Network Security News Summary for Wednesday October 02th, 2024

Internet Storm Center Stormcast

1 Oct 202405:44

Summary

TLDRIn this October 2nd, 2024 edition of Sanson Stormcast, host Johannes Ol from Jacksonville, Florida discusses key cybersecurity issues during Cybersecurity Awareness Month. He highlights the rise of AI-generated images used in social media scams, as well as ongoing hurricane-related fraud. The podcast also covers a recent critical vulnerability in the Simra Suite's Post Journal service and details a Microsoft Edge extension security update. Lastly, the Bally Research team reveals a stack-based buffer overflow flaw in Super Micro baseboard management controllers. The episode wraps with tips for staying secure and updating firmware.

Takeaways

🌪️ October is Cybersecurity Awareness Month, and a quick diary on hurricane-related scams has been published.
📸 AI-generated images related to events like hurricanes are being used on social media to gain followers and potentially spread scams.
⚠️ Last week, Simra released a patch for a remote code execution vulnerability in the Post Journal service, part of the Simra Suite but not enabled by default.
✉️ The vulnerability affects the email portion of the system, specifically through Port 10,027, allowing hackers to exploit via malicious emails.
🔑 Microsoft is improving its publishing API for Microsoft Edge extensions, making API keys randomly generated and valid for 72 days.
🛠️ The API key rotation in Microsoft's new system could complicate CI/CD pipelines, as it's unclear if automation is supported.
💻 Bally Research revealed a vulnerability in the baseboard management controller of Super Micro motherboards, discovered in July.
💥 The vulnerability is a stack-based buffer overflow in the login form, making it easy to exploit without authentication.
🔒 It's critical to secure access to baseboard management controllers and regularly update firmware due to their history of vulnerabilities.
📢 The podcast gained more listeners thanks to a Reddit post, with the host expressing gratitude and welcoming new listeners.

Q & A

What is the main focus of the podcast episode?
-The podcast focuses on cybersecurity awareness and recent security vulnerabilities, particularly in relation to AI-generated social media scams, a patch for a vulnerability in the Simra Post Journal service, and malicious browser extensions.
Why is October significant in the context of the podcast?
-October is Cybersecurity Awareness Month, making it a timely opportunity to discuss cybersecurity issues, including scams related to hurricanes and AI-generated images.
What new type of scam is mentioned related to hurricanes?
-A newer type of scam involves AI-generated images in social media posts that falsely claim to be related to hurricane events. These posts are often created to gain followers, which can then be used to spread scams.
What vulnerability was patched in the Simra suite, and how is it different from typical vulnerabilities?
-The vulnerability patched was in the Post Journal service of the Simra Suite, which is not enabled by default. Unlike common vulnerabilities found in Simra's webmail system, this one is in the email part of the system, specifically affecting the SMTP port.
How does the exploit for the Simra vulnerability work?
-The exploit targets the 'receipt 2' header in the SMTP email header, allowing malicious code to be executed if a hacker can reach the Post Journal service on Port 10,027 and feed a malicious email directly to it.
What change is Microsoft making to the API for publishing Edge extensions?
-Microsoft is improving the API used for publishing Edge extensions by introducing a new allocation system. API credentials will now expire after 72 days, requiring developers to regenerate them, compared to the previous 2-year expiration period.
What challenges could the new Microsoft API key rotation system present for developers?
-The new 72-day expiration for API credentials could create challenges in CI/CD pipelines if the key rotation process is not automatable, which might complicate automated deployment systems.
What security flaw was found in Super Micro motherboards' baseboard management controllers (BMCs)?
-A simple stack-based buffer overflow was found in the login form of the baseboard management controllers (BMCs) of Super Micro motherboards, which could be exploited without authentication.
Why is securing access to baseboard management controllers important?
-Baseboard management controllers have a history of being vulnerable to exploitation, and securing them is critical because they often have direct access to low-level system functions that can lead to severe security breaches.
What general advice is given for protecting against BMC vulnerabilities?
-It is recommended to regularly update the firmware of baseboard management controllers and secure their access to prevent exploitation of vulnerabilities like the one recently discovered.