CISA: Weak Cloud Security Actively Exploited; NSA: Third-Party DNS Resolvers Unsafe; FIX NOW! Actively Exploited Flaws in Microsoft, Adobe, and Cisco Products

The US Cybersecurity and Infrastructure Security Agency (CISA) has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services, after becoming aware of cyber-attacks leveraging weaknesses in cloud security services. Threat actors are leveraging phishing and other techniques to exploit poor cyber hygiene practices and misconfigurations in cloud services. CISA has listed steps organizations can take to improve their cloud security posture.

Read more in

The US National Security Agency (NSA) has released recommendations for enterprises to securely adopt encrypted DNS. The document "explain[s] the benefits and risks of adopting the encrypted domain name system (DNS) protocol, DNS over HTTPs (DoH), in enterprise environments." The NSA recommends against using third-party DNS resolvers to "ensure proper use of essential enterprise security controls, facilitate access to local network resources, and protect internal network information."

Read more in

Microsoft has released fixes for 83 security issues in its software, including Windows, Edge, Office, SQL Server, and Azure. Ten of the flaws are rated critical. One of the flaws fixed was disclosed prior to the monthly security update, and one of the flaws is being actively exploited: a remote code execution vulnerability that affects Microsoft Defender.

Read more in

Adobe has released security updates to address seven critical vulnerabilities in Photoshop, Illustrator, Animate, Bridge, and other products. As of Tuesday, January 12, Adobe is blocking Flash content. Users are being urged to uninstall the software, which is no longer supported.

Read more in

Cisco has released fixes for nearly 70 high-severity flaws in a variety of products. One of the most serious vulnerabilities affects Cisco Connected Mobile Experiences (CMX); it could be exploited to "allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system." Cisco has also released fixes for vulnerabilities in its RV routers, but it is not releasing updates for older RV routers that have reached end-of-life (EOL). The devices in question, which include Cisco Small Business RV110W, RV130, RV130W, and RV215W systems, reached EOL in 2017 and 2018, and paid extended support contracts expired on December 1, 2020. Cisco is urging customers using older versions of its RV routers to upgrade to newer, actively supported models.

Read more in

US federal financial regulatory agencies have proposed a rule that would require financial institutions to report cybersecurity events to financial regulators "no later than 36 hours after the banking organization believes in good faith that the incident occurred." The US The Office of the Comptroller of the Currency, Treasury, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation (FDIC) published the proposed rulemaking in the Federal Register on January 12, 2021; comment will be accepted through April 12, 2021.

Read more in

An international law enforcement operation involving Europol and agencies in Germany, Australia, Denmark, Moldova, Ukraine, the UK, and the US has taken down the DarkMarket illegal online marketplace. The alleged operator of the marketplace, an Australian citizen living in Germany, has been arrested. Authorities also seized more than 20 associated servers in Moldova and Ukraine.

Read more in

SolarWinds and CrowdStrike have disclosed information about yet another piece of malware that helped enable the supply chain attack. Dubbed Sunspot, the malware is designed "to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product."

Read more in

In October 2020, Mac researchers noticed a feature in a beta version of macOS 11.2 that allowed Apple apps to bypass socket firewalls and virtual private networks. Dubbed the ContentFilterExclusionList, the feature permitted roughly 50 Apple programs to access the Internet without going through the Network Extension Framework, which was established to allow the monitoring and filtering of network traffic. Researchers noted that exploiting the ContentFilterExclusionList is trivial. The second beta version of macOS 11.2 will not include that feature.

Read more in

Hackers who stole COVID-19 vaccine and medicine data from the European Medicines Agency (EMA) late last year have posted the information online. Law enforcement authorities are investigating.

Read more in

In a January 12 blog post, eMail security provider Mimecast says, "Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor." The issue affects approximately 10 percent of Mimecast's customer base. Mimecast has asked affected customers "to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate" Mimecast has made available. Both the methods and the targets of the attack bear similarities to the SolarWinds supply chain attack.

Read more in

A critical authenticated privilege elevation flaw in the Orbit Fox by ThemeIsle WordPress plugin could be exploited to take control of vulnerable websites. An update for the plugin is available. It also addresses a medium-severity stored cross-site scripting vulnerability that could be exploited to inject malicious JavaScript into websites. The plugin has been installed on more than 400,000 WordPress sites. Users are urged to update to Orbit Fox by ThemeIsle version 2.10.3.

Read more in