April 20, 2024 - Red N Security

Weekly Cyber Security News
News Events and Information

Gathered from sources found on the web in the past seven days

Hello all,

This week was blissfully quiet in comparison to last week’s flood of items that screamed for attention. Note the in comparison… there are still plenty of vulnerabilities, reveals, patches, and interesting news items, and if your enterprise is affected, judicious action is warranted. So, onward.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Apple loses top phone maker spot to Samsung. While global smartphone shipments went up 7.8% in the first quarter of 2024, Apple’s piece of that pie dropped by 10%. Samsung was propelled to the number 1 spot and now has a 20.8% market share, with Apple following at 17.3%. I was just discussing with a colleague how Apple appears to have lost its innovative edge. Time will tell if they can regain their mojo.
Cisco has a cyber security arm named Talos that puts out some excellent intelligence. They just alerted the world to a massive brute-force campaign targeting VPN services. They’ve observed attacks against VPNs from Cisco Secure Firewall, CheckPoint, Fortinet, SonicWall, Ubiquiti, and more. I cannot state this stongly enough, get MFA on your VPNs! It effectively mitigates this type of attack, provided there are no software vulnerabilities that allow bypass. Check your logs, if you’re being targeted and don’t have MFA, it may already be too late. But, if not, I’d recommend shutting off VPN access until you get MFA enabled or other mitigations, such putting IP restrictions into place.
Cisco released patches for a high-severity vulnerability in their Integrated Management Controller (IMC). An authenticated attacker is able to escalate to root level access unless the patch is applied. Proof of Concept code already exists, so patch soon if you have affected hardware.
CrushFTP, a cross-platform FTP server, revealed a critical vulnerability that allows for access to the filesystem for all versions below 10.7.1 and 11.1.0. If directly on the internet, there is no mitigation, you need to update to fix the issue.
Frontier Communications was successfully attacked recently and had to shut down a portion of their systems due to unauthorized access. In their SEC filing they wrote, “Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information”. Obviously, there will be more to this once the investigation yields more results.
Ivanti is in the news again. They just released patches for 27 vulnerabilities in Ivanti Avalanche, a mobile device management system. While I do find the quantity of items disturbing, it should be noted that this is expected, since On April 3, 2024, Ivanti’s CEO publicly committed to a major code review for vulnerabilities and problems. It would follow that this is the outflow from that effort. According to Ivanti, none of the flaws are known to be exploited – yet. Patch quickly.
Juniper Networks has released dozens of new patches. Check if your products need updates and get it done quickly. Threat Actors are standing by to assist with a post-paid Pen Test if you don’t.
MITRE, the 65+ year old security company experienced a breach via, I hate to say it, Ivanti’s ConnectSecure product’s zero-day vulnerabilities. MITRE has published a very well worded synopsis of the event. One statement particularly caught my attention and causes my heart to beat a bit faster – skipping a few beats too, “No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible,” said Jason Providakes, president and CEO, MITRE.” His statement underscores why it is vital to have layers of defense, and to have a tested/proven way to recover.
Palo Alto Networks spoiled some admins’ weekends last week when they announced a zero-day vulnerability that they didn’t have a patch for yet, but for which they offered mitigation guidance. It turns out that the mitigation didn’t work. Thankfully, patches now exist for affected products. So, if yours is on the list. Patch yesterday!
Security Bite from 9to5Mac revealed the staggering rise of the cost of cyber-crime. They quote a Statista Markets Insights survey that predicts that the “annual cost of cyberattacks will reach $9.2 trillion this year.” I’ll just let that number sink in. The article is a good read.

In Ransomware, Malware, and Vulnerabilities News:

Hive Rat creators arrested in Australia and in the US. And an additional person was arrested for crypto mining crimes. Score three for the good guys!
Home Depot had a massive leak on aisle 13. One of their SaaS vendors accidentally made public a list of employees, exposing 10,000 of them to anyone that was able to get their mitts on it before it was noticed. The report has an amazing statistic in it, “According to the Global Third-Party Cybersecurity Breach Report by the IT risk management firm SecurityScorecard, 98% of organizations are affiliated with a breached vendor.”

In Other News Events of Note and Interest:

Bots now account for half of global internet traffic. While that number is immense, it isn’t quite as dire as it sounds, unless you consider the bandwidth implications. Only one third of traffic is attributable to malicious bots that are out to steal, kill, and destroy. Well, maybe not the kill part, yet.
China Legacy Chip production is up 40% in the first quarter of 2024 due to the cyber sanctions imposed by the US. Since legacy chips are not being sanctioned, the Middle Kingdom’s 28nm chip production facilities are running at full tilt turning out chips and may soon be an overwhelming presence in that marketspace.

In Cyber Insurance News:

CYE warns of wide cyber insurance coverage gap. This past Friday on Integris’ Buffalo Plaid Breakfast web broadcast my co-host and I discussed Cyber Insurance, and this topic was touched on. However, at broadcast time I didn’t fully know the depth of how woefully underinsured the majority of companies are for a cyber event, with some as high as 3000%. The time to reevaluate your coverage is now, not when something arises that necessitates a call to your adjustor.

In the 1980’s when dinosaurs roamed the earth, I visited relatives in Switzerland for an extended vacation. While there the Swiss enacted mandatory seatbelt laws. As a foreign national, I didn’t want to run afoul of their laws, so I complied and wore my seatbelt every time I was in a car. When I returned to the USA, months later, wearing a seatbelt had become a habit. So, several years later when my home state passed legislation mandating their use, I was already compliant, and it was no big deal. Cyber security best practices are presently akin to my Swiss seatbelt experience. They are not mandatory, yet. Be proactive and put them into practice now so that when regulations come our way you will be compliant, and it will be no big deal.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News