May 18, 2024

Weekly Cyber Security
News Events &Information

From sources found online in the past seven days

Hello all,

Last week I called it the calm before the storm, boy was it ever! A large swath of vendors released updates for all sorts of vulnerabilities this week. I’ll call some out below but recommend that you check pretty much everything you’re running for updates.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Adobe starts out the cavalcade of patching with updates to Acrobat, Reader, and several other products. Don’t wait to apply these as some are critical.
Apple released updates for iPhones, iPads, macOS, and more. They even backported some updates to older iPhones. Again, don’t wait to update as at least one was a zero-day that was uncovered at Pwn2Own in Vancouver a few months ago.
Git has fixed five vulnerabilities, the most critical being a Remote Code Execution (RCE) that is triggered when cloning. Since this is something that is commonly done, update quickly.
Google Chrome had two separate releases to fix zero-day vulnerabilities this week. They were the fifth, sixth and seventh of the year. At this pace, restarting your Chrome browser daily (which triggers an update) to keep safe may be your best bet.
ICS (Industrial Control Systems) and IoT (Internet of Things) manufacturers Johnson Controls, Siemens, Rockwell, and Mitsubishi all released advisories this week regarding vulnerabilities that they’ve found and/or fixed in their products. There’s a lot, so check the list.
Intel issued 41 advisories for 90 vulnerabilities across a wide range of products such as processors, graphics cards, UEFI, and more; including a critical 10 out of 10 on the CVSS scale for their Intel Neural Compressor which is used in AI work.
Microsoft wanting everyone to remember that they were responsible for Patch Tuesday, unleashed 61 updates and addressed 3 zero-days. At least it wasn’t as large as last month’s record-breaking 147 fixes. However, Big-Redmond has yet to fix seven zero-days that were successfully exploited at Pwn2Own in Vancouver earlier in the year. Edge also received five security updates, most were Chromium related (same as Google’s updates), but a few were specific to Microsoft’s browser.
SAP has plugged critical holes in Customer Experience (CX) Commerce and NetWeaver Application Server ABAP and ABAP Platform, releasing 14 new updates and revising 3. SAP advises customers to update as soon as possible.
VMware patched three zero-day holes that were successfully used at Pwn2Own in Workstation and Fusion desktop hypervisors. They further fixed an additional item that was reported through Trend Micro’s Zero Day Initiative.

In Ransomware, Malware, and Vulnerabilities News:

AI Red Teaming tool helped IBM’s X-Force break into a major manufacturer in only 8 hours. As we’ve all said, AI is both an incredible thing and potentially terrifying, if in the wrong hands. Thankfully, this time it was the good guys using it to find issues that were then fixed.
Justice Dept. FBI, and FCC are all in the news this week, scoring several wins for the good guys!
SE Asian scammers steal $64 billion annually. Wow! That’s unbelievable.

In Other News Events of Note and Interest:

Veeam, has announced that their forthcoming version will have native support for Proxmox V With this out there, it looks like Proxmox might just become a viable alternative to Broadcomm’s VMware.

In Cyber Insurance News:

Should you buy Cyber Insurance is an excellent article that does a great job describing what this product is, and what it does for you.

Clarence Bleicher, President Chrysler Corporation DeSoto automobile division, stated before congress in 1947, “I have taught my foremen this for some months now—if you get a tough job, one that is hard, and you haven’t got a way to make it easy, put a lazy man on it, and after 10 days he will have an easy way to do it…” There’s something to be considered here. As Frank B. Gilbreth Sr discovered in 1920, the lazy person will find a way to “eliminate unnecessary movement and reduce fatigue”. Now don’t get me wrong, I’m not saying that you shouldn’t work hard, but you should be efficient and that means reducing complexity, making things easier, or in another word – convenient. Why am I going down this trail? This past Friday on the Buffalo Plaid Breakfast show, my Co-host, Jeremy, and I talked about Convenience vs. Security. I believe that the notion of reduction of effort is right in line with that theme. So, managers, foremen, bosses of all kinds, if you need to find a way to secure things in a more convenient manner, assign the job to the laziest employee you have. The result may astound you! However, in the famous words of President Regan, “Trust, but verify.”

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: