Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 7 - 13 September
Fortinet victim of cyber attack
Fortinet issued a statement saying it has been the victim of a cyber-attack that has resulted in the exfiltration of company data. Specifically, the events took place recently when a malicious actor called Fortibitch posted on a well-known underground forum that he had managed to steal 440gb of files belonging to the company Fortinet, which he had tried to extort money from in order to pay a ransom.
Digital media outlet BleepingComputer contacted Fortinet, who said that an attacker had unauthorised access to a limited number of files stored on a Fortinet instance hosted in a third-party cloud. They also note in the company's statement that the incident affected less than 0.3% of its customers, who have reportedly been contacted about the situation, and that it has not resulted in any malicious activity directed against them.
Microsoft fixes 79 vulnerabilities in September Patch Tuesday
Microsoft has released its Patch Tuesday for September 2024 in which it has fixed a total of 79 vulnerabilities, including four actively exploited 0-days. Among the most critical of these is CVE-2024-43491, CVSSv3 9.8 according to the vendor, a flaw that allows remote code execution through Windows Update. CVE-2024-38014, CVSSv3 7.8 according to manufacturer, is an elevation of privilege vulnerability in Windows Installer.
The other two 0-days patched are security feature circumvention flaws in Windows Mark of the Web (MoTW) and Microsoft Publisher, CVE-2024-38217 and CVE-2024-38226 CVSSv3 5.4 and 7.3 respectively according to the vendor. As for the rest of the fixed vulnerabilities, 29 are elevation of privilege vulnerabilities, 22 allow remote code execution, 11 result in information disclosure, 8 in denial of service, 3 in impersonation and 2 in circumvention of security functions.
✅ Given the risk they represent, Microsoft recommends prioritizing the application of patches to mitigate possible attacks.
Critical vulnerability in Apache
The Apache Company has fixed a critical vulnerability in OFBiz, which is a suite of enterprise CRM and ERP management applications. Specifically, the security flaw was discovered by security researchers at Rapid7 and has been identified as CVE-2024-45195, CVSSv3 of 7.5. According to the researchers, an attacker without valid credentials could exploit the missing view authorisation checks in the web application to execute arbitrary code on both vulnerable Linux and Windows servers.
Due to these facts, the Apache security team fixed the vulnerability in version 18.12.16 by adding authorisation checks. Rapid7 has also released a proof of concept for this security flaw.
Atomic, the stealer with the biggest impact on macOS systems
Researchers at Sophos have published research reporting on the growth of malware on macOS systems. Specifically, the experts point out that their telemetry shows that the Atomic macOS Stealer (AMOS) family of infostealers is one of the most common.
This malware is used to steal sensitive data such as cookies, passwords, autofill data and cryptocurrency wallets. AMOS is available on Telegram channels at a price of $3,000 and its main entry vector is through malversiting and SEO poisoning techniques. It should be noted that AMOS has been seen impersonating legitimate tools in order to trick its victims into downloading its executable, some of these being Trello, Notion, Slack, among others.
As for its development, the researchers point out that they continue to make improvements, such as the announcement of a future version aimed at iPhone users.
SonicWall Warns of Exploitation of Critical Vulnerability
SonicWall has reported that vulnerability CVE-2024-40766, CVSSv3 9.3 according to vendor, is potentially being actively exploited. The flaw, which would have been patched on August 22, 2024, would allow an attacker to gain unauthorized access to resources and remove network protections, including the ability to block firewalls.
While this vulnerability was initially believed to affect SonicWall SonicOS access, specifically SonicWall Firewall Gen 5, Gen 6 and Gen 7 products, the latest security advisory released by the company would state that CVE-2024-40766 also affects the firewalls' SSLVPN feature.
✅ Although the details of the alleged exploitation of the flaw are unknown, SonicWall has published a list of recommended security mitigations, which would include restricting or disabling SSLVPN access, updating passwords on Gen 5 and Gen 6 devices, and enabling multi-factor authentication (MFA).
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
