Author: blogmirnet

iOS 17.0.1 and iPadOS 17.0.1

Released September 21, 2023

Kernel

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: The issue was addressed with improved checks.

CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

Security

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: A certificate validation issue was addressed.

CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: September 21, 2023

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence Apple is aware of a report that CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993 may have been exploited in the wild against versions of iOS before iOS 16.7.

Systems Affected

iOS prior to 16.7 iPadOS prior to 16.7 watchOS prior to 9.6.3 macOS Ventura prior to 13.6 macOS Monterey prior to 12.7 Safari prior to 16.6.1

Risk Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High – Small business entities: Medium

Home Users: Low

Technical Summary Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

Recommendations

Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spear phishing, social engineering, and other techniques that involve user interaction.

References Apple:  https://support.apple.com/en-us/HT213926 https://support.apple.com/en-us/HT213927 https://support.apple.com/en-us/HT213928 https://support.apple.com/en-us/HT213929 https://support.apple.com/en-us/HT213930 https://support.apple.com/en-us/HT213931 https://support.apple.com/en-us/HT213932

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41991 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41992 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993

Featured New resource for role-based Microsoft Certification exams > Access to Microsoft Learn is now available as you complete your exam. During the exam, select the Microsoft Learn button on the exam question screen. This is available in all languages. (Blog post in English)

What’s New Tutorial: Train a classification model > Learn how to train a classification model with no-code AutoML using Azure Machine Learning automated ML in the Azure Machine Learning studio.   GitHub Copilot for Visual Studio video series > Learn how GitHub Copilot can make you more productive when developing apps with Visual Studio.   Azure Machine Learning examples repository > Explore community-driven Azure Machine Learning examples, tested with GitHub Actions.

Events See local events > Microsoft Ignite / November 14-17 / In person or online. > Register for Microsoft Ignite. Experience the latest AI innovations, learn from experts, advance your skills, and connect with your community.   GitHub Universe / November 8-9 / In person and online > Register for the GitHub global developer conference. Stay in the flow, optimize collaboration, and prevent vulnerabilities with AI-powered security.   Deconstructing the Contoso Real Estate App / Weekly / Online > Build a composable enterprise-grade app with JavaScript on Azure. This 4-part weekly series runs through October 5 and will also be available on demand.   .NET Conf 2023 / November 14-16 / Online > Attend a wide selection of live sessions that feature speakers from the community and .NET team members. This year .NET 8.0 will launch at .NET Conf!   Microsoft Exam Readiness Zone / On demand > Get help preparing for a Microsoft Certification exam with tips, tricks, and strategies from experts.

Learning Learning path collection: Azure OpenAI Service > Get to know the connection between AI, responsible AI, and text, code, and image generation. Learn how to use GPT-4, ChatGPT, and Dall-E.   GitHub skills collection > Learn how to use GitHub with interactive courses designed for beginners and experts. (English only)   Learning path collection: Machine Learning > Discover tools for building and running your own models from your own data, while developing your machine learning skills.

Face recognition software is commonly used as a gatekeeper for accessing secure websites and electronic devices, but what if someone can defeat it by simply wearing a mask resembling another person’s face? Newly published research from the National Institute of Standards and Technology (NIST) reveals the current state of the art for software designed to detect this sort of spoof attack.

The new study appears together with another that evaluates software’s ability to call out potential problems with a photograph or digital face image, such as one captured for use in a passport. Together, the two NIST publications provide insight into how effectively modern image-processing software performs an increasingly significant task: face analysis.

Read More

This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released this Joint Cybersecurity Advisory to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant identified through FBI investigations as recently as June 1, 2023.

Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations. Snatch threat actors have targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture, and Information Technology sectors. Snatch threat actors conduct ransomware operations involving data exfiltration and double extortion. After data exfiltration often involving direct communications with victims demanding ransom, Snatch threat actors may threaten victims with double extortion, where the victims’ data will be posted on Snatch’s extortion blog if the ransom goes unpaid.

The FBI and CISA encourage organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of ransomware incidents.

Cisco Talos has published an open-source report regarding the North Korean state-sponsored actor, the Lazarus Group, reported to be targeting internet backbone infrastructure and healthcare entities in Europe and the United States. The attackers have been exploiting a vulnerability in ManageEngine products, which is tracked as CVE-2022-47966. This vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA)  Known Exploited Vulnerabilities Catalog in January 2023. Through this exploit, the attackers are deploying the remote access trojan (RAT) known as “QuiteRAT.” Security researchers previously identified this malware in February 2023, and it is reportedly the successor to the group’s previously used malware “MagicRAT,” which contains many of the same capabilities. Further analysis of this campaign has also shown that the group is using a new malware tool called “CollectionRAT,” which appears to operate like most RATs by allowing the attacker to run arbitrary commands among other capabilities. Both CISA and the FBI have previously warned that these types of vulnerabilities are common attack methods for malicious actors and can pose a significant risk to healthcare and public health organizations.

This HC3 Sector Alert provides additional details, indicators of compromise, mitigation recommendations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cyber criminals.

With a mention in the new National Cyber Workforce and Education Strategy and even a dedicated state law, K–12 cybersecurity education clearly has the eye of policymakers. However, despite public attention and new opportunities for high school students to pursue cybersecurity coursework, high schools often struggle to provide students with a clear understanding of what cybersecurity careers actually look like. Hands-on learning experiences, like those we’ve had at our schools and during our internship with NICE at NIST, can help bring cybersecurity education and career pathways into focus for young learners.

High school cybersecurity education, career awareness, and hands-on activities are in short supply

Cybersecurity can be a challenging topic for students. They may need to learn new programming languages, techniques to analyze large sets of data, and other new systems and technologies. Professional skills in communication, teamwork, and leadership, which are all essential in cybersecurity, also take time and practice to develop…

Read More Here

Multiple vulnerabilities have been discovered in Notepad++, the most severe of which could result in arbitrary code execution. Notepad++ is a free and open-source text and source code editor for use with Microsoft Windows. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence Proof of concept exploits have also been published for these vulnerabilities.

System Affected – Notepad++ prior to 8.5.7

Risk Government: – Large and medium government entities: Medium – Small government entities: Medium

Businesses: – Large and medium business entities: Medium – Small business entities: Medium

Home Users: Low

Technical Summary Multiple vulnerabilities have been discovered in Notepad++, the most severe of which could allow for arbitrary code execution.

Recommendations

Apply appropriate updates provided by Notepad++ to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Restrict execution of code to a virtual environment on or in transit to an endpoint system. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

References Bleepingcomputer:   https://www.bleepingcomputer.com/news/security/notepad-plus-plus-857-released-with-fixes-for-four-security-vulnerabilities/

CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40166

Civil society organizations and other communities on the frontlines of the fight for democracy and human rights are frequently targets of Advanced Persistent Threats. These same organizations require additional support from the Federal government and the broader cybersecurity community to protect, detect, and defend against cyber threats.

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with industry and civil society, is developing a cyber defense plan to advance the following objectives:

Enhance baseline levels of cyber hygiene for civil society organizations. Improve the response and resilience of targeted organizations. Gain commitments from industry, government, and civil society to equitably distribute the burden of bolstering the cybersecurity of high-risk communities.

CISA is recruiting cyber volunteer programs to feature on the CISA.gov website (with consent) to:

Help prospective volunteers get in touch with their local volunteer corps or clinic; and Connect organizations in need of cybersecurity assistance with cyber volunteer programs that can assist.

CISA also wants to know if your organization offers free tools & services to high-risk communities.

Please contact CISA if you are aware of, or belong to:

A cyber volunteer program that can help, and should be included on CISA.GOV; or Free tools or services that can bolster cybersecurity protections to high-risk communities.

For more information and CISA contact information, click here.

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. They are accessed by a userbase from different locations through different devices. This scenario calls for establishing trust in all enterprise access entities, data sources, and computing services through secure communication and the validation of access policies.

Zero trust architecture (ZTA) and the principles on which it is built have been accepted as the state of practice for obtaining necessary security assurances, often enabled by an integrated application service infrastructure, such as a service mesh. ZTA can only be realized through a comprehensive policy framework that dynamically governs the authentication and authorization of all entities through status assessments (e.g., user, service, and requested resource). This guidance recommends:

• The formulation of both network-tier and identity-tier policies
• The configuration of technology components that will enable the deployment and enforcement of different policies (e.g., gateways, infrastructure for service identities, authentication and authorization modules that enforce policies)
• A comprehensive monitoring framework that provides coverage for various tasks, such as observing the status of resources and tracking events (e.g., user access requests, changes to enterprise directories)
• The use of telemetry data to enhance security by fine-tuning access rights and enforcing step-up authentication

Read More