March 23, 2024 - Red N Security

Weekly Cyber Security News
News Events and Information

Gathered from sources found on the web in the past seven days

Hello all,

It was a less eventful week for most of us with few major reveals and problems from the cyberverse. That is unless you installed Microsoft’s March update onto a Windows server. In that case you dealt with seemingly random server crashes until you removed the patch. On Friday Microsoft issued an emergency update which fixes the Local Security Authority Subsystem Service (LSASS) process memory leak that was the culprit. Other highlights include more Ivanti problems, hotel RFID key lock bypass, and fear over public utility compromise.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Atlassian, patched vulnerabilities in a number of their products, with at least one critical in their Bamboo Data Center and Server. Patches were issued for Bamboo, Bitbucket, Confluence and Jira. If you use this, check for updates.
Forta FileCatalyst, is a managed file transfer service that just received a patch. A Proof of Concept (PoC) already exists for this vulnerability that can allow for unauthenticated remote Code Execution (RCE), giving bad guys guidance on how to exploit this bug. Last year Forta had a hole in GoAnywhere through which at least 130 organizations were compromised. You know they’re watching for more places to exploit, don’t wait to patch.
Fortinet made a patch available for FortiClient Enterprise Management Server (EMS) software a little over a week ago. This critical RCE now has a PoC out, and CISA reports that attackers are actively exploiting the vulnerability.
Hotel RFID keycard locks by manufacturer Dormakaba, used to secure 3 million room doors, have been shown to be vulnerable to a relatively simple hack to gain access. Mitigations now exist, but every door lock must receive new programming, and new RFID cards must be used. So, it will be a while before this is fully deployed. Meanwhile, make sure you hide your valuables. That room safe is looking like a good extra measure right about now.
Ivanti has released updates for two additional products. This time they are for Standalone Sentry and Neurons for ITSM IT. Since threat actors are on high alert for Ivanti vulnerabilities lately, it would be wise to follow Ivanti’s advice and “act immediately”.
Public Anxiety mounts over critical infrastructure resilience to cyber attacks. This headline sounds a bit like those million-dollar governmental studies to determine if water is wet. If they are paying attention to the news the public has good reason to be concerned! The White House is urging operators of water and wastewater plants to increase security and warning of attacks, the FBI and CISA is warning about Chinese state sponsored hackers in every facet of our infrastructure, Semi-Truck worms exist that could disrupt our nation’s distribution lines, and we see Russia and Ukraine taking each other’s communications abilities out remotely. Yeah, we should be worried. And that’s the tip of the iceberg.
Tax Hackers, here’s your Public Service Announcement (PSA). In the USA, we are in the midst of tax season, scammers are rampant in their phishing efforts, and more, to separate you from your money and to steal your data. Don’t give them and easy inroad, remain vigilant.

In Ransomware, Malware, and Vulnerabilities News:

US Warns of Cyberattacks, and the next link, Making Sense of Operational Technology Attacks, give a good glimpse of the next stages of cyberwarfare that could come to our side of the pond soon. We need to be aware and prepared.
Pwn2Own in Vancouver concluded this week. There were 29 new zero-days utilized in the attacks. Companies will have 90 days to release patches for them, and then the exploits will be unleased like a plague on the masses.
Truck to Truck Worm. As if the other infrastructure vulnerabilities weren’t enough, some boffins figured out how to utilize Electronic Logging Devices (ELDs) required in US commercial trucks to affect the systems of those trucks to cause disruptions and even disable the trucks. What’s worse, is they figured out how to turn it into a worm that can travel from truck to truck via Wi-Fi and Bluetooth via literal drive-by attacks.

In Other News Events of Note and Interest:

Apple has launched an all-in-one manual and downloads site. Just in time to hopefully warn you away from macOS Sonoma 14.4. Apparently, this version doesn’t play nice with USB Hubs, USB printers, Oracle Java, and Apple’s own iCloud storage.

In Cyber Insurance News:

New Regulations Make D&O Insurance a Must for CISOs, due to the increasing liability placed on CISOs, this article posits that CISOs should have insurance coverage to protect them.

This week’s news showcased, to some degree, the amount of potential damage that could be done to critical infrastructure by determined evil people. Perhaps it is time to bring back the concept of “victory gardens”, a popular idea from World War II. And it would be good for today’s kids to know that food doesn’t come from a grocery store, it comes from hard work, tilling the ground. Our world is incredibly interdependent and if our infrastructure and ability to distribute goods and produce are disrupted, we will be in a world of hurt. However, just as in WWII, we do have a massive army that is tirelessly working to repel evil and secure our future. Thank you cyber-warriors for your dedicated and sacrificial work!

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Other News Events of Note and Interest