Updates from the Cyber Security World: December

Welcome to this month's edition of our Cyber Security Updates!

In this issue, we're delving into the latest developments across various tech domains, from Cloud and Web security to Mobile, Network vulnerabilities, and Tools shaping the security landscape.

Dive in to stay ahead of emerging threats and fortify your defenses.

Cloud

If you’re looking to enhance the security of your containers on Amazon Elastic Container Service (Amazon ECS), you can begin with these six tips that the authors cover in blog post. These curated best practices are recommended by Amazon Web Services (AWS) container and security subject matter experts to help raise your container security posture.

Web

A new set of 48 malicious npm packages with capabilities to deploy a reverse shell on compromised systems have been discovered in the npm repository. On October 27, Phylum’s automated risk detection platform began alerting researchers to suspicious publications on npm. Over the following few days, they discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install.

Cloud

Researchers from Aqua Nautilus have successfully intercepted Kinsing's experimental incursions into cloud environments. Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing's ongoing campaign; they have uncovered the threat actor's manual efforts to manipulate the Looney Tunables vulnerability (CVE-2023-4911). They delve deeper into the Kinsing campaign and its operations, highlighting the novelties in this attack and emphasizing the critical importance of vigilance and heightened awareness in the face of these evolving threats.

Read more: Cloud Security Testing: 10 Best Practices

Mobile

The Apple 'Find My' network could be exploited for the illicit transmission of sensitive data obtained through keyloggers installed on keyboards. This network and its corresponding application originally intended to aid users in locating misplaced Apple devices such as iPhones, iPads, Macs, Apple Watches, AirPods, and Apple Tags, may be misused by malicious individuals. By leveraging GPS and Bluetooth data gathered from a vast array of Apple devices globally, the service can locate devices reported as lost or stolen, even if they are not currently connected to the internet.

Network

Recently, Microsoft Exchange is susceptible to four zero-day vulnerabilities, enabling attackers to remotely execute arbitrary code or access sensitive information on affected systems. Trend Micro's Zero Day Initiative (ZDI) highlighted these vulnerabilities, having reported them to Microsoft on September 7th and 8th, 2023. Despite Microsoft's acknowledgment of the reports, their security engineers deemed the flaws not critical enough to warrant immediate attention, opting to delay the fixes later.

Tools

The Forum of Incident Response and Security Teams (FIRST) has officially introduced CVSS v4.0, marking the next iteration of its Common Vulnerability Scoring System standard. This release comes eight years after the previous major version, CVSS v3.0. CVSS is a standardized framework for assessing the severity of software security vulnerabilities.

It assigns numerical scores or qualitative representations (low, medium, high, and critical) based on factors like exploitability, impact on confidentiality, integrity, availability, and required privileges. Higher scores indicate more severe vulnerabilities. This system aids in prioritizing responses to security threats by offering a consistent method to evaluate the impact of vulnerabilities and compare risks across various systems and software.

That wraps up our journey through the latest in cyber security. Stay vigilant and proactive against evolving threats! Remember, informed defenses are the best defenses. Until next month, stay secure and informed.