IT administrators warned of serious vulnerabilities in web servers and in cURL.
Welcome to Cyber Security Today. It’s Wednesday, October 11th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Developers and administrators of web servers are being warned to install patches to fix a critical vulnerability in a key protocol that led to a recent record-smashing denial of service attack. Cloudflare, Google and Amazon issued the warning Tuesday after investigating attacks that leveraged a botnet of a mere 20,000 compromised servers. The vulnerability is in the HTTP/2 performance protocol used in servers. Cloudflare, a denial-of-service attack mitigation service, called it a novel attack vector used at an unprecedented scale. Application developers have already been notified to patch their software.
More botnet news: Fortinet is warning network administrators to patch routers from D-Link, TP-Link, Totolink, Netis and others. That’s because a botnet dubbed IZ1H9 updated its software last month to include vulnerabilities in these and other devices. Exploring those vulnerabilities allows the devices to be used for DDoS attacks.
Open-source developers that use the cURL library in their applications should watch for the release today of details of two vulnerabilities that might have a huge impact. Details about them weren’t available when this podcast was recorded. cURL version 8.4 will fix the holes. cURL is used to transfer data via URLs. According to researchers at Synopsys, cURL is included in many standard Linux distributions and their container images.
Two years ago researchers at vpnMentor discovered a misconfigured Amazon AWS bucket belonging to an IT consulting company was publicly exposing the data of one of its customers, a French sporting goods company called Decathlon. Someone was able copy that data before the hole was closed, because researchers at vpnMentor now say that last month a crook advertised stolen Decathlon data of about 8,000 employees on the dark web. It’s not known whether the data has been available to buyers for some time, or if not, why it’s only surfaced now.
This being Cyber Security Awareness Month I am bringing to listeners’ attention incidents that show things employees should watch out for. Here’s one: This month a company’s employees were sent an email that looked like it came from the firm saying their email mailbox was full, and they should click on the included link. The message was convincing because the “From” part of the message was the firm’s name. However, if employees had turned on the control allowing them to see the full email address of the sender it was obvious it didn’t come from the company. The lesson for IT departments is to make sure this control is enabled on the email clients of all employees. Employees have to be regularly reminded to check the sender’s email address of every message — especially messages with links or documents. In this case the link would probably would have likely asked staff to give away their passwords by logging into a fake portal. Or the link might have lead to downloading malware. The second lesson is to employees: You play a role in cybersecurity by watching for tricks like this.
Another American financial institution is acknowledging being a victim of the MOVEit file transfer server vulnerability. University Federal Credit Union of Austin, Texas, is notifying over 102,000 people some of their personal information was stolen in the hack of an unnamed company that processes the credit union’s data.
Finally, here’s important security update news: Yesterday was the monthly Patch Tuesday. Microsoft issued fixes for 103 vulnerabilities in various versions of Windows. Sixteen of them are critical. According to researchers at Action1, the worst is a hole in the Microsoft Message Queuing Service. Three of the vulnerabilities are zero-day holes with exploitable proofs of concepts already available. One of the three is in Skype for Business. Another is in WordPad.
Also yesterday Adobe released security patches, including fixes for vulnerabilities in Adobe Commerce, Magento Open Source and Photoshop.
By the way, researchers at Akamai said a new payment card skimming campaign against websites using Magento and WooCommerce has been discovered. Typically the attackers are finding ways to get into the sites and install code that skims information entered by customers. Website administrators have to tighten security around who can access the code on their sites, and they have to regularly scan website code for compromises.
SAP released security patches for products, including a HotNews Note for SAP Business Client.
Citrix issued security updates to fix serious vulnerabilities in on-premise versions of NetScaler ADC and NetScaler Gateway. At risk are implementations configured as a gateway or virtual server.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.