Security Leftovers

posted by Roy Schestowitz on Nov 05, 2023,
updated Nov 05, 2023

• Security Week ☛ In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach

  Noteworthy stories that might have slipped under the radar: US airport taxi hacking by Russians, Stanford ransomware attack, and post-quantum crypto guidance. 

• Security Week ☛ Apache ActiveMQ Vulnerability Exploited as Zero-Day

  The recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 has been exploited as a zero-day since at least October 10.

• Security Week ☛ North Korean Hackers Use New ‘KandyKorn’ macOS Malware in Attacks

  Security researchers uncover new macOS and backdoored Windows malware associated with the North Korea-linked Lazarus Group.

• Security Week ☛ Okta Hack Blamed on Employee Using Personal Surveillance Giant Google Account on Company Laptop

  Okta is blaming the recent hack of its support system on an employee who logged into a personal Surveillance Giant Google account on a company-managed laptop.

• Security Week ☛ After Major Cloud Hacks, Abusive Monopolist Microsoft Unveils ‘Secure Future Initiative’

  In response to a spate of embarrassing hacks, Redmond pushes ‘Secure Future Initiative’ promising faster cloud patches, better management of identity signing keys and products with a higher default security bar.

• Hackaday ☛ Big Red Button Puts Toddler In Command Of Chromecast

  Controversial position: the world needs more buttons. We’ve gotten so far away from physical interfaces like buttons, knobs, and switches in favor of sleek but sterile touch-screen “controls” that when we see something like this big red button so toddlers can start a TV show, we just have to latch onto the story and see what it’s all about. [...] We appreciate the reverse engineering heroics [Mads] displays here, which provide good general lessons for other purposes. It’s been a while since we’ve seen a Chromecast physical interface build, too, so we appreciate the refresher.

• Security Week ☛ Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack

  Mr. Cooper suspends operations, including payments, after a cyberattack forced it to take systems offline.

• Security Week ☛ Cyberattack Disrupts Ace Hardware’s Operations

  Cyberattack cripples Ace Hardware’s internal systems, resulting in shipment delays, suspended online orders.

• Security Week ☛ Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday

  Industry commentary on the SEC lawsuit against SolarWinds and its CISO over cybersecurity and risk handling practices before the massive hack that came to light in late 2020.  

• Hackaday ☛ This Week In Security: CVSS 4, OAuth, And ActiveMQ

  We’ve talked a few times here about the issues with the CVSS system. We’ve seen CVE farming, where a moderate issue, or even a non-issue, gets assigned a ridiculously high CVSS score. There are times a minor problem in a library is a major problem in certain use cases, and not an issue at all in others. And with some of those issues in mind, let’s take a look at the fourth version of the Common Vulnerability Scoring System.

• Security Week ☛ Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw

  Atlassian warns that ‘critical information’ released on the Confluence bug CVE-2023-22518 increases the risk of exploitation.

• Windows TCO

  • Data Breaches ☛ Summit Health has hundreds of locations. Were they victims of a cyberattack by LockBit3.0?

    Summit Health is a for-profit, multi-specialty medical practice headquartered in Berkeley Heights, New Jersey. It describes itself as a “physician-driven, patient-centric network committed to simplifying the complexities of health care and bringing a more connected kind of care.” They have more than 2,800 providers, 13,000 employees, and over 370 locations in New Jersey, New York, Connecticut, Pennsylvania, and Central Oregon.

• Hacker News ☛ StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices

  StripedFly achieves persistence by either modifying the Windows Registry or by creating task scheduler entries if the PowerShell interpreter is installed and administrative access is available.

Many more updates: (CISA mostly)

• 2023-11-03 [Older] Cisco Releases Security Advisories for Multiple Products

• 2023-11-02 [Older] Atlassian Releases Security Advisory for Confluence Data Center and Server

• 2023-10-30 [Older] Israel's Check Point Says Cyberattacks Rising, Sees Higher Profit

• 2023-11-02 [Older] CISA Adds One Known Exploited Vulnerability to Catalog

• 2023-11-02 [Older] CISA Releases Six Industrial Control Systems Advisories

• 2023-11-02 [Older] Red Lion Crimson

• 2023-11-02 [Older] Mitsubishi Electric MELSEC iQ-F Series CPU Module

• 2023-11-02 [Older] Mitsubishi Electric MELSEC Series

• 2023-11-02 [Older] Franklin Fueling System TS-550

• 2023-11-02 [Older] Weintek EasyBuilder Pro

• 2023-11-02 [Older] Schneider Electric SpaceLogic C-Bus Toolkit

• 2023-11-01 [Older] CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

• 2023-10-31 [Older] CISA Adds Two Known Exploited Vulnerabilities to Catalog

• 2023-10-31 [Older] CISA Releases Three Industrial Control Systems Advisories

• 2023-10-31 [Older] INEA ME RTU

• 2023-10-31 [Older] Zavio IP Camera

• 2023-10-30 [Older] VMware Releases Advisory for VMware Tools Vulnerabilities