Network Security News Summary for Friday October 18th, 2024

Internet Storm Center Stormcast

17 Oct 202405:53

Summary

TLDRIn the October 18, 2024 edition of the Sanson Stormers Stormcast, host Johannes Ol discusses various cybersecurity concerns, including attacks on Amazon Cloud Network targeting port 8080, macOS quarantine attribute issues, and Oracle's quarterly patch addressing 334 vulnerabilities. He highlights Cisco's firmware updates for their analog telephone adapters, an SAP code injection vulnerability, and spamming activities on Department of Commerce websites. The episode emphasizes the importance of security measures and user awareness in light of these ongoing threats and vulnerabilities.

Takeaways

🛡️ G has observed attacks emerging from an Amazon Cloud Network, specifically scanning for port 8080, likely targeting proxies.
📊 The TTLs of the observed traffic do not match expected patterns, indicating unusual activity that needs further investigation.
⚠️ Palo Alto published a blog detailing how macOS is not properly enforcing the quarantine attribute for downloaded files, posing security risks.
🗂️ When files are unzipped from archives, the quarantine attribute may not be applied, leading to potential execution of malicious files without warnings.
🔧 Oracle released its quarterly critical patch update, addressing 334 vulnerabilities across its application portfolio, highlighting the importance of knowing which applications are in use.
📞 Cisco updated its AT810 analog telephone adapters due to vulnerabilities that could lead to complete device compromise, emphasizing the need for secure firmware updates.
🚨 The Red Rays SAP security team disclosed a code injection vulnerability in SAP NetWeaver's Java Log Viewer plugin, allowing arbitrary file uploads that could lead to code execution.
🛑 A recommended mitigation for the SAP vulnerability is to restrict the types of files that can be uploaded to the Log Viewer plugin.
💻 An ongoing issue involves spam advertisements on Department of Commerce websites, often linked to compromised sites promoting pharmaceuticals.
🤝 Tom Liston is tracking this spam activity and seeks assistance to address the problem, urging those connected with the Department of Commerce to investigate.

Q & A

What specific attacks did G observe in the Amazon Cloud Network?
-G noted attacks scanning for port 8080, likely looking for proxy vulnerabilities.
What issue was highlighted regarding the macOS quarantine attribute?
-The macOS quarantine attribute may not properly enforce warnings for downloaded files, especially after unzipping archived files.
How does the issue with macOS compare to Windows?
-The problem mirrors Windows' 'Mark of the Web,' where similar bypass techniques have been exploited.
What was significant about Oracle's recent critical patch update?
-Oracle released an update addressing 334 vulnerabilities across its application portfolio, emphasizing the challenge of identifying which applications are impacted.
What vulnerabilities were addressed in Cisco's update?
-Cisco updated its AT810 analog telephone adapters to fix firmware-related vulnerabilities that could lead to complete device compromise.
What insecure channels can lead to the exploitation of Cisco devices?
-Firmware updates for Cisco devices sometimes occur over insecure channels like HTTP or TFTP, increasing vulnerability.
What vulnerability was disclosed by the Red Rays SAP security team?
-A code injection vulnerability was identified in SAP NetWeaver's log viewer plugin, allowing for potential code execution.
What mitigation strategy was suggested for the SAP vulnerability?
-It is recommended to limit the file types that can be uploaded to the log viewer plugin to mitigate the vulnerability.
What issue did Tom Liston identify regarding the Department of Commerce?
-Tom Liston reported that Department of Commerce websites were posting spam related to pharmaceuticals, attributed to compromised data feeds.
What is the suggested action for those aware of the spam issue on government websites?
-Listeners are encouraged to reach out to contacts at the Department of Commerce to address and rectify the spam issue.