In this week's Security Advisory:
- Cybersafe Updated Microsoft 365 Hardening Guide Recommendation
- Critical Flaw in Cisco FTD Allows Access with Static Credentials
- Siemens Patches Critical Remote Code Execution Vulnerability
- Multiple Vulnerabilities Discovered for Synology, QNAP, and TrueNAS
- Apple Releases New Updates to iOS and macOS
- Security Updates Released for Google Chrome, Mozilla Firefox, and Mozilla Thunderbird
Cybersafe Updated Microsoft 365 Hardening Guide Recommendation
Cybersafe is aware of an ongoing spear-phishing campaign using RDP files as email attachments. In this attack, the threat actor attaches a malicious RDP file to a phishing email that when executed, connects the victim to the threat actor's server, giving the threat actor access to sensitive data on the victim's computer like files, network resources, printers, credentials, etc. As this is a highly uncommon email attachment, Cybersafe recommends blocking such emails via your organizations SPAM gateway.
Cybersafe has updated its Microsoft 365 guide in response to this campaign, please contact your solutions advisor for updated instructions as required.
More Reading/Information- https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
- https://www.helpnetsecurity.com/2024/10/30/midnight-blizzard-spearphishing-rdp-file/
Critical Flaw in Cisco FTD Allows Access With Static Credentials
Cisco recently patched a critical vulnerability, CVE-2024-20412, that allowed an unauthenticated attacker with local access to a system using its Firepower Threat Defense software the ability to gain access to the command line. Cisco also released patches for two other critical vulnerabilities, CVE-2024-20329 and CVE-2024-20424, that can be exploited by an authenticated remote attacker and affect their ASA and FMC software.
Affected Versions
- Firepower 1000 Series
- Firepower 2100 Series
- Firepower 3100 Series
- Firepower 4200 Series
More Reading/Information
- https://www.securityweek.com/cisco-patches-vulnerability-exploited-in-large-scale-brute-force-campaign/
- https://sec.cloudapps.cisco.com/security/center/publicationListing.x
- https://www.thestack.technology/cisco-hard-coding-passwords-products/
Siemens Patches Critical Remote Code Execution Vulnerability
Siemens addressed multiple vulnerabilities affecting its InterMesh 7177 Hybrid 2.0 and 7707 Fire Subscriber products. The most critical vulnerability is CVE-2024-47901 (CVSS 10/10). This could allow an unauthenticated remote attacker to combine this vulnerability with the other addressed vulnerabilities to execute arbitrary code with root privileges.
Affected Versions
- InterMesh 7177 Hybrid 2.0 Subscriber versions <8.2.12.
- InterMesh 7707 Fire Subscriber versions <7.2.12 only if the IP interface is enabled (which is not the default configuration).
More Reading/Information
- https://cert-portal.siemens.com/productcert/html/ssa-333468.html
- https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-siemens-intermesh-subscriber-devices-could-allow-for-remote-code-execution_2024-122
Multiple Vulnerabilities Discovered for Synology, QNAP, and TrueNAS
Synology, QNAP, and TrueNAS have started to release patches for multiple critical, severity vulnerabilities that were discovered over the weekend. Advisories on affected versions and remediation steps have been posted to their websites. Synology addressed two critical vulnerabilities, QNAP addressed one critical, and TrueNAS is working on their patches currently.
Affected Versions
- A full list of affected versions can be found on the links below.
More Reading/Information
- https://www.securityweek.com/synology-qnap-truenas-address-vulnerabilities-exploited-at-pwn2own-ireland/
- https://www.synology.com/en-global/security/advisory
- https://www.qnap.com/en-us/security-advisory/qsa-24-41
- https://security.truenas.com/
Apple Releases New Updates to iOS and macOS
Apple released updates to address over 70 vulnerabilities present in several of its products. The updates addressed vulnerabilities concerning issues like information leaks, denial of service, sandbox escape, and more. Apple did not mention any of these vulnerabilities being exploited in the wild yet.
Affected Versions
- Versions prior to iOS 18.1 and iPadOS 18.1
- Versions prior to Safari 18.1
- Versions prior to iOS 17.7.1 and iPadOS 17.7.1
- Versions prior to macOS Sequoia 15.1
- Versions prior to macOS Sonoma 14.7.1
- Versions prior to macOS Ventura 13.7.1
- Versions prior to watchOS 11.1
- Versions prior to tvOS 18.1
- Versions prior to visionOS 2.1
More Reading/Information
- https://www.securityweek.com/apple-patches-over-70-vulnerabilities-across-ios-macos-other-products/
- https://support.apple.com/en-us/100100
Security Updates Released for Google Chrome, Mozilla Firefox, and Mozilla Thunderbird
Google Chrome announced the release of Chrome 130 which has addressed two vulnerabilities. Successful exploitation can lead to arbitrary code execution. Mozilla has released updates to Firefox and Thunderbird to address eleven vulnerabilities, including two high severities that lead to a permission leak or exploitable crash.
More Reading/Information
- https://www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/
- https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-59/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
