Security Alert: Edge Password Vulnerability, SSL Certificate Rotation, and Daemon Tools Backdoor Highlighted in Weekly Update
AI-generated from multiple sources. Verify before acting on this reporting.
JACKSONVILLE, Fla. (AP) — The SANS Internet Storm Center issued a security advisory Tuesday detailing critical vulnerabilities in Microsoft Edge, a major certificate authority update from SSL.com, and a backdoor discovered in popular disk imaging software.
The weekly update, released from the organization's headquarters in Jacksonville, addresses three distinct cybersecurity issues requiring immediate attention from enterprise and individual users. The most pressing concern involves Microsoft Edge, which was found to store decrypted passwords in system memory, potentially exposing sensitive credentials to malicious actors with local access.
Security researchers identified that the browser retains unencrypted authentication data in volatile memory during active sessions. While the data is not stored on disk, the exposure in memory allows attackers who have already compromised a system to extract login information for various websites and services. Microsoft has acknowledged the issue and is working on a patch to mitigate the risk.
In a separate development, SSL.com announced a scheduled rotation of its root certificate. The certificate authority stated the change is part of routine infrastructure maintenance designed to enhance security protocols and ensure compliance with evolving industry standards. Users relying on SSL.com certificates for website encryption and digital signatures are advised to update their trust stores to prevent potential service interruptions.
The advisory also highlighted a backdoor discovered in Daemon Tools, a widely used software utility for creating and managing virtual optical drives. The vulnerability allows unauthorized remote access to systems where the software is installed. The backdoor was embedded within a recent update, raising concerns about the integrity of the software supply chain. Developers of Daemon Tools have issued an emergency patch and urged users to update immediately.
The SANS Internet Storm Center emphasized that these issues represent a diverse range of threats, from browser security flaws to infrastructure changes and supply chain compromises. The organization recommended that organizations conduct immediate audits of their systems to identify exposure to these vulnerabilities.
Cybersecurity experts note that the convergence of these issues underscores the complexity of the current threat landscape. The memory exposure in Edge requires users to remain vigilant even after applying patches, as the fundamental architecture of the browser may require significant changes. The SSL.com rotation, while planned, necessitates careful coordination across global networks to ensure seamless transitions.
Questions remain regarding the origin of the Daemon Tools backdoor and whether other software packages may be similarly compromised. Security analysts are investigating the timeline of the vulnerability's introduction and the potential scope of the breach. As of Tuesday, no specific threat actors have been identified in connection with the backdoor.
The SANS Internet Storm Center will continue to monitor the situation and provide updates as new information becomes available. Users are advised to follow official guidance from Microsoft, SSL.com, and Daemon Tools to ensure their systems remain secure.