Security News & Updates
Keep up-to-date on the latest cybersecurity news
VULNERABILITY UPDATE: Apple Announces Two Zero-Day Vulnerabilities for macOS and iOS
On Thursday, March 31st, Apple has released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPad OS. This marks the fourth and fifth zero-days of 2022 for the OSs listed above. The vulnerabilities are as follows:CVE-2022-22675: A vulnerability in AppleAVD, Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges. CVE-2022-22674: An out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory, only affecting macOS. This vulnerability may have also been exploited in the wild.So, why are kernel-related vulnerabilities dangerous? Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system.Apple has release
VULNERABILITY UPDATE: Vulnerabilities Confirmed in Spring Core and Spring Cloud
For those of you that have been following along with the Spring4Shell saga at home, yesterday, CVE-2022-22965 was assigned and published for the critical remote code execution vulnerability in Spring Framework dubbed “Spring4Shell.”A patch was also released by Spring - so upgrade to Spring Framework 5.3.18 or 5.2.20 as soon as possible to remediate CVE-2022-22965. Additional details on the patch and workarounds for those unable to patch immediately can be found on the Spring Blog post.Read all of the past updates about Spring4Shell on the Automox blog: https://www.automox.com/blog/spring-cloud-core-vulnerabilities
Weekly Security Wrap-Up (March 29th, 2022)News
Hey, y’all - happy Tuesday! While we were all busy being distracted by ridiculous people on awards shows, there was a lot going on around us. Let’s check out a few stories from world of security news.. CISA warns of attacks targeting Internet-connected UPS devices -- Oh man, that’s an infuriating one. Stay out of my power supply, jerks! I guess some organizations use this for management of the device over the internet, but...it’s just a power supply. If that’s not necessary, go disconnect that thing’s network cable. From the article: “Recommended mitigation measures include finding all UPSs and other emergency power systems on orgs' networks and ensuring they're not reachable over the Internet.” Shutterfly discloses data breach after Conti ransomware attack -- Image provider Shutterfly disclosed this week a ransomware that led to a data breach back in December. That’s bad for folks who work there or use the service, so be sure to update your creds and keep an eye on your credit report/
Weekly Security Wrap-Up (March 22nd, 2022)News
Happy Tuesday, y’all - and now it’s over because we’re talking about Russia today! Mainly, because I think it’s important to get some eyebrows raised before it’s too late. (<--fun fact: that’s the scariest book I’ve ever read!) Hackers/APTs associated with Russian IPs/groups have already been scanning the networks of US-based companies in the energy, finance, and defense sectors, prompting President Biden to issue his recent warning to American businesses. PLEASE TAKE THIS SERIOUSLY. For a great perspective on all this (and a quick read), check out this blog from our Director of InfoSec/Research.Let’s get diligent, y’all!
Weekly Security Wrap-Up (March 15th, 2022)News
Happy Ides of March, y’all! I guess that’s a bit of an oxymoron, but it’s fine. While we were all eating sandwiches and pretending to work but looking at houses online, a lot of serious security stories broke. As you can suspect, a lot of them have to do with the Russia/Ukraine stuff. Thousands of Secret Keys Found in Leaked Samsung Source CodeOOF. From the article: “The firm’s researchers have yet to determine how many of the exposed keys are valid. However, their analysis showed that 90% are likely associated with internal systems and “can be more challenging for an attacker to use.” On the other hand, the remaining keys — roughly 600 of them — can grant attackers access to a wide range of systems and services.” About 10% of those keys are for external services too, like GitHub and AWS. YikesGerman government advises against using Kaspersky antivirusWell, this is pretty similar to some former warnings about Kaspersky and it’s no surprise. Founder/CEO Eugene Kaspersky raised some ire
Weekly Security Wrap-Up (March 8th, 2022)News
Hi, everybody - and Happy International Women’s Day! As someone who was #RaisedByLadies, this one’s near and dear to my heart. I think Adam “MCA” Yauch said it best, way back when I was in high school: “I want to say a little something that's long overdueThe disrespect to women has got to be throughTo all the mothers and the sisters and the wives and friendsI want to offer my love and respect to the end” - “Sure Shot”, 1994 On to some security news!Zero-Click Flaws in Widely Used UPS Devices Threaten Critical InfrastructureFrom the article: “Three critical security vulnerabilities in widely used smart uninterruptible power supply (UPS) devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found.” The words “critical infrastructure” are sadly gonna be the summer hit of 2022, I’ve got $5 on it.Google: Chinese hackers target Gmail users affiliated with US govt
VULNERABILITY UPDATE: Zero-Day RCE Vulnerabilities Released for Mozilla FirefoxVulnerability Update
It’s a two-fer on a Monday! Quick update for a couple of zero-day remote code execution CVEs discovered in Mozilla Firefox. On the AX Blog, our Technical Marketing Engineer, @JessicaS-Automox has put together a breakdown and remediation steps to take.From the blog: “Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Both are actively exploited in the wild as zero-days. Both are use-after-free issues in the browser’s XSLT processing and WebGPU IPC frameworks, respectively...Given this is an actively exploited zero-day, it’s recommended that IT admins prioritize patching this vulnerability within 24 hours to reduce exposure to malicious actors. For Firefox, Firefox ESR, and Thunderbird, you can fix vulnerabilities fast with Automox by using a patch-all policy for Windows and Mac (which will patch every third-party software we support on these OSes). Patch all policies ensure you fix vulnerabilities fast in th
VULNERABILITY UPDATE: CVSS 7.8 “Dirty Pipe” Vulnerability Disclosed in Linux KernelNews
Well, what would a Monday morning be without some vulnerabilities to talk about? Over on the Automox Blog, @Peter-Automox has a breakdown of “Dirty Pipe” - a newly-disclosed kernel-level vulnerability in the Linux OS.From the AX blog: “Dirty Pipe is a vulnerability in the Linux Kernel disclosed Monday morning. Dirty Pipe, or CVE-2022-0847, allows overwriting data in arbitrary read-only files. This can lead to privilege escalation and code injection into root processes. The vulnerability exists in all Linux kernel versions from 5.8 forward and has been patched in Linux 5.16.11, 5.15.25, and 5.10.102….Given the prevalence of Linux in highly sensitive infrastructure, this is a very important vulnerability to mitigate. It is highly recommended that IT and SecOps admins prioritize patching and remediation of this vulnerability in the next 24 hours to reduce organizational risk from this vulnerability.”Remediation steps: If you don’t have an existing Linux patch policy, we recommend a Patch
Weekly Security Wrap-Up (March 1st, 2022)News
Wait, it’s already March!?Happy Tuesday, y’all. As I type this, there is a lot going on that we could talk about, obviously. But let’s keep it “light” and just talk about a few stories that were in the news this week. Yes, we’ll have to mention Russia. But the good news is, I’ve been given approval by the Automox Party Department® to allow you all to start a drinking game based around those mentions. If it’s past noon and you see me mention “Russia”, do what you will. :)NVIDIA confirms data was stolen in recent cyberattackGraphics card giant NVIDIA has confirmed “a cybersecurity incident which impacted IT resources.”, from back in November. The threat actor compromised the NVIDIA network and stole employee credentials/proprietary information. The company noted that the incident isn’t expected to disrupt its business.Microsoft Accounts Targeted by Russian-Themed Credential HarvestingHey, everyone take a drink! Anyways, phishing emails to MS users warning of Russian-led account hacking h
AX Weekly Security Wrap-Up (February 22nd, 2022)News
It’s Twosday!Hooooooo-wee! Now that the internet is back, I guess we’ll just talk about this AWS/Slack/etc. outage today, huh? Is it a coincidence that it’s happening on Tuesday, 2/22/22?? The conspiracy theorist in me sure doesn’t think so, but the numerologist in me is finishing up a sandwich and can’t currently be bothered. Either way, pretty rough morning for some folks out there.Our own AX Systems team shared a handy graphic with us earlier, showing various sites/services that were likely impacted. Check it out: Woof.It sounds like more CDN issues, but that’s not much comfort because you know what everybody loves? Content. So if you’re currently waiting for the cloud to come back before you can shop at Walmart or ride your stationary bike, I’d just like to ask you to pause and take a look at the future you’re living in right now. Regardless of what you see on the news, it can be pretty amazing. Now go get on your real bike and start pedaling for Walmart. We’ll get back to our regu
VULNERABILITY UPDATE: Adobe Patches 2nd Magento Zero Day This Week
It wouldn’t be the Friday before a three-day weekend without a new vulnerability. Or, a new vulnerability from a familiar face. Last week, @Peter-Automox wrote about Adobe’s out-of-band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. That vulnerability, CVE-2022-24086, is an improper input validation flaw that allows arbitrary code execution and nets a 9.8/10 CVSS score. For this vulnerability, Adobe has released an out-of-band update on Monday, February 14th to remediate the vulnerability.But the fun doesn’t stop there! Adobe has revised the initial security bulletin to include another emergency patch for another zero-day discovered in Magento and Commerce. This new vulnerability, CVE-2022-24087, is also an improper input validation issue similar to their previous vulnerability.This new vulnerability is equally as severe, with a 9.8/10 CVSSv3.1 score, but Adobe is not aware of any exploitation in the wild of this vulnerability. We recommend priorit
Weekly Security Wrap-Up (February 15th, 2022)News
Happy Tuesday, folks! This week we’ll bite the bullet and finally have to discuss Russia vs. Ukraine, as some new things have like, come to light, man. But first...I refuse to be denied the opportunity to type “squirrelwaffle” on the internet, so let’s start there: Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraudFinancial fraud is [almost] never a laughing matter, and leaving servers unpatched for years is even worse, and this story has both. “Squirrelwaffle” is basically just a malicious document (“MalDoc”) that gets downloaded and runs a script that just downloads payloads in a loop. From the article, “The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking.” IF ONLY THERE WERE SOME WAY TO AUTOMATE PATCHING. Ukrainian military agencies, banks hit by DDoS attacks, defacementsWelp...here it comes. From the article: “Starting from the afternoon
VULNERABILITY UPDATE: Google Issues Emergency Chrome Patch for Actively Exploited Zero-DayNews
It must be a day that ends in “y”, because...Guess who? Anyways, last night Google issued an emergency patch for a zero-day Chrome exploit that’s already been actively exploited in the wild. From the AX blog: “On Monday evening, Google released an emergency Chrome update to patch an actively-exploited zero-day, along with ten other security fixes in Chrome 98.0.4758.102.The zero-day, CVE-2022-0609, is a high severity use-after-free vulnerability in Animation, which is pretty much all that is known right now. We can expect more details to come as the patch rolls out to all Chrome users in the next few weeks...If you use Automox, Chrome patching is natively supported for Windows, macOS, and Linux systems.”A ‘Patch All’ policy will help ensure that your endpoints are covered, but you could also create a policy exclusively for Chrome by following the steps listed in Peter’s article: https://www.automox.com/blog/google-issues-emergency-chrome-patch-for-actively-exploited-zero-day
VULNERABILITY UPDATE: Adobe Magento Vulnerability Scores a 9.8 out of 10Blog
Oh good, a 9.8-score vulnerability on a Sunday! Our own top-researcher, @Peter-Automox, has full details on the AX blog: “On Sunday, Adobe released out of band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. CVE-2022-24086 is an improper input validation flaw that allows an attacker to execute arbitrary code without credentials or administrative privileges.We recommend prioritizing patching as soon as possible (today, ideally), since exploits are being seen in the wild and Magento has previously been a target for attackers. The patch from Adobe is available here for download.If you’re running Adobe Magento or Commerce 2.4.3p1 and earlier, or 2.3.7-p2 and earlier, you are vulnerable to attack. Versions 2.3.3 and lower are not affected, though eCommerce security firm Sansec recommends manually implementing the patch anyways.”As always, head over to the blog to read Peter’s full post...but patch Magento first!
VULNERABILITY UPDATE: Apple Patches Its Third Zero-Day In 2022News
Eww.Hi, folks. What would Friday be without a fun new zero-day? From the AX blog: On Thursday, Apple patched another zero-day, its third this year after patching CVE-2022-22587 (an arbitrary code execution with kernel privileges vulnerability) and CVE-2022-22594 (a vulnerability allowing users browsing activities to be tracked and identified in real-time) in January. The vulnerability impacts all iPhone models from 6s forward, iPad Pro, iPad Air 2 and later, 5th generation iPads and later, iPad mini 4 and later, and iPod touch in addition to the macOS Monterey operating system. Organizations with macOS Monterey devices, iPhones, or iPads should patch immediately, since the vulnerability could already be exploited in the wild. To read the article in full and get links to Apple’s updates, just head over to the AX Blog!
VULNERABILITY UPDATE: CISA Has Issued Alert for Critical SAP VulnerabilitiesNews
Hey look!!This week, SAP released security updates to address three critical vulnerabilities dubbed Internet Communication Manager Advanced Desync (ICMAD), and found by security research firm Onapsis: CVE-2022-22536, CVE-2022-22532, and CVE-2022-22533, sporting CVSS scores of 10 (the highest possible), 8.1, and 7.5, respectively. Over on the blog, leading AX researcher @Peter-Automox has written a piece with some great details and remediation tips, which you can read in full right here. If you have any questions, let us know in the comments.
Weekly Security Wrap-Up (February 8th, 2022)News
Happy Patch Tuesday, y’all! Don’t forget to head over to the AX Patch Tuesday Rapid Response Center for everything you need to stay up to date. This month is pretty light, but as soon as I typed that, there were onehunnerdbillion* infections due to unpatched systems.*Possible exaggeration IRS to End Use of Facial Recognition to Identify TaxpayersIt’s about d*ng time, y’all! I’m tired of constantly getting asked to pay Kevin Smith’s taxes. All joking aside, an IRS commissioner is quoting in the article as saying, “Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.” [CLAPPING.GIF] ExpressVPN offering $100,000 to first person who hacks its serversWhoa. Welp, as secure as TrustedServer is, this is a pretty big flag to plant in the ground. From the article, “The bug bounty program is run through BugCrowd, which offers a safe harbor for researchers who attempt to breach Expres
Weekly Security Wrap-Up (February 1st, 2022)News
Domo arigato, I’m using Roboto!Hi, y’all! Another Tuesday is upon us, and I can’t help but feel adrift in a sea of scary cyber security stories and sibilant “s”s. What? There’s a lot of stories to cover this week, but we’re not going to talk about Ukraine vs. Russia, so that should free up a ton of space. Here’s a couple of good ones:FBI urges temporary phones for Olympic athletesWell...yeah. Look, there’s really no way to talk about China and cybersecurity and/or the Olympics without it turning political. In lieu of that, let’s focus on the tech: everyone attending the Olympics in China will be required to download the Olympics app for COVID tracking, apparently among other things. You can imagine the security risks of running that app on your device, but don’t worry, because “China dismissed the concerns.” 277,000 routers exposed to Eternal Silence attacks via UPnP Dang, y’all! If you’re not familiar with Universal Plug and Play, you’re better off: “UPnP is a connectivity protocol op
VULNERABILITY UPDATE: Samba ‘Fruit’ Vulnerability Allows RCENews
Hey, folks - Chad here with a quick yet important vulnerability update. A new CVSS 9.9 critical vulnerability in the Samba platform allows remote code execution with root privileges. Over on the AX blog, our own @JayG-Automox writes: “ This vulnerability is similar to SambaCry in 2017 which also targeted Samba. This vulnerability is likely more critical as it does not require valid credentials to a writable share making it easier to use as a springboard within the network….The criticality of this vulnerability combined with the wide potential impact makes this a must-remediate for organizations.” So before you go read the blog, get to patching! However, “If patching immediately isn’t an option, Samba recommends a temporary workaround to remediate: Remove the fruit VFS module from the list of configured VFS objects in any "vfs objects" line in the Samba configuration smb.conf file.”You can read Jay’s piece in full here: https://blog.automox.com/samba-fruit-critical-vulnerability
QUESTION: How do you find out about the most relevant security news?
Politely, though!Hi, y’all - Chad here. We thought we’d take a minute today to throw out a question. Every week, we post our Security News Wrap-Up from sources we know and trust, but there’s a lot going on in the CyberWorld and we no doubt could miss stories here and there. While we rely on a few tried and true various publications, the more sources we can well, source, the better! Let us know - unless the “source” you trust is just your friend Shawn down in Florida who “works on computers” - let’s keep this sophisticated. So we’d like to ask: where do you get your security news?
VULNERABILITY UPDATE: Linux PwnKitNews
Hi, y’all - quick update for all you #Linux admins. The Linux PwnKit vulnerability is a nasty one, giving an attacker full root access on most major Linux distros. Over on the Automox Blog, our very own @Peter-Automox has written a piece that includes a worklet for quick remediation.Note: the evaluation script simply passes to remediation, which will disable pkexec's ability to operate as intended. Again, please thoroughly test before applying to systems in production. Check out Peter’s blog for the complete worklet: Linux PwnKit Vulnerability Gives Full Root Access on Most Major Distributions
Security Wrap-Up (January 25th, 2022)News
Happy Tuesday, y’all! While we’ve all been busy this week debating the merit of single-possession overtime in organized ball sports (the correct answer is: “it’s stupid; fix it”), quite a few interesting things have been going on in the security world. I guess that’s becoming standard, but there were reports of some pretty newsworthy stories that I didn’t see on either the 7am, 10am, Noon, 4pm, 5pm, 6pm, or 10pm news - and as a middle-aged white dude, I watch them all!So here are a few stories that seemed worthy of mention this week, at least by me:Google Drive now warns you of suspicious phishing, malware docsToday in “Lol, it’s about time”-news...Google has announced that Drive will finally start showing warnings about malicious files that are shared with your account. From the article: "Google will automatically evaluate any files that are shared with you from outside of your organization for phishing or malware. If detected, Google will block your access to the file in order to pro
Security Wrap-Up (January 18th, 2022)News
Happy Tuesday, folks! It’s Tuesday, right? We had a long weekend in recognition of MLK Day here in the states, so I’m a little out of sorts. There are plenty of security stories to talk about this week, from the more-than-mildly-annoying to the downright scary. But we’re focusing on one story this week, because of its ability to be both annoying and terrifying. Yeehaw, Tuesdays! How Brainjacking Became a New Cybersecurity Risk in Health Care How about no, Science!? I know you’re currently screaming internally “What the h*ck is brainjacking anyway!?”, so from the article: “Brainjacking is a kind of cyberattack in which a hacker obtains unauthorized access to neural implants in a human body.” That’s pretty bonkers. And cool. And terrifying. But, research has shown the possibility/feasibility of it, in scientific ways! A recent article titled Brainjacking: Implant Security Issues in Invasive Neuromodulation has such scary initiatives as “...illustrate the potential severity of this risk,
Log4Shell / Log4J Detection Scripts
Hi Everyone,Some of my Arctic Wolf customers and colleagues asked me to post here and share our Log4Shell vulnerability detections scripts with the Automox community:GitHub: https://github.com/rtkwlf/wolf-tools/tree/main/log4shell Windows PowerShell: https://github.com/rtkwlf/wolf-tools/blob/main/log4shell/log4shell_deep_scan.ps1 Linux/macOS sh: https://github.com/rtkwlf/wolf-tools/blob/main/log4shell/log4shell_deep_scan.shThe Arctic Wolf Log4Shell Deep Scan is designed to detect Java application packages subject to CVE-2021-44228 and CVE-2021-45046. The scripts search the system for Java applications that contain the Log4J class JndiLookup.class which is the source of the Log4Shell vulnerabilities. If this class is found within an application, the script looks for updates to Log4J that indicate the application has been updated to use Log4J 2.16+ or Log4J 2.12.2+. If the application contains JndiLookup.class but does not appear to have been updated, the application is vulnerable. If yo
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.