April 13, 2024 - Red N Security

Weekly Cyber Security News
News Events and Information

Gathered from sources found on the web in the past seven days

Hello all,

Patch Palooza was how the program director dubbed the web show I participated in on Friday where we discussed the flood of patches this week brought. Microsoft unleashed patches to plug 150 vulnerabilities, two of which are zero-days. Not to be outdone, Adobe, Apple, Fortinet, LG, Palo Alto, Siemens, Schneider Electric, Telegram and more released a massive tsunami of patches, with a good sprinkling of zero-day icebergs thrown into the flood, all of which need to be prioritized and addressed. And the rest of the cyber-world did not sit still, there’s plenty of other news items from this week, so let’s get to them.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Adobe released patches for a large number of their products this week. If you use Adobe’s stuff, check for updates and apply them soon.
Apple started notifying people in 92 different countries recently about spyware attacks against their devices. Make sure you keep your iProducts updated and use the appropriate security practices while in use.
Fortinet has issued critical patches for FortiOS, FortiProxy, FortiClientMac, FortiSandbox, and more. One is a particularly nasty critical-severity (RCE) bug in FortiClientLinux. Patch now.
Industrial Control giants Siemens and Scheider Electric both released a plethora of patches and alerts. Siemens warned about, Telecontrol Server Basic, Scalance W1750D access points, Ruggedcom APE1808, Simatic S7-100, Sinec NMS, Parasolid, and Simatic WinCC products. It should be noted that some of the Siemens’ products only have workarounds, and some of the patches are actually for embedded Palo Alto (More on them in a moment). And Schneider Electric issued an update for their Easergy Studio product.
Microsoft… I thought things were supposed to be getting better, why was this the largest Patch Tuesday since 2017, and possibly ever?! There were patches for 67 Remote Code Execution vulnerabilities, and among the 150 flaws there were two zero-days that were addressed. One was for a SmartScreen Prompt Security Feature Bypass, and the other for a Proxy Driver Spoofing Vulnerability. There is too much from Microsoft to describe effectively, and it would be redundant since there are many excellent publications out there that already perform this function admirably. Do avail yourself of those reports, but don’t delay. The bad guys are already working and figuring out how to exploit the new reveals.
Palo Alto decided to spoil some admins weekends by revealing a zero-day, maximum severity vulnerability in their PAN-OS GlobalProtect on Friday. Palto Alto wrote, “specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.” This is as bad as it gets. At publication time a patch didn’t exist, but mitigation guidance did. Additionally, earlier in the week they’d published seven other lower, but still important, vulnerability updates for their products. If you have Palo Alto in your network, stop what you are doing and verify you’re safe, or secure your products immediately!
Sisense is a company that provides critical data analytics and visualization tools to many of the world’s leading organizations in finance, healthcare, technology, government and more. They were hit by a data breach where the evil miscreants managed to steal terabytes of data, access tokens, email account passwords, and even SSL certificates, according to some web sources. The stolen trove of data, if the initial reports prove true, will be significant in breadth and depth. CISA has taken an active stance in this case due to the massive potential for damage and has highly encouraged any Sisense customers to immediately invalidate any existing sessions and rotate any credentials.
Telegram, widely used to communicate with loved ones around the world, and by bad-guys with other evil individuals, just fixed a zero-day vulnerability in their Windows app that allowed Python scripts disguised as a videos to execute when clicked. The fix was done server-side, so users don’t need to do anything to receive the update.
WebOS, the operating system behind LG TVs was shown to have a vulnerability that allows root access to anyone, under the right conditions. WebOS versions 4 through 7 have a vulnerable service. Now ordinarily this wouldn’t be a critical issue since this service is only supposed to be accessible on the LAN (Local Area Network). However, a Shodan search by the researchers that discovered this revealed that 91,000 LG TV’s somehow have this vulnerable service exposed directly to the internet, meaning anyone can attempt exploit. There were several additional vulnerabilities discovered by the researchers, and a patch does exist now, so if you have an LG TV, check for updates.

In Ransomware, Malware, and Vulnerabilities News:

Forrester put out an excellent report about IoT Security. It is well worth perusing. Internet of Things devices are the next frontier in corporate network attacks, they are oft neglected and not monitored, and rarely if ever receive security updates. Thus, they are the perfect beachhead for threat actors to launch internal assaults or attacks against other organizations using your infrastructure as a base of operations.
Wells Fargo recently sent out breach notices to some customers. Their particular breach is a poignant reminder that people will always be the weakest link. “An employee violated company policy for sending information to his personal account.” Needless to say, that individual is now a former employee and likely faces legal action.

In Other News Events of Note and Interest:

North American Solar Eclipse brough about a noticeable decrease in internet activity as people went outside to view the awe-inspiring sight. Cloudflare reports that locales directly in the path of totality saw drops as much as 64% of what is normal for any given day.
WTF (What the Feature)? Microsoft has decided to include some functionality of their Authenticator product inside of Outlook for Android. Interesting, but it gives me pause for concern about another potential compromise attack surface.

In Cyber Insurance News:

Demand Grows for Cyber Insurance in Wake of Ransomware Attacks. Hopefully, companies obtain coverage before an attack. And they need to ensure that they have sufficient coverage from an insurance company that knows cyber. The costs can be staggering, business-ending, if you are not adequately protected.

With the exponential increase in the number of vulnerabilities and subsequent patches that are appearing every month, keeping up can seem like Sisyphus pushing the boulder uphill, only to see if back at the bottom each second Tuesday. While that perception may be somewhat accurate, with each trip up the legendary mountain of vulnerabilities, we are in fact performing a much-needed service that delivers patches and fixes to the top, before experiencing the next reset to the bottom. It was the mythical gods that set Sisyphus on his never-ending task, and it may be our modern AI gods that finally bring some relief from our patch-boulder task, lightening the load and eventually prevailing. Hey, I can hope, right?

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News