Cyber Briefing - 2023.09.29
?? What are the latest cybersecurity alerts, incidents, and news?
WS_FTP Software Vulnerability, Progress , Malicious PyPI and npm packages, Cisco SD-WAN Vulnerabilities, Simple Membership, WordPress.com , SharePoint, World Baseball Softball Confederation - WBSC , Volkswagen , State Corporation Rostec , Russia, ChildFund International NZ, Baruch College , Crypto Scam.?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
Progress Software, the developer of the widely used MOVEit Transfer file-sharing platform, has issued a critical warning to its customers regarding a high-severity vulnerability found in its WS_FTP Server software. This server software is employed by thousands of IT teams globally for secure file transfers. The vulnerability, tracked as CVE-2023-40044, holds a maximum severity rating of 10/10 and allows unauthenticated attackers to execute remote commands, posing a significant security risk. Progress Software strongly advises its users to perform an immediate upgrade to the latest version, 8.8.2, to remediate the issue.
A series of malicious npm and PyPI packages have been discovered, targeting software developers and stealing sensitive data. The campaign, initially detected by Sonatype, began in September 2023 and has expanded to both platforms. Attackers have uploaded 45 packages with evolving code, including typosquatting to deceive developers into installing them. These packages, when executed, steal machine and user details, including SSH keys, posing a significant security risk to developers and their systems.
Cisco Catalyst SD-WAN Manager has been discovered, allowing unauthenticated remote access to the server. Cisco Catalyst SD-WAN Manager for WAN is network management software used for WAN device management. The most severe flaw, CVE-2023-20252, enables unauthorized access due to issues with the Security Assertion Markup Language APIs, potentially leading to user impersonation, data breaches, and service disruptions.
Security researchers have uncovered two critical vulnerabilities in the widely-used Simple Membership plugin for WordPress, impacting versions 4.3.4 and below. These flaws, identified by Patchstack, could potentially lead to privilege escalation problems. One vulnerability allowed unauthenticated users to register accounts with arbitrary membership levels, while the other enabled authenticated users to take over member accounts through an insecure password reset process.
Researchers have discovered and detailed an exploit chain that combines two critical vulnerabilities in Microsoft SharePoint Server to enable remote code execution on affected servers. One of these vulnerabilities allows an unauthenticated attacker to gain administrator privileges, while the other is a remote code execution flaw. There are concerns that threat actors could exploit these vulnerabilities in the coming months, as there are over 100,000 Internet-exposed SharePoint servers potentially affected.
?? Cyber Incidents
The World Baseball Softball Confederation inadvertently exposed nearly 50,000 files, including copies of 4,600 national passports, in a misconfigured AWS bucket, raising concerns about identity theft and fraud risks. Cybercriminals could potentially use the exposed passport data to impersonate victims and engage in fraudulent activities, including opening bank accounts and applying for loans.?
Volkswagen faces a significant operational setback as a cyber incident disrupts its global IT and production systems, impacting various locations, including the Wolfsburg headquarters. The disruption, described as an "IT disruption of network components," began on Wednesday, causing the automaker to halt operations at multiple factories, including some Audi facilities.
A significant cyberattack struck Russia's flight booking system, Leonardo, causing delays at various airports. The "massive" distributed denial-of-service attack was attributed to "foreign hackers" by the system's developer, Russian state defense company Rostec. This hour-long incident impacted several Leonardo customers, including major Russian airlines like Rossiya Airlines, Pobeda, and Aeroflot, leading to delays of up to an hour at Moscow's Sheremetyevo International Airport.
领英推荐
Baruch College has announced an extension of remote learning until October 1st due to a recent malware attack causing network outages across the campus. While the physical campus remains closed to students, essential staff members can access it. Baruch's Computing and Technology Center, along with other departments, is working on restoring various network services, and on-campus classes are expected to resume on October 2nd.
ChildFund NZ's partner, Pareto Phone Limited, experienced a data breach in April of this year, potentially affecting personal contact information of donors, including ChildFund NZ donors. Although there is no evidence of financial or banking information being accessed, this incident has raised concerns about the security of donor data.
?? Cyber News
In a move aimed at harnessing the potential of artificial intelligence while safeguarding against its inherent risks, U.S. President Joe Biden has announced plans to issue an executive order this fall. The order will outline the United States' strategy for responsible AI innovation, focusing on collaboration with domestic experts and global leaders like British Prime Minister Rishi Sunak.
The Food and Drug Administration has issued final guidance on cybersecurity measures for medical device manufacturers, emphasizing the need to address cyber risks in their products. This guidance, titled "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions," outlines various aspects of product security, including implementing secure development frameworks, threat modeling, and software bill of materials.
The Biden administration is facing resistance from tech industry leaders, including Amazon, over its plan to improve cloud infrastructure security through the "Know Your Customer" policy. The policy would require companies to collect personal information from users to disrupt hackers who exploit commercial cloud services for cyberattacks. Despite industry concerns about administrative costs and privacy issues, government officials argue that responsible companies should understand their customers to prevent misuse of their services for criminal purposes.
Security researcher Sam Curry found himself under investigation by U.S. border officials and federal agents upon his return to the United States. Border officials and agents from the IRS Criminal Investigation (CI) division and the U.S. Department of Homeland Security (DHS) detained Curry and searched his electronic devices. He was also served with a 'Grand Jury' subpoena, compelling him to testify in court. The investigation stemmed from Curry's involvement in probing a crypto phishing scam, where his IP address had appeared in the logs of a crypto wallet linked to the scam.
Researchers at Censys have discovered that thousands of internet-connected devices and computers are exposing millions of potentially sensitive files online, either unintentionally or deliberately. They identified over 314,000 distinct internet-connected devices and web servers with open directory listings and at least one file, creating a comprehensive database.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: