October 26, 2024

Hello all,

This week’s news has an unusual number of items related to firewalls and networking equipment. Cisco, Fortinet, and SonicWall are all under active attack for known vulnerabilities and are being exploited successfully by malactors to gain unauthorized access to networks. Once there, they then use other products’ vulnerabilities and defects to burrow deeper and do more.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

  • CISA added several items to the Known Exploited Vulnerabilites (KEV) catalog this week. Two that I found significant were the ScienceLogic SL1 defect that Rackspace found and reported. The second is for Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), both of which are subject to Denial of Service (DoS) attacks. A third item CISA called-out is for a Cross Site Scripting (XSS) defect in RoundCube webmail.
  • Cisco also fixed a defect that allowed for DoS via their VPN when getting password sprayed.
  • FortiGate/Fortinet has had rumblings on Reddit for the past week about a major flaw. The manufacturer finally acknowledged the issue and has released version updates and mitigation guidance for this zero-day bug, dubbed FortiJump. Do not delay, this has the potential to compromise every Fortinet product that is managed by your FortiManaager.
  • Pwn2Own Ireland just concluded, and more than 70 zero-day vulnerabilities were used by the hackers participating. Expect an incoming storm of patches soon for things such as, QNAP, Synology, TrueNAS, Ubiquiti, Canon, HP, Lexmark, Sonos, and more.
  • Unifi, was mentioned a moment ago, they just released an update for their UniFi Network Server, if you use this, update quickly.
  • VMware attempted to patch a defect in vCenter last month that was found at the Chinese Matrix Cup competition last month. Apparently, it was only partially successful. Another patch has been released. Update your vCenters as soon as you are able.

In Ransomware, Malware, and Vulnerabilities News:

  • Evil increasing should be the headline. This section has several links to items such as Q3 sees 75% Surge in Cyber Attacks, Healthcare sees 300% Surge in Ransomware Attacks, Ransomware gang stoops to new low, AI impersonation, and more. It is vital to stay aware and properly prioritize your mitigation efforts.

In Other News Events of Note and Interest:

  • DMCA (Digital Millennium Copyright Act) Exemption for Ice Cream Machines Is a long-awaited headline! Just this week I was at McDonalds wanting a milkshake and their ice cream machine was down. They really should fly their flag at half-mast or something so we don’t waste time pulling in, but I digress. Up until now, only licensed companies were permitted to perform repairs, and apparently those repair people are in short supply. Hence the plethora of broken ice cream machines. Now, any capable technician will be permitted to make needed fixes. Ice Cream and Milkshake lovers rejoice!

In Cyber Insurance News:

  • Global Insurance Rates Decline in a sign that insurers are getting a better handle at managing their risks, and clients are becoming more resilient, there are signs that rates are declining.

Musings:

For most of the world we are rapidly approaching multiple holidays. While it is a time for feasting, celebration, fun, family, and friendship, threat actors are well aware that due to the typical end-of-year increase in personal time off, cyber-defenders will be short staffed. The opportunistic dirt bags don’t take these holidays off, so don’t let your guard down so that you can enjoy your time off. Spoil a hacker’s holiday and enjoy yours!

Visc. Jan Broucinek

Keep the shields up.

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS
Ransomware, Malware, and Vulnerabilities News
Other News Events of Note and Interest
Cyber Insurance News

 

Tags
Share this with: