Watch for these patches from Palo Alto Networks, Microsoft and others.
Welcome to Cyber Security Today. It’s Monday August 15th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Today’s edition reports on a number of vulnerabilities and patches that IT and security teams should be watching for.
Administrators with firewalls from Palo Alto Networks in their environments should be on the lookout this week for security updates to fix a high-severity vulnerability used by PA, VM and CN-series firewalls. That misconfiguration could allow an attacker to leverage the device for denial of service attacks. The issue has been resolved for all Palo Alto Network cloud next generation firewalls and the Prisma Access service. Updates for other devices will come this week. In the meantime there are workarounds. There’s a link to the document explaining them in the text version of this podcast. By the way, Palo Alto Networks said it learned about this problem because a threat actor is looking for vulnerabilities in firewalls from a number of manufacturers. Network administrators should watch for alerts coming from their firewall vendors.
Windows administrators need to watch for and install a security patch from Microsoft or their server and PC equipment manufacturers to fix vulnerabilities in third-party bootloaders in products they may use. Windows allows approved third party bootloaders to affect the operating systems’ boot process. But researchers at Eclypsium recently found vulnerabilities that could bypass the Secure Boot capability that protects Windows from being abused. So far three affected bootloaders have been identified. The patch will update Windows’ Secure Boot Forbidden Signature Database.
Email administrators with the Zimbra Collaboration Suite email server in their environment must install the latest patch. This comes after researchers at Volexity discovered a serious vulnerability while investigating breaches at organizations that use the suite. Hackers were getting around a patch that was released in March to patch a hole. It was thought that an attacker would need administrative privileges to exploit the vulnerability. But the researchers found that wasn’t so. Zimbra released a new patch at the end of July. It should have been installed by now.
Security researchers at a firm in Argentina have discovered a high severity vulnerability that may affect network devices from 20 manufacturers including D-Link, Tenda, Nexxt, Intelbras and others. According to Security Week, which interviewed the researchers, the problem is in the software development kit that manufacturers used if they bought certain processing chips from a company called Realtek. The manufacturers were warned about the problem in March. It’s up to them to distribute the patch.
Small businesses and individuals should regularly check the websites of the manufacturers of their routers and WiFi access points for security patches. That’s because often warnings often don’t get sent directly to IT departments and device owners.
Police in the Netherlands have arrested a man believed to be involved in cryptocurrency money laundering through the Tornado Cash mixing service. Mixing services change one type of cryptocurrency for others, helping crooks hide stolen and ransomed funds. Police have long suspected that Tornado Cash is used for cryptocurrency laundering. Dutch police suspect hundreds of millions of dollars in criminal-related cryptocurrency has gone through that particular mixer. The arrest came after the U.S. put Tornado Cash on a sanctioned list.
Finally, since May the U.S has been offering million-dollar rewards for information on the leaders of the Conti ransomware gang. The government knows their online usernames. Now it claims to have a photo of what it calls a gang associate. It tweeted the photo last week of a bearded man who allegedly uses the name “Target.” Under the government’s Rewards for Justice program there are a number of ways to report information and claim a reward. The Conti gang allegedly disbanded earlier this year but it is believed a number of group members work with other ransomware operators.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.