In this week's Security Advisory:
Cybersafe Updated Microsoft 365 Hardening Guide Recommendation
Cybersafe is aware of an ongoing spear-phishing campaign using RDP files as email attachments. In this attack, the threat actor attaches a malicious RDP file to a phishing email that when executed, connects the victim to the threat actor's server, giving the threat actor access to sensitive data on the victim's computer like files, network resources, printers, credentials, etc. As this is a highly uncommon email attachment, Cybersafe recommends blocking such emails via your organizations SPAM gateway.
Cybersafe has updated its Microsoft 365 guide in response to this campaign, please contact your solutions advisor for updated instructions as required.
More Reading/InformationCisco recently patched a critical vulnerability, CVE-2024-20412, that allowed an unauthenticated attacker with local access to a system using its Firepower Threat Defense software the ability to gain access to the command line. Cisco also released patches for two other critical vulnerabilities, CVE-2024-20329 and CVE-2024-20424, that can be exploited by an authenticated remote attacker and affect their ASA and FMC software.
Affected Versions
More Reading/Information
Siemens addressed multiple vulnerabilities affecting its InterMesh 7177 Hybrid 2.0 and 7707 Fire Subscriber products. The most critical vulnerability is CVE-2024-47901 (CVSS 10/10). This could allow an unauthenticated remote attacker to combine this vulnerability with the other addressed vulnerabilities to execute arbitrary code with root privileges.
Affected Versions
More Reading/Information
Synology, QNAP, and TrueNAS have started to release patches for multiple critical, severity vulnerabilities that were discovered over the weekend. Advisories on affected versions and remediation steps have been posted to their websites. Synology addressed two critical vulnerabilities, QNAP addressed one critical, and TrueNAS is working on their patches currently.
Affected Versions
More Reading/Information
Apple released updates to address over 70 vulnerabilities present in several of its products. The updates addressed vulnerabilities concerning issues like information leaks, denial of service, sandbox escape, and more. Apple did not mention any of these vulnerabilities being exploited in the wild yet.
Affected Versions
More Reading/Information
Google Chrome announced the release of Chrome 130 which has addressed two vulnerabilities. Successful exploitation can lead to arbitrary code execution. Mozilla has released updates to Firefox and Thunderbird to address eleven vulnerabilities, including two high severities that lead to a permission leak or exploitable crash.
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.