July 15, 2023

Hello all,

The Red-N Weekly Cyber Security News newsletter Notable Callouts are below. It has been a whirlwind of vulnerabilities and patches this past week with a nice A to Z ranging from Adobe to Zune – yes, Zune. Read on. And, as usual, the complete weekly report is online at https://red-n-security.com (below) where you’ll also find a searchable archive.

Notable Callouts:

Adobe participates in the Patch Tuesday cycle and released critical patches for InDesign and ColdFusion. Update quickly.
Aerohive/ExtremeNetworks access points are vulnerable to fully unauthenticated Remote Code Execution. Patch them now if you have them.
BlackLotus ransomware’s UEFI malware source code was leaked onto GitHub. The unfortunate result will be in other threat actors incorporating their evil work.
Cisco has patched a critical vulnerability in their SD_WAN vManage The vulnerability is nearly as bad as gets with a score of 9.1 out of 10.
Citrix Secure Access Gateway client has a flaw that allows for LPE. Upgrade immediately by pushing out a new version from the gateway, or by updating the client devices.
Fortinet didn’t want to let more than a couple of months go by without a critical RCE. This time in FortiOS and FortiProxy.
Honeywell, someone we don’t often see in vulnerability news, has multiple flaws that require patching with one being described as, “anyone with access to the network is able to impersonate both the controller and the server” and other patches as well.
Microsoft is dominating this week’s Red-N Cyber Security news, partially due to massive Patch Tuesday release with five zero-days, an announced zero-day with no patch, and partially due to a major news item that nation-state threat actors gained access to dozens of Microsoft tenants. There is some non-vulnerability news from big Redmon too. They have renamed Azure AD to Entra Identity (funny how Microsoft autocorrect wants to change Entra to Entrap). With the name change, in what could be a game-changer for SMBs, they announced that they are getting into the Security Service Edge And Microsoft Office is getting a new default font. Calibri is out and Aptos (aka Bierstadt) is in. I think I’ll stick with Calibri for now.
SAP has patched critical vulnerabilities in ECC and HANNA
Siemens and Schneider Electric, in a sign of the heating up IoT and OT attack space, have released patches for 50 vulnerabilities. This includes a “critical’ flaw that could be used to acquire admin access and take full control.” Patch judiciously.
SonicWALL has been quiet for a few months. Their on-prem GMS requires immediate patching to mitigate a critical auth bypass bug.
Technicolor TG670 DSL gateway routers (Thompson Broadband) that could be weaponized by an authenticated user to gain full administrative control of the devices due to hard coded credentials.
US Government agencies were among those compromised in the aforementioned Microsoft tenant breach. It was a full account compromise. The ramifications from this are going to be shaking out for quite some time.
Zimbra mail server has a zero-day that has not received a patch yet, but they have published mitigation guidance and are urging all admins to immediately take action.
Zune you read that right, Zune, which has long been discontinued just received a little love from Microsoft by having a compatibility issue with Windows 11 patched recently.

In Ransomware, Malware, and Vulnerabilities News, Microsoft is still unsure, or more likely unwilling to disclose, how Azure AD’s signing key was compromised/stolen. And the unpatched zero-day in MS-Office does have some published workarounds but apply with caution as you may break some functionality that users depend on.

In Other News Events of Note and Interest, Microsoft’s announcement of getting into the Security Edge space has caused stocks of companies that specialize in that area to tumble. ConnectWise has announced integration of network monitoring into their RMM software.

In Cyber Insurance News, a good reminder to law firms that they need to consider cyber-insurance. Especially in light of last week’s Red-N Security Newsletter’s mention of how law firms are increasingly being targeted by malicious individuals.

The term hacker has taken on a very negative connotation in most people’s minds. Likely that is due to continual negative press about “hackers”. And I suppose that some of that acrimony is justified due to the rise of computer criminals using that moniker. However, the original term did not carry that meaning. In light of that, I heard a definition once that I think works well for both good and bad “hackers”.

A hacker is someone who sees a thing, or process, or computer program doing something, and gets it to do another.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: