There is a lot to take in this week in keeping your systems up-to-date.
The image below shows all the companies that have released updates.
Please take the time to check that your systems are updated or set to update.
Midfoils Tech 
- 225 Followers
- 267 Following
- 217 Posts
Translating all things "cyber" into practical business focused security advice and guidance
Hopefully you all saw that Apple released some security updates at the end of last week.
It would be worthwhile checking to see if your devices have updated, and if not, update them, in order to keep yourself as safe as possible.
Wednesday appears to be router day... @zyxel have issued updates for a large number of their routers -> https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
D-Link has issued a security advisory for an EOL router (https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411) but you should be replacing this model if you still use it...
1/2
Zyxel security advisory for OS command injection vulnerability in APs and security router devices | Zyxel Networks
CVE: CVE-2024-7261 Summary Zyxel has released patches addressing an operating system (OS) command injection vulnerability in some access point (AP) and security router versions. Users are advised to install the patches for optimal protection. What is the vulnerability? The improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. What versions are vulnerable—and what should you do? After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below. Product Affected model Affected version Patch availability AP NWA50AX 7.00(ABYW.1) and earlier 7.00(ABYW.2) NWA50AX PRO 7.00(ACGE.1) and earlier 7.00(ACGE.2) NWA55AXE 7.00(ABZL.1) and earlier 7.00(ABZL.2) NWA90AX 7.00(ACCV.1) and earlier 7.00(ACCV.2) NWA90AX PRO 7.00(ACGF.1) and earlier 7.00(ACGF.2) NWA110AX 7.00(ABTG.1) and earlier 7.00(ABTG.2) NWA130BE 7.00(ACIL.1) and earlier 7.00(ACIL.2) NWA210AX 7.00(ABTD.1) and earlier 7.00(ABTD.2) NWA220AX-6E 7.00(ACCO.1) and earlier 7.00(ACCO.2) NWA1123-AC PRO 6.28(ABHD.0) and earlier 6.28(ABHD.3) NWA1123ACv3 6.70(ABVT.4) and earlier 6.70(ABVT.5) WAC500 6.70(ABVS.4) and earlier 6.70(ABVS.5) WAC500H 6.70(ABWA.4) and earlier 6.70(ABWA.5) WAC6103D-I 6.28(AAXH.0) and earlier 6.28(AAXH.3) WAC6502D-S 6.28(AASE.0) and earlier 6.28(AASE.3) WAC6503D-S 6.28(AASF.0) and earlier 6.28(AASF.3) WAC6552D-S 6.28(ABIO.0) and earlier 6.28(ABIO.3) WAC6553D-E 6.28(AASG.2) and earlier 6.28(AASG.3) WAX300H 7.00(ACHF.1) and earlier 7.00(ACHF.2) WAX510D 7.00(ABTF.1) and earlier 7.00(ABTF.2) WAX610D 7.00(ABTE.1) and earlier 7.00(ABTE.2) WAX620D-6E 7.00(ACCN.1) and earlier 7.00(ACCN.2) WAX630S 7.00(ABZD.1) and earlier 7.00(ABZD.2) WAX640S-6E 7.00(ACCM.1) and earlier 7.00(ACCM.2) WAX650S 7.00(ABRM.1) and earlier 7.00(ABRM.2) WAX655E 7.00(ACDO.1) and earlier 7.00(ACDO.2) WBE530 7.00(ACLE.1) and earlier 7.00(ACLE.2) WBE660S 7.00(ACGG.1) and earlier 7.00(ACGG.2) Security router USG LITE 60AX V2.00(ACIP.2) V2.00(ACIP.3)* *Updated by cloud Got a question? Please contact your local service rep or visit Zyxel’s Community for further information or assistance. Acknowledgment Thanks to Chengchao Ai from the ROIS team of Fuzhou University for reporting the issue to us. Revision history 2024-9-3: Initial release.
This morning is @Apple's usual patch release day, and **everything** needs updating
Details here -> https://buff.ly/2Jy40mT
The threat of ransomware is getting greater for small businesses as we see the trickle down of the technology as the more experienced actors move on to newer versions...
#CyberEssentials can help you protect yourself from 80% of commodity malware.
"Junk gun" ransomware: the cheap new threat to small businesses | Tripwire
https://www.tripwire.com/state-of-security/junk-gun-ransomware-cheap-new-threat-small-businesses
Whilst this won't effect the majority of small companies, this is an escalation of focus from the US government to this breach of Microsoft and shows that no one is perfectly safe...
SME's need to focus on getting the basic cyber security measures in place, and working towards #CyberEssentials will help you achieve this.
Not Simon (@[email protected])
Hot off the press! **CISA** issues Emergency Directive (ED) 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System. Affected agencies are required to take immediate remediation action for tokens, passwords, API keys, or other authentication credentials known or suspected to be compromised; identify the full content of the agency correspondence with compromised Microsoft accounts, etc. 🔗 https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system This is in regards to the cyberattack on Microsoft by APT29 a.k.a. Midnight Blizzard, publicly attributed to Russia's Foreign Intelligence Service (SVR) first [disclosed 19 January 2024](https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/). cc: @briankrebs @[email protected] #Russia #CISA #cyberespionage #Microsoft #APT29
Currently at the IASME Certification Bodies & Assured Service Providers Regional Meeting in Cardiff.
Surprise!
Apple released the following updates yesterday so please update your devices today:
For more details -> https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716
Thanks as always to https://www.linkedin.com/company/sans-institute/!
If you have @Ubiquiti EdgeRouters installed follow the guidance to ensure that they have not been compromised.
The UK is not on the list of targetted countries, other groups may be using the same vulnerabilities - better safe than sorry...
https://infosec.exchange/@dangoodin/112005602914513759
Dan Goodin (@[email protected])
The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they’ve been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses. APT28—one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU—has been doing that for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28—also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit—from being able to regain control of the devices. On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. https://arstechnica.com/security/2024/02/kremlin-backed-hackers-are-infecting-ubiquity-edgerouters-fbi-warns/