| Read the article |
Author: blogmirnet
Microsoft Security Virtual Training Day: Security, Compliance and Identity Fundamentals
| Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to help protect people and data against cyberthreats for greater peace of mind. You’ll also learn more about identity and access management while exploring compliance management fundamentals. You will have the opportunity to: Learn the fundamentals of security, compliance, and identity. Understand the concepts and capabilities of Microsoft identity and access management solutions, as well as compliance management capabilities. Gain the skills and knowledge to jumpstart your preparation for the certification exam. Join us at an upcoming two-part event: October 23, 2023 | 12:00 PM – 3:45 PM | (GMT-05:00) Eastern Time (US & Canada) October 24, 2023 | 12:00 PM – 2:15 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English |
| REGISTER TODAY > |
Vulnerabilities in Apple Products iOS 17
iOS 17.0.1 and iPadOS 17.0.1
Released September 21, 2023
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
Security
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Published Date: September 21, 2023
Multiple Vulnerabilities in Apple Products
| Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. |
| Threat Intelligence Apple is aware of a report that CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993 may have been exploited in the wild against versions of iOS before iOS 16.7. |
| Systems Affected |
| iOS prior to 16.7 iPadOS prior to 16.7 watchOS prior to 9.6.3 macOS Ventura prior to 13.6 macOS Monterey prior to 12.7 Safari prior to 16.6.1 |
| Risk Government: – Large and medium government entities: High – Small government entities: Medium |
| Businesses: – Large and medium business entities: High – Small business entities: Medium |
| Home Users: Low |
| Technical Summary Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. |
| Recommendations |
| Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spear phishing, social engineering, and other techniques that involve user interaction. |
Microsoft.Source newsletter
Featured  |
| What’s New GitHub Copilot for Visual Studio video series > Learn how GitHub Copilot can make you more productive when developing apps with Visual Studio. |
| Events See local events > |
| Learning Learning path collection: Azure OpenAI Service > Get to know the connection between AI, responsible AI, and text, code, and image generation. Learn how to use GPT-4, ChatGPT, and Dall-E. |
What’s Wrong With This Picture? NIST Face Analysis Program Helps to Find Answers
Face recognition software is commonly used as a gatekeeper for accessing secure websites and electronic devices, but what if someone can defeat it by simply wearing a mask resembling another person’s face? Newly published research from the National Institute of Standards and Technology (NIST) reveals the current state of the art for software designed to detect this sort of spoof attack.
The new study appears together with another that evaluates software’s ability to call out potential problems with a photograph or digital face image, such as one captured for use in a passport. Together, the two NIST publications provide insight into how effectively modern image-processing software performs an increasingly significant task: face analysis.
Read More
Stop Ransomware: Snatch Ransomware
| This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. |
| The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released this Joint Cybersecurity Advisory to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant identified through FBI investigations as recently as June 1, 2023. |
| Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations. Snatch threat actors have targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture, and Information Technology sectors. Snatch threat actors conduct ransomware operations involving data exfiltration and double extortion. After data exfiltration often involving direct communications with victims demanding ransom, Snatch threat actors may threaten victims with double extortion, where the victims’ data will be posted on Snatch’s extortion blog if the ransom goes unpaid. |
| The FBI and CISA encourage organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of ransomware incidents. |
Lazarus Group Exploits ManageEngine Vulnerability
| Cisco Talos has published an open-source report regarding the North Korean state-sponsored actor, the Lazarus Group, reported to be targeting internet backbone infrastructure and healthcare entities in Europe and the United States. The attackers have been exploiting a vulnerability in ManageEngine products, which is tracked as CVE-2022-47966. This vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog in January 2023. Through this exploit, the attackers are deploying the remote access trojan (RAT) known as “QuiteRAT.” Security researchers previously identified this malware in February 2023, and it is reportedly the successor to the group’s previously used malware “MagicRAT,” which contains many of the same capabilities. Further analysis of this campaign has also shown that the group is using a new malware tool called “CollectionRAT,” which appears to operate like most RATs by allowing the attacker to run arbitrary commands among other capabilities. Both CISA and the FBI have previously warned that these types of vulnerabilities are common attack methods for malicious actors and can pose a significant risk to healthcare and public health organizations. |
| This HC3 Sector Alert provides additional details, indicators of compromise, mitigation recommendations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cyber criminals. |
Hands-On Learning Experiences Encourage Cybersecurity Career Discovery
With a mention in the new National Cyber Workforce and Education Strategy and even a dedicated state law, K–12 cybersecurity education clearly has the eye of policymakers. However, despite public attention and new opportunities for high school students to pursue cybersecurity coursework, high schools often struggle to provide students with a clear understanding of what cybersecurity careers actually look like. Hands-on learning experiences, like those we’ve had at our schools and during our internship with NICE at NIST, can help bring cybersecurity education and career pathways into focus for young learners.
High school cybersecurity education, career awareness, and hands-on activities are in short supply
Cybersecurity can be a challenging topic for students. They may need to learn new programming languages, techniques to analyze large sets of data, and other new systems and technologies. Professional skills in communication, teamwork, and leadership, which are all essential in cybersecurity, also take time and practice to develop…
Read More Here
Multiple Vulnerabilities in Notepad++
| Multiple vulnerabilities have been discovered in Notepad++, the most severe of which could result in arbitrary code execution. Notepad++ is a free and open-source text and source code editor for use with Microsoft Windows. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. |
| Threat Intelligence Proof of concept exploits have also been published for these vulnerabilities. |
| System Affected – Notepad++ prior to 8.5.7 |
| Risk Government: – Large and medium government entities: Medium – Small government entities: Medium |
| Businesses: – Large and medium business entities: Medium – Small business entities: Medium |
| Home Users: Low |
| Technical Summary Multiple vulnerabilities have been discovered in Notepad++, the most severe of which could allow for arbitrary code execution. |
| Recommendations |
| Apply appropriate updates provided by Notepad++ to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Restrict execution of code to a virtual environment on or in transit to an endpoint system. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. |