Hello folks,
We’re a bit behind, but trying now to see about catching up. There’s a lot of news here, and we’re not too late on some of these.
TTop of the news for February 24, 2023
Here’s what the top of the news had for this issue of Sans News Bites.
- Researchers Find New Class of Privilege Elevation Bug in iOS and macOS
- Chrome Update Includes Fix for Critical Flaw
- US Defense Dept. Inspector General Finds Officials Did Not Identify Cloud Services Risks
The biggest thing I’d take out of this section of news is the IOS fixes. If you’re not on 16.x, now might be a good time if it is possible to do so. The comments in this section are awesome, disclose, give the operator time to fix the bug, then patch. After the patch is released, then disclose it. It worked flawlessly this time.
The thing I’d be worried about are the cloud risks issue that is discussed in item 3 of the top news segment. The fact we’re moving to a cloud infrastructure now, there’s no turning back. Even EMHS has articles on scams and phishing issues where domains are popping up faster than we can defend.
As servers move to implement stronger rule sets to block the huge amounts of spam and phishing attacks like we recently did, we’ll find missing email and need to whitelist the IP address of mail servers we know are trustworthy email like Sans, Bandcamp, Knowbe4 and others. Looking at logs now are crucial to make sure you get the email you need. If we’re doing that, than we should also ask about making sure we’re hardened from zero-days and other attacks which were discussed with me on a call.
The Rest of the news for February 23, 2023
Here is the rest of the news items for this newsletter.
- Microsoft: Remove Some Antivirus Exclusions from Exchange Server
- Synopsys 2023 Open Source Security and Risk Analysis Report
- US Military eMails Exposed via Unsecured Azure Server
- • Fortinet Vulnerability is Being Actively Exploited; Apply Updates Now
- US Department of Justice Arrests, Extradites Alleged Malware Developer
- CISA Adds Three Vulnerabilities to Known Exploited Vulnerabilities Catalog
- NSA Advice for Securing Home Networks
What the hell is going on with unsecured servers now-a-day? This isn’t the first time I’ve read about this type of thing, and its probably not going to be the last.
Maybe I need to find out if my server is secure from this type of attack where someone can run in and read and exfiltrate all of the email? While I have nothing sensitive to hide, I’m not the only one on this server, so other customers could be impacted by this.
I also want to comment on the very last item that is on this list. I’m going to be asking a question and its probably going to be a good one.
Why are you telling us how to secure our home internet when you were responsible for worms like Stuxnet and other vulnerabilities found in the wild in recent years?
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon and Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
While Sandworm does not talk specificly about each vulnerability in detail, it does mention tons of things that were out.
I just don’t understand why the NSA thinks its OK to give advice when they’re involved in some ways of keeping zero-days and vulnerabilities secret to use on targets they wish themselves. Just, mind boggling.
Your thoughts on that last story will be of interest to me.
Want to read the newsletter for February 24, 2023? This is the link to allow you to read the newsletter and thanks so much for reading!
We appreciate it.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.