January 20, 2024


Hello all,

There are quite a number of things to report on this week. It has been a busy one. Poor Ivanti is still in the news. I’m starting to feel sorry for them. Anyway, let’s move on.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

  • Atlassian has patched a bug in Confluence Data Center and Confluence Server that allows unauthenticated Remote Code Execution. It is as bad as it gets with a rating of 10 out of 10. If your version is dated prior to December 5, 2023, you are vulnerable and need to patch immediately and check for compromise. Atlassian noted that end-of-life instances (version 8.4.5 and before) are also affected and will not receive patches. If you have an EOL version, disconnect it from the internet and replace it.
  • CISA has directed those under their control to immediately patch the two Ivanti zero-day vulnerabilities (one in Connect Secure VPN and the other in Endpoint Manager) without delay. A new discovery from Volexity revealed that on compromised Connect Secure systems, the internal Integrity Checker Tool was modified to report all was OK despite being compromised. As I said last week, if you have this, unplug it. The scale of the attack is staggering and the subsequent damage to secrets, PII, PHI, and more will be extreme.
  • Citrix is in the news again with yet another Netscaler ADC and Gateway appliances zero-days that are actively being exploited. Patch now if you have a supported version. If your Netscaler isn’t supported, both Citrix and I recommend you disconnect it from the internet.
  • Google can’t seem to let a month go by without another zero-day being patched in Chrome. This week brought our first for 2024. Thankfully they do an adequate job of updating their browser, provided you restart it or your computer periodically. Of course, a wise move would be to proactively update as soon as a new version is released.
  • IT consultant fined is a chilling headline. In essence some dude found a vulnerability and reported it. “He was charged with unlawful data access under Section 202a of Germany’s Criminal Code, based on the rule that examining data protected by a password can be classified as a crime under the Euro nation’s cybersecurity law.” Wow, talk about killing the messenger that is telling you that your dike has sprung a leak.
  • Juniper Networks has patched an RCE in Juno OS J-Web configuration interface on SRX firewalls and EX switches. If you have Juno hardware, patch before you become a casualty.
  • Oracle unleashed patches for a massive swath of their products addressing 191 CVEs. Unfortunately, just as the last time I reported on this, many patches are behind an Oracle paywall and many are patches that are dependent upon other vendors that must incorporate them into their product updates. More to come on this, I’m sure.
  • VMware has confirmed that a critical vCenter bug has been under active exploitation. A patch was released in October… A new vulnerability was found in VMware Aria Automation. There is a patch available, so update as soon as possible.
  • XOrg Server and Xwayland display implementations have received patches for a number of vulnerabilities. Patch yours now if you use this.

In Ransomware, Malware, and Vulnerabilities News:

  • Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software. I am having a hard time seeing a problem with this. If you use pirated software, you deserve what you get. It reminds me of Mad Magazine’s Spy vs. Spy. In this case one criminal vs. another criminal.

In Other News Events of Note and Interest:

  • Inventor of NTP protocol, David Mills passed away at 85. Literally billions of devices every moment of every day rely on Network Time Protocol, which he created. NTP is a vital part of the glue that holds the internet together. The article is well worth reading.

In Cyber Insurance News:

  • Southwest Airlines scored a victory and won an appeal against their insurance carrier and lives to fight another day in their claim to receive an insurance payout after suffering what they say should be a covered massive computer failure in 2016 that disrupted travel for nearly a half-million people. Weeks before the July 2016 outage, Southwest had purchased a cyberrisk policy with “system failure” coverage.

Information is readily available everywhere. We are literally bombarded by it daily from every form of imaginable media and source. Some is useful, some is entertaining, some is bland or boring, and some is downright terrifying. Yet none of it does any good if you don’t synthesize what you’re ingesting into some cogent thought and actionable ideas. It is said that data, aka, information doubles every year. In that light, the following may be a controversial statement, but AI is likely the only way we’ll be able to keep up and make sense of those things that truly matter to us individually. Otherwise, what we value will simply be a needle lost in the ever-growing haystack of bits and bytes. However, with an AI assistant tailored to our continually changing tastes, interests, events, roles, and projects, I see great potential for a phenomenal explosion in productivity and efficiency. It is going to be an exciting few years as this all shakes out.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Tags
Share this with: