Security Leftovers
-
#StopRansomware: Hive [Ed: Microsoft Windows TCO, but CISA fails to mention culprits, as usual]
Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.
Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and—especially—Healthcare and Public Health (HPH).
-
CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain [Ed: Instead of tackling their own back doors and faked 'security', here they are pushing Microsoft talking points and nonsense like SBOM]
Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 release of guidance for suppliers.
-
Microsoft fixes Windows Kerberos auth issues in emergency updates [Ed: It's not Kerberos; it's Microsoft attack on Kerberos and Microsoft made it insecure, too]
Microsoft has released optional out-of-band (OOB) updates to fix a known issue triggering Kerberos sign-in failures and other authentication problems on enterprise Windows domain controllers after installing cumulative updates released during November's Patch Tuesday.
The company acknowledged and started investigating on Monday when it also said that the known issue could affect any Kerberos authentication scenario within affected enterprise environments.
While Microsoft has also started enforcing security hardening for Kerberos and Netlogon beginning with the November 2022 Patch Tuesday, it said that these auth problems are not an expected result.
-
iTWire - F5 issues fixes for BIG-IP, BIG-IQ flaws discovered by Rapid7
Security firm F5 has released patches for vulnerabilities in its BIG-IP and BIG-IQ products, after the flaws were reported to it on 18 August by threat research outfit Rapid7.
In a blog post, Rapid7 said both BIG-IP and BIG-IQ were susceptible to unauthenticated remote code execution through forgery of a cross-site request (CVE-2022-41622).
Additionally, the appliance mode iControl REST was vulnerable to authenticated remote code execution via RPM spec injection (CVE-2022-41800).
Three bypasses of security controls were also found, the Rapid7 post said, adding that F5 did not consider these to have a reasonable attack surface. All the flaws were discovered by Ron Bowes.