July 27, 2024

Weekly Cyber Security
News Events &Information

From sources found online in the past seven days

Hello all,

After the rather grueling CrowdStrike incident that started a week ago on Friday for many in the IT industry, I’m sure that they were happy to see that the latter half of this past week was somewhat calm. That’s not to say that nothing happened, just nothing that show-stopping dramatic. There was still a lot to know and to notice. So, onward.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Acronis, has warned about a critical vulnerability that allows for remote code execution (RCE) in Acronis Cyber Protect (ACI) “a unified multi-tenant platform that combines remote endpoint management, backup, and virtualization capabilities and helps run disaster recovery workloads and store enterprise backup data securely.” If you use this, patch now as it is under active exploitation.
Docker has updated to patch a critical vulnerability in their authorization plugin (AuthZ) system that allows for RCE. This flaw was originally patched in January 2019. Unfortunately, the fix didn’t make it into subsequent versions. Yep, for 5 years this was open to exploitation. If you use Docker, check now for updates!
Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers have been found to allow RCE. There is no fix as these routers are End-of-Life (EOL). If you continue to use them it is not a matter of if, but when you will be compromised, replace them ASAP!
Microsoft threw the European Union (EU) under the bus for the global CrowdStrike outage. It is reported that they said that a 2009 agreement with the EU opened access to the Windows OS to security providers in a way which made the CrowdStrike BSOD possible. The EU responded later in the week stating that was untrue and that “Microsoft is free to decide on its business model. It is for Microsoft to adapt its security infrastructure to respond to threats in line with EU competition law. Additionally, consumers are free to benefit from competition and choose between different cybersecurity providers.” That doesn’t sound like a very solid denial to me, but what do I know?
Okta has a browser plugin that is vulnerable to cross site scripting (XSS) attacks. Update to the latest version to mitigate this attack vector.
Service Now has a critical RCE that is being actively used to steal credentials. A patch was made available on July 10, and on July 11 a researcher released proof-of-concept (PoC) code to exploit the vulnerability. Naturally, the slavering evil hordes jumped on it and began active exploitation before many organizations self-hosting were even aware of the flaw and update. Note, hosted instances were updated in May to plug this hole.
Telerik Report Server by Progress Software, has an RCE in versions 10.1.24.514 and earlier. This is being actively exploited, if you use it patch immediately and check logs for exploitation.

In Ransomware, Malware, and Vulnerabilities News:

CrowdStrike was top of mind for many in the IT industry last week, and for many in the dark dens of evil doers as well. Hundreds of fake CrowdStrike domains have popped up with “helpful advice”, which will download and install malicious software. Likewise phishing and malvertising campaigns were rampant. Don’t take the bait.
Meta removes 63,000 accounts linked to sextortion. Evil people taken offline for at least a bit. This same article lists some additional wins for the good guys! With so much negative out there, it is important to celebrate the wins!
Secure Boot is completely broken on 200+… this is an emerging story that bears watching. The implications are pretty severe. We defenders need to apply updates as soon as they become available and are vetted as safe.

In Other News Events of Note and Interest:

CrowdStrike obviously continued to make news this past week. There are over a dozen links in this section that discuss various aspects of this global failure. Additionally, on the Buffalo-Plaid Breakfast show this Friday, my co-host Jeremy and I discussed the CrowdStrike Apocalypse.
Alexa may soon have an AI sibling that is accessible behind a paywall. I tend to agree with the article’s author. I suspect that Amazon subscribers will be reluctant to pay additional fees, especially since the base price of Prime has continued to steadily increase over the past few years. But we’ll see.

In Cyber Insurance News:

Companies Ready Insurance Claims Over CrowdStrike Outage. The total global economic impact was estimated at the start of the week to end up at around $5.4 billion dollars. While high, insurers and re-insurers (the guys that underpin the smaller companies) are confident that they have the resources to weather this storm, especially considering that claims will be capped at whatever limits a policy has on it.

The Summer Olympic Games have started in Paris France and I’m happy to report that for the most part the good guys are winning! No, I’m not talking about my favorite nation or even athlete, I’m talking about the security professionals that are defending what is likely the most interconnected games ever. There’s only been one known data breach, and it was likely an insider job. So, cyber-warrior athletes, I salute you! May you win Gold!

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: