July 13, 2024


Weekly Cyber Security
News Events &Information

From sources found online in the past seven days


Hello all,

As expected, Patch Tuesday’s offerings were prolific. Adobe, Fortinet, a large number of Industrial Control System (ICS / OT) vendors, Mozilla, Microsoft, Netgear, Palo Alto, VMware, and more released updates and patches this week to address flaws and vulnerabilities in their products. We’ll call out a few of them below.

While encrypting ransomware tends to be top-of-mind for many in the information technology world, encryptionless exfiltration is the fastest growing trend among cyber criminals. This week’s newsletter is rife with news about data exposure, and theft from organizations such as AT&T, General Motors, Disney, Ticketmaster, and more. And, thankfully, there have been some wins as well. Read on for the good, the bad, and the downright ugly in this week’s Red-N Security newsletter. (Cue the spaghetti-western background music.)

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

  • Adobe patched critical vulnerabilities in Premier Pro, InDesign, and Bridge, all of which could lead to “arbitrary code execution”. Patch now.
  • Cisco “has issued a security advisory regarding a critical remote code execution (RCE) vulnerability, dubbed “regreSSHion,” that affects multiple products”. Currently, there are no patches out while Cisco investigates, but there is mitigation guidance consisting of, Restricting SSH Access, Upgrading OpenSSH, and Adjusting LoginGraceTime. Watch the Cisco feeds for further guidance and for upcoming patches.
  • Citrix has disclosed two vulnerabilities in their NetScaler Console (formerly NetScaler ADM), NetScaler SVM, and NetScaler Agent. The flaws allow for sensitive information disclosure and for Denial of Service (DoS) attacks. The first of these is critical, so update to the latest version immediately to avoid potential compromise.
  • Fortinet patched a medium severity cross site scripting vulnerability (XSS) in their FortiOS SSL VPN web UI. Additionally, they patched an “IP address validation” error. Both FortiOS and FortiProxy are impacted. Due to the popularity of hacking these products among internet villains, it would behoove you to patch these as soon as is possible.
  • Internet Connected System (ICS) and Operational Technology (OT) vendors Siemens, Schneider Electric, Ifm Electronic GmbH, Mitsubishi Electric MELIPC, Delta Electronics, and Johnson Controls, released ‘security advisories’ on Tuesday. Siemens’ list addresses 50 vulnerabilities across a swath of products, including a critical one in SINEMA remote connect server that enables remote privilege escalation. Schneider Electric published four advisories that address six vulnerabilities affecting five of their products. German ICS company Ifm Electronic GmbH made five patches available for several of their products, two of which are critical and trivial to exploit. Mitsubishi released firmware to address a high-severity code execution bug and updated a September 2023 list of things affected by a critical-severity code execution issue. Delta Electronics revealed issues in their CNCSoft-G2 product, and CISA warned of high-severity issues in Johnson Controls C-Cure 900 and PTC Creo. Check your systems for impact and don’t wait to address the items called out by these manufacturers.
  • Microsoft didn’t disappoint with four zero-days being plugged, two of which are already under active exploitation. In all, there were 142 bugs patched by Big Redmond. Five of the vulnerabilities are considered critical – enabling remote code execution (RCE), so be sure to put those at the head of the line for your patch vetting process. This is especially pertinent in light of an article in the next section that reveals that APT40 begins attacking vulnerabilities “within hours or days of being released”.
  • Netgear has patched Cross Site Scripting (XSS) and authentication bypass vulnerabilities in several WiFi-6 routers. Patch quickly.
  • Palo Alto Networks patched five security flaws in various products. The most severe is in their Expedition migration tool. Also patched were vulnerabilities related to the newly discovered “BlastRADIUS” industry-wide bug.
  • BlastRADIUS is the moniker given to a new critical vulnerability in the RADIUS (Remote Authentication Dial-In User Service) which is one of the most popular methods for login/authentication used worldwide by nearly everything from switches, VPNs, Access Points, Servers, and more. A new Man-in-the-Middle (MitM) attack method has been identified that requires that nearly every vendor that has an implementation of RADIUS, release updates and patches. Thankfully, at present, the vulnerability requires quite a bit of sophistication and some luck, but evil dirtbags intent on doing your company harm are a patient lot. So, watch for incoming patches and apply judiciously.
  • VMware patched a critical SQL-Injection flaw in their Aria Automation An unauthorized user can gain read/write – as bad as it gets. Patch now.

In Ransomware, Malware, and Vulnerabilities News:

  • Hacker “Tank” sentenced to prison. Score another one for the good guys. The evil hacker named Vyacheslav Igorevich Enchulkov who was part of Zeus banking malware and IcedD info stealer was sentenced to nine years in prison and ordered to pay back $73 million in restitution.
  • Speed of Exploitation – several articles in this section talk about the increase in speed, or decrease in time before threat actors gain access, begin exploitation of revealed vulnerabilities or Proof-of-Concept (PoC) exploits, or exfiltrate and encrypt. China’s APT40 (mentioned earlier) can begin exploitation in hours, Akira Ransomware group can go from initial access to exfil in as little as two hours. Some groups have been observed attempting to exploit PoC’s in as little as 22 minutes after disclosure! With adversarial AI on the rise, rapidly probing and exploiting, it is vital to be vigilant.

In Other News Events of Note and Interest:

  • German Navy to replace 8-inch floppy drives. Wow! I thought 5 1/4 were old. Those 8-inch drives are like from 2 minutes after the big-bang. Where did they even manage to source those from?
  • Microsoft Global Secure Access looks to be an amazing way to help secure access to both on-prem and cloud computing resources. It promises ubiquitous end-to-end secure access. If only it didn’t cost a minimum of $12 per person per month.

In Cyber Insurance News:

  • Why Would You Need Cyber Insurance? by Kiplinger.com is a good read that gives a list of “cyberexposure” issues that insurance can help with.

With so many vulnerabilities, holes, and patches needing to be applied each week, I miss the days of the internet being primarily about email, chat, and cat memes. While I’m waxing nostalgic, I noticed something that I wonder if others have too. When this started most of us used dialup internet connections with a single-point to single-point connection. Now with the increasing use of tunneling and Zero Trust Network Architecture (ZTNA), we are essentially going back to that model, albeit at a much higher speed.

Visc. Jan Broucinek

Keep the shields up. They really are out to get you.

Viscount Jan Broucinek
Red-N Weekly Cyber Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News
Tags
Share this with: