WME Security Briefing 10 June 2024
Windows Management Experts, Inc. (WME)
Helping the B2B mid-market and enterprise technology sector scale with Microsoft Project, IT staffing & Managed Services
CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability
Overview
CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of the Linux kernel. It poses a big threat due to its potential to escalate local privileges.
Impact
CVE-2024-1086: A high-severity vulnerability with a CVSS score of 7.8.
It is a use-after-free bug in the netfilter: nf_tables component. It can allow a local attacker to escalate privileges from a regular user to root arbitrary code. Netfilter is a Linux kernel framework that supports packet filtering and port translation. Its successful exploitation seriously compromises the affected systems.
Another flaw, CVE-2024-24919, in Check Point network gateway security products got a CVSS score of 7.5. It also allows unauthorized access to sensitive info on connected gateways with VPNs or mobile access enabled.
Recommendation
CISA advises all federal agencies/organizations using affected systems to apply patches immediately. Patches should be applied by June 20, 2024. Also, conduct a thorough review of current systems to address any vulnerabilities of Linux kernel and Check Point products.
Widespread Cyber Attack Disables 600,000+ Routers in the U.S.
Overview
A cunning cyberattack, “Pumpkin Eclipse” knocked out internet access for hundreds of thousands of Americans in the later part of 2023. It’s a large-scale disruption believed to have been perpetrated by a government-backed group targeting specific router models provided by a major ISP.
Impact
Nearly half of the affected routers were permanently disabled. So, it mandates a massive hardware replacement effort. Also, millions of people lost access to the internet as it’s now evident that US critical internet infrastructure has severe weaknesses with a potential for widespread disruption.
Recommended by LinkedIn
Recommendation
Patch it up immediately. Update the firmware on all affected router models to plug the security holes exploited in the attack. That said, ISPs need to be more watchful of their networks to spot/stop these threats before they cause havoc. Also, we all need stronger security measures on our network devices.
Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
Overview
Microsoft issues a warning about a sharp rise in cyberattacks targeting critical industrial operational technology (OT) (think power plants, water treatment facilities) directly connected to the internet.
Hackers have messed with control panels in factories to disrupt production. Tensions in the Middle East have led to attacks on Israeli infrastructure by Iranian-backed groups. A nasty piece of malware called Fuxnet is being used to cause serious damage.
Impact
Many of these industrial systems haven’t been designed with top-notch security in mind. They might have weak passwords, outdated software, or be directly exposed to the internet, making them easy targets. So, this isn’t just about financial gain. Recent attacks seem linked to geopolitical tensions, with pro-Russia hackers targeting industrial control systems (ICSs) in North America and Europe.
Recommendation
Keep software updated and fix any known security holes. That said, minimize exposure and don’t connect these systems to the internet unless absolutely necessary. If you do, keep them separate from other networks. Trust no one: use advanced security measures to make sure only authorized users can access the systems, even if someone hacks in elsewhere. Disconnect if not needed: If a system doesn’t need internet access, cut it off!