April 27, 2024 - Red N Security

Weekly Cyber Security News
News Events and Information

Gathered from sources found on the web in the past seven days

Hello all,

Artificial Intelligence continues to get a bit more adroit. Vulnerabilities continue to show up. And despicable individuals continue to do their dastardly deeds. So, we continue to fight on in our battle to expose the dark underbelly of digital crime, vulnerabilities, and AI-enabled miscreants. Of course, along the way we stop to notice the wonders of our technological age and pause for a moment to be thankful for all that our digitally connected world has done right. So, let’s get to it.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Brocade SAN Appliances and Fibre Channel Switches have multiple flaws, including two backdoor accounts with a publicly available root password. Patch quickly.
Cisco items blew up my newsfeed with the “ArcandeDoor” exploit. Cisco has released critical patches to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) devices and Firepower Threat Defense (FTD) software. CISA has added two of the vulnerabilities to the Known Exploited Vulnerability (KEV) catalog, which means that they are already under active attack in the wild. The worst of these allows an unauthenticated adversary to execute code remotely as root. “No workarounds are available, and users are strongly encouraged to apply the necessary updates immediately.”
Flowmon from Progress Software has some issues that allow unauthenticated command injection and privilege escalation, which when combined enable full compromise as root. A Proof of Concept exploit now exists and in short order someone will weaponize this. So, patch now.
Government Agencies Share logins over email. I’m not sure if this even needs commentary. Sigh. But I will comment. This is why Business Email Compromise (BEC) is such a scourge. The treasure trove of information contained in normal email accounts is massive. And now we see that threat actors have managed to get their digital mitts on our government officials’ secrets due to their lackadaisical security practices. This particular article talks about how the Russian group, Midnight Blizzard, successfully exfiltrated volumes of data from government Microsoft accounts. The impact cannot be overstated. CISA called the hack and data exfiltration, a “grave and unacceptable risk to agencies.”
Microsoft Exchange has received several hotfixes for issues related to the March 2024 Exchange Security Updates. If your server isn’t experiencing issues, go on with your day and ignore this fix. If your on-premises Exchange server is having problems with OWA not opening in-line images, template problems, Permission issues, and more, then this may be for you. And it may be an opportune time to, yet again, to speak with your C-Level about migrating to Exchange Online, where Microsoft deals with the mitigations and fixes, not you.
NIST decided to join the 21^st century and is finally opening up to FIDO2 standards. Agencies were reluctant to adopt security keys and passkeys until the technology was specifically called out as permitted. Well, now it has been. Cheers from government security admins could be heard all the way to the ISS. If you want to get into the weeds of the new guidance, publication SP.800-63b contains the details.
TikTok the clock is running out. If not sold within a year, a newly enacted law would make it illegal for web-hosting services to support TikTok, and it would force Google and Apple to remove TikTok from app stores — rendering the app unusable with time. Naturally, ByteDance, the owners of the wildly popular platform, will be appealing what they, and others, deem an unconstitutional overreach.

In Ransomware, Malware, and Vulnerabilities News:

CISA has long had a vulnerability scanning program, that is at no additional cost to companies. It is making news now, being billed as a Ransomware Warning program, which it truly is. If you have exploitable open ports on the internet, a warning from CISA could just save your business. If you don’t have a scanning program in place, go to CISA.gov and get signed up.
Oldie, but Goodie. Several articles in this section talk about current exploitation of vulnerabilities that are months, if not years, old. It doesn’t matter how old a hole is. If it still exists, someone will find it and will exploit it. Be prudent and compare your product mix against CISA’s excellent Known Exploitable Vulnerability (KEV) catalog of items. It could save you a world of hurt.

In Other News Events of Note and Interest:

Baltimore coach allegedly used AI voice cloning to get principal fired. In what might have been a somewhat clever and very evil revenge scheme, a disgruntled employee attempted to get the boss fired by creating a fake recording of the boss making a racist rant. Unfortunately for the perpetrator, he was not good at covering his digital tracks and was uncovered. However, it is only a matter of time before the technology improves to the point where the digital forensics will be inconclusive or impossible to verify.
Oracle, a mere two years after moving to Texas from California, has just leaked, rather publicly, that they will be moving their worldwide headquarters yet again. This time to Nashville, Tennessee. Larry Ellison appears to be betting much of Oracle’s future on the burgeoning healthcare industry, and apparently Nashville is considered the epicenter of that line of business.

In Cyber Insurance News:

Coalition Insurance released their 2024 Cyber Claims Report. It has some amazing statistics, including things such as, more than half of claims start in the mailbox, and claims increased 10% year-over-year to an average loss amount of $100,000.

With malicious and adversarial AI continuing to make rapid advances, it is just a matter of time before flawless video and audio of individuals in situations and conversations that have never happened, will begin to appear, foiling attempts to disprove their veracity. We’re seeing the nascent emergence of this potential plague now. And it has really only been about 2 years that this has been widely available. Imagine what the next two years will bring! That is why it is important, now more than ever, to live in such a manner that even if someone sees it with their own eyes, or hears it with their own ears, they still won’t believe it about you and will attest to your character.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News