Security and FUD Leftovers

posted by Roy Schestowitz on Mar 30, 2024

• Security Week ☛ Cybersecurity Mesh: Overcoming Data Security Overload

  A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach.

• Security Week ☛ Splunk Patches Vulnerabilities in Enterprise Product

  Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.

• Security Week ☛ Cisco Patches DoS Vulnerabilities in Networking Products

  Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS).

• Security Week ☛ Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding

  Zafran has emerged from stealth mode with a risk and mitigation platform and $30 million in funding from Sequoia Capital and Cyberstarts.

• Security Week ☛ Chinese Cyberspies Targeting ASEAN Entities

  Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN.

• Security Week ☛ US Offering $10 Million Reward for Information on Change Healthcare Hackers

  The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure.

• Federal News Network ☛ FedRAMP’s overhaul begins with 28-near term initiatives

  The Federal Risk Authorization and Management Program’s is planning several pilots to bring in automation, test out reciprocity and speed up reviews.

  The post FedRAMP’s overhaul begins with 28-near term initiatives first appeared on Federal News Network.

• Scoop News Group ☛ Plan to resuscitate beleaguered vulnerability database draws criticism

  The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency.

• Bleeping Computer ☛ CISA tags Abusive Monopolist Microsoft SharePoint RCE bug as actively exploited

  CISA warns that attackers are now exploiting a Abusive Monopolist Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.

• X.Org X Server Vulnerabilities Fixed in Ubuntu

  The X.Org X Server, a fundamental component of graphical user interfaces in Linux systems, recently encountered a series of vulnerabilities. These vulnerabilities, if exploited, could potentially allow attackers to crash the X Server, steal sensitive information, or even execute malicious code on the system. Fortunately, the Ubuntu security team swiftly addressed these issues by releasing security updates for Ubuntu 22.04 LTS (Long Term Support), Ubuntu 20.04 LTS, Ubuntu 23.10, and Ubuntu 23.04.

• Password-leaking Ubuntu bug sat silent for 11 years

  A newly-discovered Linux bug could allow for password leaks. Worse yet, it has sat undiscovered in the OS for the last 11 years

  [...]

  In a real world attack scenario, an attacker with local access could set up a trap in which valid credentials could easily be harvested via the /proc directory. This would, in turn set the attacker up for further lateral attacks along the local network.

• Bleeping Computer ☛ Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords [Ed: How Microsofters present US NIST ☛ this weakness]

  Tracked as CVE-2024-28085, the security issue has been dubbed WallEscape and has been present in every version of the package for the past 11 years up to 2.40 released yesterday.

• Covington & Burling LLP ☛ CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting

  On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemaking (“Proposed Rule”) related to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) was released on the Federal Register website. The Proposed Rule, which will be formally published in the Federal Register on April 4, 2024, proposes draft regulations to implement the incident reporting requirements for critical infrastructure entities from CIRCIA, which President Biden signed into law in March 2022. CIRCIA established two cyber incident reporting requirements for covered critical infrastructure entities: a 24-hour requirement to report ransomware payments and a 72-hour requirement to report covered cyber incidents to CISA. While the overarching requirements and structure of the reporting process were established under the law, CIRCIA also directed CISA to issue the Proposed Rule within 24 months of the law’s enactment to provide further detail on the scope and implementation of these requirements. Under CIRCIA, the final rule must be published by September 2025.

• CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 [Ed: XZ is Microsoft GitHub junk, use GNU instead]

• Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

  • Kapersky ☛ DinodasRAT Linux implant targeting entities worldwide [Ed: They focus on what it does, not how it gets there in the first place, then blame "Linux"]

    The backdoor is fully functional, granting the operator complete control over the infected machine, enabling data exfiltration and espionage.

  • Hacker News ☛ Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries [Ed: Same talking points, not saying who or what the culprit actually is; this helps distract from a major Microsoft blunder (Exchange) this week]

    Then last week, Trend Micro detailed a threat activity cluster it tracks as Earth Krahang and which has shifted to using DinodasRAT since 2023 in its attacks aimed at several government entities worldwide.