Read Time:2 Second
Tool won’t democratize cybercrime, agency argues
Daily Archives: March 16, 2023
BEC Volumes Double on Phishing Surge
thunderbird-102.9.0-1.fc36
Read Time:12 Second
FEDORA-2023-dbfb637c38
Packages in this update:
thunderbird-102.9.0-1.fc36
Update description:
Update to 102.9.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
thunderbird-102.9.0-1.fc37
Read Time:12 Second
FEDORA-2023-222495c87a
Packages in this update:
thunderbird-102.9.0-1.fc37
Update description:
Update to 102.9.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
thunderbird-102.9.0-1.fc38
Read Time:12 Second
FEDORA-2023-f36ef5ab9e
Packages in this update:
thunderbird-102.9.0-1.fc38
Update description:
Update to 102.9.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
Chinese SilkLoader Malware Sold to Russian Cyber-Criminals
Why red team exercises for AI should be on a CISO’s radar
Read Time:48 Second
AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams do with any traditional application, platform, or IT system.
AI increasingly powers business decision-making, financial forecasting, predictive maintenance, and an endless list of other enterprise functions, weaving its way inextricably into the enterprise tech stack.
This is where AI red teaming comes into play. Forward-looking security pundits believe that the field of AI risk management and AI assurance will be a growing domain for CISOs and cybersecurity leaders to get a handle on in the coming years. Fundamental to managing AI risks will be threat modeling and testing for weaknesses in AI deployments.
When and how to report a breach to the SEC
Read Time:51 Second
New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents.
Under the proposal, the SEC would implement three new rules that public companies will need to follow:
A requirement that companies report any cybersecurity event within four business days of determining that it was a material incident.
Mandatory disclosures regarding the board of directors’ oversight of cybersecurity risk as well as details about the cybersecurity expertise and experience of individual board members.
Mandatory disclosures about management’s role in addressing cybersecurity risk.
The SEC action has — or should have — security leaders, their C-suite colleagues, and board directors prepping for the new steps they’ll have to follow. And it should have executives at private companies and other entities taking note, as the SEC action could have a trickle-down impact.
Critical Adobe ColdFusion Vulnerability (CVE-2023-26360) Exploited as a Zero-day
Read Time:1 Minute, 17 Second
FortiGuard Labs is aware of a report that an improper access control vulnerability in Adobe ColdFusion (CVE-2023-26360) was observed to have been exploited in the wild. Unauthenticated attackers can exploit the vulnerability to achieve arbitrary code execution on a remote machine. On March 15th, CISA added CVE-2023-26360 to the Known Exploited Vulnerability catalog.Why is this Significant?This is significant because Adobe reported that an improper access control vulnerability in Adobe ColdFusion (CVE-2023-26360) was exploited in the wild. CISA also added the vulnerability to the Known Exploited Vulnerability catalog. As such the patch needs to be applied as soon as possible.What is CVE-2023-26360?CVE-2023-26360 is an improper access control vulnerability that affects ColdFusion 2021 version 5 and prior as well as ColdFusion 2018 version 15 and prior. Unauthenticated attackers can exploit the vulnerability to achieve arbitrary code execution on a remote machine.Is CVE-2023-26360 being Exploited in the Wild?Adobe confirmed in the advisory that CVE-2023-26360 was leveraged in the wild.Has the Vendor Released an Advisory for CVE-2023-26360?Yes. See the Appendix for a link to “Security updates available for Adobe ColdFusion | APSB23-25”.Has the Vendor Released a Patch for the Vulnerability?Yes, Adobe released a patch for CVE-2023-26360 on March 14th, 2023.What is the Status of Protection?At this time, there is not sufficient information that allows us to investigate for protection. This Threat Signal will be updated when new information becomes available.
Multiple Progress Telerik UI Vulnerabilities Exploited in the Wild
Read Time:2 Minute, 11 Second
FortiGuard Labs recently observed that multiple vulnerabilities (CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357) in Progress Telerik UI (User Interface) are being exploited in chain to achieve arbitrary code execution on a remote machine. On March 15th, CISA released an advisory that multiple threat actors exploited unpatched IIS servers in a U.S. federal agency.Why is this Significant?This is significant because three Progress Telerik UI vulnerabilities are being exploited in chain for arbitrary code execution. On March 15th, 2023, CISA released an advisory that multiple threat actors exploited vulnerable IIS servers in a U.S. federal agency. As such, the patches need to be applied as soon as possible.What is CVE-2019-18935?CVE-2019-18935 is a critical deserialization of untrusted data vulnerability in the RadAsyncUpload functionProgress function of Telerik UI for ASP.NET AJAX, a suite of UI components for web applications. Successful exploitation of the vulnerability allows remote attackers to perform arbitrary file uploads or execute arbitrary code when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11317?CVE-2017-11317 is an unrestricted file upload vulnerability in Telerik UI for ASP.NET AJAX. It leverages weakness RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11357?CVE-2017-11357 is an arbitrary file upload vulnerability in Telerik UI for ASP.NET AJAX components. It is an insecure direct object reference vulnerability in the RadAsyncUpload function, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code by manipulating user input.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.Has the Vendor Released an Advisory for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357?Yes. See the Appendix for a link to “Unrestricted File Upload in RadAsyncUpload”, “Allows JavaScriptSerializer Deserialization” and “Insecure Direct Object Reference in RadAsyncUpload”.Has the Vendor Released a Patch for the Vulnerabilities?Yes. Patches are available for all three vulnerabilities.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357:Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload