Microsoft Should Provide Full Security Logs for Base Software License Levels; Network Access Control Done Right Provides Foundation for Ability to Trust or Not; Zimbra Workaround Required While Waiting for Patch

Last week, Microsoft disclosed that hackers with ties to China’s government used forged authentication tokens to break into email accounts at US government agencies and other organizations. It is not yet clear how the attacker obtained the encryption key necessary to create the tokens. The attack can be detected only by Microsoft customers with certain, more-expensive licenses. The situation has not escaped the notice of government officials: in a press call, a CISA senior said that “Every organization using a technology service like Microsoft 365 should have access to logging and other security data out of the box.”

Read more in

Forescout has published a list of the five riskiest connected devices in Information Technology (IT), the Internet of Things (IoT), Operational Technology (OT), and the Internet of Medical Things (IoMT). The lists are derived from “a data-driven approach by analyzing millions of devices in Forescout’s Device Cloud using Forescout’s multifactor risk scoring methodology.” Of the 20 types of devices in the lists, seven did not appear in last year’s lists: VPN gateways, security appliances, network-attached storage (NAS), out-of-band management, engineering workstations, remote terminal units, and blood glucose monitors.

Read more in

Zimbra is urging users to apply a patch to Zimbra Collaboration Suite 8.8.15 to address an actively exploited vulnerability. The vulnerability can be exploited to steal or modify data. Zimbra plans to release an update that fixes the flaw later this month; for users who want to take preventive measures sooner, Zimbra has provided instructions for manually updating mailbox nodes.

Read more in

Adobe has released fixes to address critical vulnerabilities affecting ColdFusion and InDesign. The patches were part of Adobe’s scheduled monthly security update, which addressed 15 vulnerabilities in all.

Read more in

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a factsheet with information for organizations migrating their operations ”to a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security.”

Read more in

Becton, Dickinson, and Co. has disclosed eight vulnerabilities affecting its medication infusion products. The flaws in the BD Alaris Guardrails Suite MX, versions 12.1.3 and earlier, could be exploited to compromise data, hijack sessions, modify firmware, and alter system configurations. BD said that “remediation and deployment planning for these vulnerabilities is currently in progress.” The US Cybersecurity and Infrastructure Security Agency (CISA) has published an ICS medical advisory detailing the vulnerabilities.

Read more in

IT management services firm JumpCloud says that a cyberattack launched by nation-state-sponsored threat actors earlier this summer targeted a specific subset of its customers. When JumpCloud learned of the attack, it reset all admin API keys as a precaution. The attackers gained initial access to JumpCloud’s environment with a spear-phishing attack.

Read more in

The US Department of Commerce has launched a website that allows US organizations to certify their participation with the newly-adopted EU-US Data Privacy Framework. US organizations that transfer data between the EU and the US must certify participation by October 10, 2023. The website also allows US companies to certify compliance with the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework.

Read more in

According to Mandiant, the number of attacks using USB drives as the initial vector of intrusion has increased significantly over the first six months of 2023. In a blog post, Mandiant describes two attack campaigns that used USB drives as the initial vector of attack: SOGU and SNOWYDRIVE. SOGU has been used in attacks targeting both public and private organizations across sectors; SNOWYDRIVE has been used in attacks against the oil and gas industries in Asia.

Read more in

According to analysis from Proofpoint, just 28 percent of hospitals in South Africa and the United Arab Emirates (UAE) have implemented the strictest level of the Domain-based Message Authentication, Reporting and Conformance (DMARC) email authentication protocol. Healthcare organizations are increasingly becoming targets of ransomware operators, which speaks to the need to take extra precautions to protect their systems.

Read more in