If you use a D-Link router model DIR-X5460 or DIR-X4860, you must update the firmware ASAP. A vulnerability allows attackers to take over the device without any user interaction from you.
This may be a good reminder for everyone to check firmware for updates on their internet-facing devices.
—
A new wave of attacks has been identified targeting Python Package Index (PyPI) packages. Known as “revival hijacking,” these attacks involve taking over abandoned or outdated packages to distribute malicious code. Developers are advised to be vigilant and regularly audit their dependencies.
—
Also, update any PDF readers you have installed on your personal devices. Your mainstream device should be receiving automatic updates, but you will need to take care of home devices. A new round of attacks using malicious pdf’s is being seen around the world.
—
If you use WinRAR (windows or Linux), please make sure you are running the current version. The developers’ website is https://www.rarlab.com/ . The affected versions are before 6.23. The current version is 7.01.
The most common exploit of this attack is through downloading malicious rar archives, often listed as pirated software or movies, but sometimes as repackaged shareware/freeware. You should avoid any such illegal activities, get downloads from trusted sites, and scan all downloads with www.virustotal.com .
—
If you know any organizations that use ServiceNow, please forward them this article: https://cybersecuritynews.com/servicenow-instances-leaking-corporate-data/
***************
For our IT folks,
A new round of exploitations for Microsoft Exchange is being seen this past week related to vulnerabilities patched in June 2023. Any Exchange servers that have not been updated since that time should be reviewed. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32031 and https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529
details here: https://cybersecuritynews.com/exploitation-of-exchange-powershell/
—
If any clients use SonicWall firewalls, please read the following article: https://cybersecuritynews.com/sonicwall-vulnerability-exploited-wild/. The vulnerability, with a CVSS score of 9.3, impacts SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS versions 7.0.1-5035 and older.
—
Veeam Software made the list this past week. https://www.veeam.com/kb4649
a write-up here; https://cybersecuritynews.com/veeam-software-vulnerabilities-let-attackers-trigger-remote-code-execution/
I have not seen exploits in the wild, but as patches are reverse-engineered, the exploits will be developed and published. We may need to plan an update for affected clients.
Veeam has addressed these vulnerabilities in the latest software updates, urging all users to upgrade to the following versions:
Veeam Backup & Replication: Version 12.2 (build 12.2.0.334)
Veeam Agent for Linux: Version 6.2 (build 6.2.0.101)
Veeam ONE: Version 12.2 (build 12.2.0.4093)
Veeam Service Provider Console: Version 8.1 (build 8.1.0.21377)
***************
And in the Far Out novel attacks news;
Rambo Attack on Air-Gapped Systems
A new cybersecurity threat known as the “Rambo Attack” has been identified, targeting air-gapped systems. This attack leverages electromagnetic emissions from RAM to exfiltrate data from isolated networks, posing a significant challenge to traditional security measures. Researchers have demonstrated the feasibility of this attack, highlighting the need for enhanced protective strategies in environments relying on air-gapped systems. https://cybersecuritynews.com/rambo-attack-air-gapped-systems/ and a demo at https://www.youtube.com/watch?v=ZQcnHE3mk_A
This adds to the list of weird but usable attacks against any system including capturing sound from devices, using electromagnetic emissions, video displays using various methods such as the electromagnetic emissions from the video cable, acoustic attacks such as listening to people typing to reconstruct the data being typed, or changing the fan speed to send signals. These may be slow, but are effective.
Daniel Weatherly, CISSP
Director of Security Services
Mainstream Technologies Inc.
501-801-6706
