January 13, 2024

Hello all,

Patch Tuesday was huge this month. Even if you don’t see a notice from your particular vendor of choice, it would be prudent to check for updates. A large portion of the major software vendors had updates, as did a number of IOT/OT manufacturers. And there are some zero-days that need to be patched as soon as is practical. The bud guys are not taking a break, nor can we. Let’s get to it.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Broadcom is in the news, not for patching, but for plundering their vendor and strategic partner base and going direct. Additionally, they have decided to scuttle VMware Cloud Service Providers. It is going to be interesting to see the industry response.
Cisco Unity Connection messaging platform received updates to prevent attackers from getting root access. Make sure you apply them. Several additional products received updates for privilege escalation, cross-site scripting, and more.
Fortinet released updates for FortiOS and FortiProxy. Patch quickly to prevent possible takeover of an affected system.
GitLab has released patches for their Community and Enterprise Edition to address two critical vulnerabilities. One is rated 10 out of 10, allowing account hijacking with no user interaction.
Intel, AMD, Zoom, Splunk and, as mentioned earlier, others have released security advisories and updates for their products this past Tuesday.
Ivanti …if you use this and haven’t applied the mitigations provided by them yet, you are likely compromised already. Two zero-days exist that achieve unauthenticated RCE. No less than 5 different malware families are being deployed by nation-state actors who are actively probing and exploiting the holes in Ivanti Connect Secure VPN installing keyloggers, exfiltrating data and more. In case this sounds familiar, yes this is rebranded Pulse Secure VPN from Ivanti, which had major issues in 2023. If you can’t mitigate immediately, shut it off!
Juniper last week they patched multiple vulnerabilities in their Juniper Secure Analytics – JSA Series Virtual Appliance. This week critical RCE’s have been patched in JunoOS and JunoOS
Microsoft Patch Tuesday was average in the number of vulnerabilities and patches with only 53 items. Two of them bear special note, a Kerberos bypass that will only be a matter of time before some dirtbag exploits, and a Hyper-V RCE exploit. Currently both require local access to utilize, but if a threat actor is in a network, this is all they need to get the keys to the kingdom. All of them are important, so vet and apply soon.
SAP resolved some critical RCE’s and other issues with new patches. If you use SAP products, check for updates and apply as appropriate.
Wi-Fi 7 is now an official standard. Several vendors have products out already that adhere to the draft proposal and unless there were changes are already compliant. The new standard promises increased throughput, reduced latency, and improved reliability compared with earlier Wi-Fi versions.
Windows 10 KB5034441 came out on Patch Tuesday, and promptly failed on most computers due to insufficient disk space on the recovery partition – WinRE. A day or so later Microsoft provided guidance on how to manually make changes, which would be quite daunting to apply in an enterprise environment. Later in the week Big Redmon released a script to update the recovery partition. But this still appears to be a somewhat manual process. This author is waiting until they fix the update. Or you could take this nudge to upgrade to Windows 11.

In Ransomware, Malware, and Vulnerabilities News:

Apple AirDrop has a hole in it that is under active exploitation. Bloomberg reports that the Beijing Institute has been able to “crack an iPhone’s encrypted device log to identify the numbers and emails of senders who share AirDrop content”. The truly shocking reveal is that Apple was alerted to this vulnerability in 2019 and chose to not fix it so that backward compatibility would be retained.

In Other News Events of Note and Interest:

The Best, Coolest, and Weirdest Gadgets at CES 2024 is a fun ride down through the virtual maze of tech and accessories presented at this year’s Computer Electronics Showcase. A crowd favorite was the assortment of automatic beer makers such as the Igulu 5-liter brewing station, which the local constabulary shut down due to not having a license for alcohol.

In Cyber Insurance News:

Ways in which you can lower your cyber insurance premium has some good thoughts and ideas for saving money. They are the basics which most of us know but are good to review and see what insurers are noticing.

In the United States the start of a new year generally involves companies and vendors sending all sorts of tax documents and forms to fill out. Pay particular attention to what you are receiving and opening as threat actors are quite aware of this annual exercise and are already pumping out malicious AI enhanced content that is designed to steal, kill, and destroy. Well, maybe just two of the aforementioned three. But you get the idea. Stay vigilant. Don’t self-apply an ignorance tax and let a bad guy drain your financial accounts.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: