August 24, 2024 - Red Dot Security

Hello all,

This week we bid farewell to Red-N-Security News and welcome Red Dot Security News. New name, same content scoured from all over the web in the prior week, bringing commentary of items that I find of high value or just plain interesting. As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. The change of N to Dot is small, but it better reflects the branding of the company that I’m blessed to call my home – Integris.

Thankfully this week was a reprieve from the past two weeks’ worth of massive software bugs, faults, and defects that were announced. By now your various vetting systems should have done their job and you should be in full-swing of the deployment treadmill cycle. The longer you delay, the more time threat actors have to find the vulnerabilities and/or weaponize Proof of Concept (PoC) code that could already be publicly available.

Headline NEWS:

Atlassian released patches for quite a few products. There were nine high-severity vulnerabilities plugged and while Atlassian has not indicated that any are currently being exploited, as we know, it is just a matter of time.
F5 has patched nine vulnerabilities in their BIG-IP and NGINX-Plus products. There is mitigation advice for some of the issues if you can’t patch immediately. Since these tend to be internet-facing, make them a priority so bad guys don’t spoil your week.
GitHub Enterprise Server needed a patch to plug a critical authentication bypass flaw that if exploited could allow a threat actor to gain administrative privilege. GitHub warns that you read the “known issues” section before applying it as there are potential problems with this update. Geez, you can’t win. Patch and break something, don’t patch and get compromised.
Google released a new update for Chrome to plug the seventh (depending on whose scorecard you’re using) zero day of the year. Again, it is in the V8 JavaScript engine, and is already under active exploitation. There were several other security items and flaws fixed, so make sure you update your browser ASAP.
Microsoft Edge plugged a Remote Code Execution (RCE) flaw that could allow an attacker to take over the system. As is usual for this type of patch, details are scant, so update quickly. Also, expect that all other Chromium based browsers will be patching for the Google and Microsoft revealed issues soon, so watch for them and update when available.
Microsoft Windows “DownDate” In an attempt to get Microsoft to push the gas-pedal a bit, a PoC has been published by the discoverer of this massive flaw. Microsoft has had the details since February and a fully functional patch still hasn’t been released, and their present mitigation guidance is rather lackluster and easily defeated.

In Ransomware, Malware, and Vulnerabilities News:

IRS is working to improve data security after “a contractor leaked sensitive information on thousands of taxpayers.” I know this isn’t the forum for it, but here’s an idea, eliminate this regressive tax system and replace it with a national sales tax so there’s no danger of IRS leaking our information – since they won’t have it.
SolarWinds, every time I see this name in CyberSecurity news articles I get a little shiver up my spine. This one reinforces that chill. They had a hard-coded password in the Web Help Desk product that allows for unauthenticated remote threat actor access. You might want to patch this yesterday if you use it.

In Other News Events of Note and Interest:

AI copilots are making internal breaches easier and costlier to defend against. While AI assistants are nearly magical in how they are transforming our digital lives, they are proving to be equally slight-of-hand magical when it comes to maintaining confidentiality. With the immense access that they have to your day-to-day data, researchers are now finding ways to convince our digital assistant friends into becoming frenemies that spill your secrets with the right levels of prompt engineering.
NSA issues tips for better logging is an excellent collaboration piece between agencies around the world. However, wouldn’t it be easier if the NSA just provided us the logs we need in the event of a cyber event?

In Cyber Insurance News:

IT Consultants also need business interruption Insurance does a great job of outlining why you may want to consider this type of coverage for yourself.

Do you have a Solar Weather contingency plan? Are you even aware that we have a National Space Weather Prediction Center? Why is this being brought up you ask? Good question, I’ll tell you. Our sun goes through two 11-year periods known as Solar Cycles. There is a Solar Maximum and a Solar Minimum. In a Maximum, there are large numbers of solar flares which often produce Coronal Mass Ejections (CME). In a Solar Minimum there are very few of these. Currently we are in Solar Cycle 25 and are expected to hit the peak of the Solar Maximum sometime in 2025. And as you’ve seen there have already been quite a few spectacular CMEs recently that have resulted in Aurora Borealis in places that normally don’t see them. These colorful lights are the result of high energy particles ejected from the sun impacting our magnetosphere, the Earth’s natural defense shield. These same high-energy particles, when they reach the Earth’s surface cause an electrical imbalance that can cause significant power issues. If there was a sufficiently large CME that impacted our world, it could potentially result in massive amounts of damage to electronics and to power grids. Power could be down for months in places. Yep, months. Here’s a link that does a great job of describing this phenomenon. Does your Business Continuity Plan have such a prospect in it? Perhaps it should.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: