Security Spotlight: Navigating the Cybersecurity Landscape and Illuminating the Dark Corners of the Web
A cyber attacker used a former employee’s hacked account to sneak into a state government’s digital space. They smartly sifted through data without noticing. This deep dive by cybersecurity experts unveils the hacker’s crafty moves, like doing sneaky data searches and tapping into confidential info. To keep such digital intruders at bay, experts suggest cutting off access for accounts no longer in use. You should also double down on login security and keep passwords in a digital vault. For a detailed exploration, check out the full story on CISA’s website.
The Siemens SCALANCE W1750D advisory reports critical vulnerabilities. The flaws include buffer overflow and command injection, with a high severity score of 9.8. These issues may allow for unauthorized command execution or denial of service. All versions are affected. Siemens advises you to enable cluster security and restrict interface access for mitigation.
The Siemens SIDIS Prime advisory identifies critical vulnerabilities, including issues with randomness, NULL pointer dereference, and infinite loops. The flaws have been rated with a CVSS score of 9.1. These flaws pose risks of unauthorized access and denial-of-service (DoS). Versions before V4.0.400 are Impacted. The advised mitigation is upgrading to V4.0.400 or later and activating encrypted communication.
The Siemens SIMATIC RTLS Gateways advisory reveals a vulnerability with a 7.7 CVSS score. It affects several RTLS Gateway models and allows potential denial of service (DoS) or remote code execution due to improper handling in the Treck TCP/IP stack. Siemens advises that no specific fix is planned. The recommend adherence to security practices outlined in the product manual and general security measures.
The Rockwell Automation FactoryTalk Service Platform advisory addresses a vulnerability with a CVSS score of 7.8. Tha flaw could allow remote exploitation. It permits users with basic privileges to escalate to administrator levels as it impacts versions before v2.74. Rockwell advises applying risk mitigations and following best security practices.
The advisory for the Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module outlines a vulnerability allowing remote attackers to disrupt login capabilities. It could lead to potential denial-of-service (DoS). It affects multiple versions across the iQ-F and iQ-R series. Mitigation strategies include using firewalls or VPNs, restricting access through IP filtering, limiting physical access to affected networks, etc. Mitsubishi Electric and CISA have provided further details and recommendations to minimize risks.
A sophisticated cyberattack targeted an unnamed US state government as they exploited a former employee’s admin account. This breach allowed unauthorized VPN access and has led to data exploration and unauthorized LDAP queries. The attackers’ identities remain unknown. They managed to post the stolen information on the dark web. This incident highlights the crucial need for the principle of least privilege.
Akira Ransomware Exploits Cisco Vulnerability. CISA just flagged a critical flaw in Cisco ASA/FTD software, now a target for Akira ransomware attacks. This high-severity issue poses a huge threat as hackers tap into this exploit to launch attacks. With nearly 200 victims in their grip, Akira’s tieing to the infamous Conti syndicate highlights the interconnected threats in cyberspace. Agencies have to patch up the vulnerability by March 7, 2024.
Microsoft just identified a severe Exchange Server vulnerability actively exploited in the wild. This high-risk flaw has a CVSS score of 9.8 as it allows attackers to escalate privileges by exploiting NTLM credential leaks. So, the flaw poses a huge threat to network security. Microsoft has released a patch with a fix. They also made Extended Protection for Authentication default with Exchange Server 2019 CU14.
The U.S. government has disrupted a Russia-linked botnet, APT28, also called, Fancy Bear. The botnet used compromised routers for intelligence gathering. They named this operation Dying Ember as it targeted devices to prevent further misuse and protect sensitive information. This action is a testament to the ongoing state battle for digital security.
Over 670 IT infrastructures have been hit by ‘DSLog’ Backdoor through Ivanti vulnerability. The compromise was rooted in a severe vulnerability in Ivanti’s secure gateways. The attackers deployed a backdoor, DSLog, to gain persistent remote access without detection. This clever breach highlights the critical need for vigilant cybersecurity measures. We suggest Ivanti users factory reset and patch their devices immediately.
Windows Management Experts
Now A Microsoft Solutions Partner for:
- Data & AI
- Digital and App Innovation
- Infrastructure
- Security
The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.
Unlock the power of WME for your business!
Reach out to us and discover how we can elevate your security strategy to a whole new level. With WME, you’re not just securing your business—you’re paving the way for a seamless and fortified future.
Elevate your business security with WME!
Connect with us and witness the transformation of your security into a strategic advantage. Trust WME to guide you towards a future that’s not just secure but seamlessly streamlined. Your journey to a more fortified and efficient tomorrow starts here!
WME Tech Bites
