Fortinet warns of critical command injection bug in FortiSIEM
This is a vulnerability that could allow unauthenticated executions through API requests. It is being tracked as CVE-2023-36553, with a CVSS score of 9.3. Fortinet researchers confirm that this vulnerability is a variant of CVE-2023-34992 that was fixed in early October. “Affected versions include FortiSIEM releases from 4.7 through 5.4. Fortinet urges system administrators to upgrade to versions 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1, or 7.1.0 and later.”
Another data breach for Samsung
Discovered this past Monday, this breach affects customers who shopped at the company’s British online store between July 1, 2019 and June 30, 2020. According to Security Affairs, threat actors exploited a vulnerability in an unnamed third-party application. Samsung is informing affected customers that the stolen data may include names, phone numbers, postal and email addresses, but not financial information. The company also reiterates that US customers were not affected.
Rhysida warning from FBI and CISA
The two agencies issued a joint Cybersecurity Advisory to warn specifically about the group Rhysida and its ransomware attacks against organizations in multiple industry sectors. The advisory states in part, “threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors. Open source reporting details similarities between Vice Society activity and the actors observed deploying Rhysida ransomware.” The group is known for using living off-the-land techniques such as using native network administration tools to carry out its attacks.
Coker nomination as cyber director advances to Senate
The Senate Homeland Security and Governmental Affairs Committee has advanced the nomination of Harry Coker as White House national cyber director. The nomination now goes to the Senate floor. According to The Record, “Coker is a career naval officer who served as executive director of the National Security Agency until 2019 and has since worked for a series of technology startups. He is slated to take over for Kemba Walden, who stepped into the role after the first cyber director, Chris Inglis, resigned earlier this year.”
Huge thanks to this week’s episode sponsor, Sysdig
Big names discuss big topics as Aspen Cyber Summit 2023
The seventh annual summit, presented by Aspen Digital took place this past Wednesday at the 92nd Street Y in New York City. It featured a Who’s Who of cybersecurity bigwigs from corporate and government, including Jen Easterly and Chris Krebs. Among the topics discussed, CISA and FBI officials painted a grim picture of the ongoing evolution of ransomware, the Department of Homeland Security is using AI to help detect the manufacture of dangerous materials and human trafficking operations, the SEC defended its cybersecurity disclosure rule, brought about in part due to concerns about the underreporting of cybersecurity incidents by public companies, AI is proving to be of significant concern for the 2024 elections, CISA Director Eric Goldstein pointed to the Viasat attack on Ukraine last February as an example of how important redundancy and resiliency is for defenders, and NIST Director Laurie Locascio stated that quantum-safe cryptography is ‘not going to be cheap’.
Programmers leaving authentication creds in publicly accessible software code
Security researcher Tom Forbes and the GitGuardian team found almost 4,000 secrets hidden inside 450,000 projects submitted to the Python repository PyPi. Many of these secrets have already been leaked. Although 4,000 is just one percent of the projects, the report points out these secrets become included in multiple releases. The secrets included Azure Active Directory API Keys, GitHub OAuth App Keys, database credentials for providers such as MongoDB, MySQL, and PostgreSQL, Dropbox Keys and more. A link to the GitGuardian report is available in the show notes to this episode.
Alibaba scraps cloud business spin-off, blaming US chip export ban
Following up on a story we have been following all year, the troubled cloud spin-off for Alibaba has now been scrapped. The company says this is due to “uncertainties created by U.S. export curbs on chips used in artificial intelligence applications.” In place of the spin-off, the cloud unit will focus on growing the cloud business and will continue to maintain its independent operation within Alibaba.
(Reuters)
Zimbra zero-day exploited against government emails
The Threat Analysis Group at Google has revealed that a Zimbra Collaboration Suite zero-day, tracked as CVE-2023-37580 and noticed first in July and fixed on July 25, did see exploitations in the wild. The attacks were aimed at government organizations in Greece, Moldova, Tunisia and Pakistan, and focused on emails, attachments, and webmail credentials.