This Month in Cybersecurity - August Edition

Microsoft’s Patched Vulnerability Added to Active Exploitation List by CISA

A recently patched flaw in Microsoft’s .NET and Visual Studio has been added to the Known Exploited Vulnerabilities catalog by CISA after evidence of active exploitation was provided. The patch had been released in an earlier Patch Tuesday update, in which Microsoft deemed the flaw with an “Exploitation More Likely” tag.

The flaw, being tracked as CVE-2023-38180, has been deemed as a high severity and CISA and Microsoft are both suggesting to update any affected versions to the latest vendor-provided fix by the end of August 2023. The software versions in question are as followed:

  • ASP.NET Core 2.1

  • NET 6.0

  • NET 7.0

  • Microsoft Visual Studio 2022 v.17.2, v17.4, v.17.6

CISA has pointed out that the flaw can be leveraged and pulled off without any additional privileges or user interaction, as well.

US Looking Into Microsoft Exchange Hack

As reported last month, July 2023, a Chinese hacking group was able to breach several organizations worth of email accounts, spanning US and Western European government agencies. These hackers used forged authentication tokens that were stolen and were able to exploit a vulnerability within Outlook.

In response to this event, the US Department of Homeland Security’s Cyber Safety Review Board will be launching an investigation and in-depth review of cloud security practices. They plan on presenting their findings on the understanding of critical events and root causes along with possible remediation practices to better bolster identity management and authentication in cloud and cyber security spaces. The CSRB will work with the current US Administration and CISA to disseminate the knowledge.

Flaw in Power Management Software Puts Data Centers at Risk

Researchers have been discovering vulnerabilities within commonly used applications and devices used to control infrastructure at data centers. Released at a recent security conference, these researchers have shown at least nine different vulnerabilities across two different companies (CyberPower and Dataprobe) that if exploited, could take down not only users, but also power to the data centers themselves.

Data centers have become predominant as reliance upon cloud computing and data hosting increase. These flaws can prove to be incredibly impactful, while even just turning off power for server space can cost potential millions for organizations relying on that data.

 

Defensible Strategies

Learn from those who have been attacked

Amazon Web Services Distances Itself From 3rd Party Software

After considerable backlash over the addition of a new feature, Amazon has decided to withdraw its association with open source project, Moq. The software library has drawn a lot of criticism regarding its choice to implement a new feature, without notification, that has users worried about data collection.

The new feature in question includes another software, known as SponsorLink, which collects and sends user email addresses to its content delivery network. Users have often raised concern about the software’s ability to collect data that can then be sold, which would be a massive security concern for anyone using the software.

Alongside Amazon, others have noted that they will no longer be using Moq while it has SponsorLink included, some even going so far as to boycott the service, even though the developer behind Moq has since rolled back the new release and removed SponsorLink.

No Safety Risk for Wi-Fi Vulnerability According to Ford

Ford has noted that the vulnerability to Texas Instruments Wi-Fi driver, being tracked as CVE-2023-29468, does not have any safety risk to its vehicle occupants. The vulnerability in question has currently been tied to a Wi-Fi driver that is being used in the Ford SYNC 3 infotainment system.

The car manufacturer has assured that to even take advantage of the exploit, a threat agent would have to have significant expertise and also be physically near to the vehicle while its ignition and Wi-Fi setting is on. Ford has stated that a software patch will be pushed soon, but to those who are still concerned over the exploit to the SYNC 3 found in a few of its vehicles, to simply disable the Wi-Fi settings until the patch has been released.