegasus spyware vendor NSO Amid a lawsuit pitting WhatsApp against the Israeli company NSO, the state of Israel ordered documents to be seized from the offices of the Pegasus spyware vendor Israel also emitted a gag order on the seizure to prevent further dissemination of the information * Leaked files from the Israeli Ministry of Justice accessed by Forbidden Stories suggest that the MoJ pushed for language in NSO court filings to be modified
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
On patch Tuesday last week, Microsoft released an update for CVE-2024-38112, which they said was being exploited in the wild. We at the Trend Micro Zero Day Initiative (ZDI) agree with them because that’s what we told them back in May when we detected this exploit in the wild and reported it to Microsoft. However, you may notice that no one from Trend or ZDI was acknowledged by Microsoft. This case has become a microcosm of the problems with coordinated vulnerability disclosure (CVD) as vendors push for coordinated disclosure from researchers but rarely practice any coordination regarding the fix. This lack of transparency from vendors often leaves researchers who practice CVD with more questions than answers.