Amazon server outage broke fast food apps among other things
At around 3 PM ET on Tuesday, an Amazon Web Services (AWS) cloud server outage affected a number of services including mobile apps for Burger King, McDonald’s, Taco Bell and Delta Air Lines. Among a plethora of other services potentially affected, The Hacker News reported being unable to access consoles while The Verge experienced issues with its website. AWS reported at 6:42 PM ET that the issues affecting its US-EAST-1 Region had been resolved and stemmed from a capacity management subsystem issue.
Update: Fortinet warns of possible zero-day exploited in limited attacks
Over the weekend, news broke of a critical vulnerability in FortiOS (CVE-2023-27997) that could allow an unauthenticated attacker to remotely execute arbitrary code. Fortinet is now warning customers that the flaw has been exploited in limited attacks. Therefore, customers are being advised to immediately upgrade to the most recent firmware release. That release fixes five additional flaws in its SSL-VPN module including one used by a Chinese threat actor for in-the-wild exploitation of government and other organizations (CVE-2022-42475).
US intelligence confirms it buys Americans’ personal data
A newly declassified government report from the Office of the Director of National Intelligence (ODNI) confirms for the first time that US intelligence and spy agencies purchase vast amounts of commercially available information on Americans. The info includes data from connected vehicles, web browsing history, and smartphones. While government agencies normally need to secure court-approved warrants to obtain such data directly from tech companies, they can freely purchase the same data through brokers. Sen. Ron Wyden (D-OR) said, “the government’s existing policies have failed to provide essential safeguards for Americans’ privacy, or oversight of how agencies buy and use personal data.” Wyden has called for congress to pass legislation that would put guardrails on the government’s purchasing of personal info.
CISA orders agencies to remove tools from public-facing internet
On Tuesday, CISA issued an order (Binding Operational Directive (BOD) 23-02) to all federal civilian agencies to remove or bolster controls for internet-exposed network management interfaces within two weeks of discovery. CISA said several recent hacking campaigns have underscored the “grave risk to the federal enterprise posed by improperly configured network devices.” CISA said it plans to scan for devices and interfaces exposed to the internet and notify all agencies of its findings.
And now a word from our sponsor, Conveyor
Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires.
With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s also a browser extension for complex portals and other scary questionnaires. Best part is, it actually works.
Try a free proof of concept with your own data to see it in action. You won’t be disappointed. Learn more at www.conveyor.com
Chinese hackers abuse ESXi zero-day to pilfer files from guest VMs
Researchers from Mandiant discovered the Chinese cyber-espionage group, UNC3886, quietly exploiting a zero-day authentication bypass flaw in VMware Tools to execute privileged commands on guest virtual machines (VMs) over the past several months. The bug allows attackers to use compromised ESXi hosts to transfer files to and from Windows, Linux, and vCenter guest virtual machines without the need for guest credentials, and without any default logging of the activity. VMware released a patch addressing the flaw (CVE-2023-208670) on Tuesday.
MSSQL makes up 93% of all database honeypot activity
In a blog post on Tuesday, Trustwave’s SpiderLabs said its study of database server honeypots based in six different countries, revealed that Microsoft SQL (MSSQL) made up 93% of all attack activity. SpiderLabs also set up sensors on default TCP ports for MySQL, MongoDB, PostgreSQL, Oracle DB, IBM DB2 (Unix/Win), Cassandra, and Couchbase. The UK and China registered the most MSSQL attacks (21.84% and 21.49% respectively) followed by Ukraine (19.52%), Russia (17.54%), Poland (11.54%), and the United States (8.08%). The researchers recommend that organizations implement strong and secure authentication, including enabling multi-factor authentication, and disabling default accounts. Additionally, security teams should closely monitor privileged access, keep software up to date and conduct frequent security audits.
You should probably patch that (Patch Tuesday edition)
On Tuesday, Microsoft released a relatively light load of security patches. As an added bonus this month’s update appears to be the first since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products. In total, June’s Patch Tuesday plugs 78 security holes topped by a privilege escalation flaw in Microsoft SharePoint Server (CVE-2023-29357) assigned a “critical” severity and rated 9.8 on the CVSS scale. Several other fixes apply to vulnerabilities in the Windows Pragmatic General Multicast (PGM) video streaming and gaming services and two bugs in good old Microsoft Exchange for email.
(KrebsonSecurity and The Register)
St. Margaret’s becomes first hospital to cite cyberattack as a reason for its closure
St. Margaret’s Health in Illinois fell victim to a ransomware attack in February 2021, forcing them to shut down IT infrastructure at Spring Valley hospital. The payment system was taken offline for months causing billing delays and a significant economic impact on the organization. SMP’s chair, Suzanne Stahl, said that on June 16th the system will shut down its Spring Valley and Peru facilities due to a number of factors, including the cyberattack, the Covid-19 pandemic, and staffing shortages.he closure of the hospital is expected to have a dramatic impact on residents and marks the first time a hospital has cited a cyberattack as a reason for the ceasing its operations.