The Blacksite Weekly Intelligence Report

Microsoft Security Patches for Potential Threats for March

Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others.

Of the total 71 patches, three are rated Critical and 68 are rated Important in severity.

While none of the vulnerabilities are listed as actively exploited, three of them are publicly known at the time of release.

All the three critical vulnerabilities remediated this month are remote code execution flaws impacting HEVC Video Extensions (CVE-2022-22006), Microsoft Exchange Server (CVE-2022-23277), and VP9 Video Extensions (CVE-2022-24501).

More information: https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar


APC Smart-UPS Devices Cyber Risk

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner.

Most of the afflicted devices, totaling over 20 million, have been identified so far in healthcare, retail, industrial, and government sectors.

"Abusing flaws in firmware upgrade mechanisms is becoming a standard practice of APTs, as has been recently detailed in the analysis of the Cyclops Blink malware, and improper signing of firmwares of embedded devices is a recurring flaw in various embedded systems," Armis researchers said.

Following responsible disclosure to Schneider Electric on October 31, 2021, fixes have been released as part of Patch Tuesday updates on March 8, 2022.

Customers are recommended to install the updates provided to reduce the risk of successful exploitation of these vulnerabilities.

"UPS devices, like many other digital infrastructure appliances, are often installed and forgotten," the researchers concluded.

More information: https://info.armis.com/rs/645-PDC-047/images/Armis-TLStorm-WP%20%281%29.pdf

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02

  

New High-Severity UEFI Firmware Flaws Affecting Millions of HP Devices

Security researchers disclosed over a dozen serious vulnerabilities affecting UEFI firmware.

The vulnerabilities affect multiple HP enterprise devices such as laptops, desktops, point-of-scale systems, and edge computing nodes.

SSM and DXM are activated before the operating systems, meaning that any vulnerabilities exploited in these components exceed OS privileges and can bypass virtually all protections.

According to Binarly’s report on the vulnerabilities, the active exploitation of all the discovered vulnerabilities can’t even be detected by firmware monitoring systems.

The company also started releasing firmware updates to mitigate the issue.

More information: https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html

https://support.hp.com/us-en/document/ish_5817864-5817896-16

 

DDoSers Using Mass Scale New Methods Technology Threat

Researchers at the University of Maryland and the University of Colorado at Boulder last August published research showing that there were hundreds of thousands of middleboxes that had the potential to deliver some of the most crippling distributed denial of service attacks ever seen. For decades, people have used DDoSes to flood sites with more traffic or computational requests than the sites can handle, denying services to legitimate users. DDoSes are like the old prank of directing more calls to the pizza parlor than the parlor has phone lines to handle. Advertisement To maximize the damage and conserve resources, DDoSers often increase the firepower of their attacks through amplification vectors. Researchers said that they identified hundreds of servers that amplified traffic at a higher multiplier than misconfigured servers using memcached, a database caching system for speeding up websites that can increase traffic volume by an astounding 51,000x.

Akamai researchers have reported that these attacks are on the rise. A recent set of attacks peaked at 11Gbps and 1.5 million packets per second. “Unfortunately, we weren’t surprised. Worst of all, the attacks are new; as a result, many operators do not yet have defenses in place, which makes it that much more enticing to attackers.” a research said. One of the middleboxes received an SYN packet with a 33-byte payload and responded with a 2,156-byte reply.

 

Politicians Split on Cyber Security Bill

Top national cyber security experts and security officials are publicly split over legislation that would require critical infrastructure companies to report hacks to the government.

CISA Director Jen Easterly has praised the reporting mandate as a critical tool for enhancing the nation’s cyber defenses.

An FBI official said that certain provisions might discourage companies from talking to the bureau and make it harder for the government to disrupt cybercrime gangs.

and ranking member Rob Portman (R-Ohio), have expressed no interest in altering the bill.

“It’s disappointing to see the FBI take a bureaucratic dispute public under the guise of a serious threat to public safety,” said Trey Herr, director of the Atlantic Council’s Cyber Statecraft Initiative.

CISA used to depend heavily on the FBI for reports of cyberattacks, Travis said, and “this bill will put the shoe on the other foot, to some extent.”

The White House is still interested in tweaking the bill.

 

Cyber Risk Management Doesn’t Have To Be Difficult …

 

How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats

The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Expert security company Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. Blacksite implements the latest ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family owned to that of the size of a fortune 500.

For more information, please contact us and we’ll be glad to assist you.

Become invisible, become secure.