Weekly Cyber News Roundup

March 23rd to March 31st 2024


Under
Attack?

Content 

01. News Bites
  • The German Federal Office for Information Security (BIS) has announced that there are over 17,000 Microsoft Exchange servers that are vulnerable
  • Some Apple CPU’s have been found to have an “un-patchable” vulnerability whereby they’re leaking encryption keys.
  • A critical vulnerability in Jenkins (open-source DevOps software) was disclosed recently as CVE-2024-23897.
  • The Big Issue is having a big issue!
02. Conclusion

Quick News Bites

The German Federal Office for Information Security (BIS) has announced that there are over 17,000 Microsoft Exchange servers that are vulnerable to at least one vulnerability exposed to the Internet in Germany out of 45,000 in total.

Considering many of the Microsoft Exchange vulnerabilities were disclosed many months ago, it is surprising to see such a huge percentage still vulnerable. The move from on-premises to cloud is slowly taking place, but Integrity360 have found that most organisations that get breached due to a vulnerable Exchange server is because they are in the process of migrating. Whilst migrating, we have found that they take their “foot off the pedal” when it comes to keeping their servers patched because in their mind they are getting rid of them soon anyway.

Some Apple CPU’s have been found to have an “un-patchable” vulnerability whereby they’re leaking encryption keys.

The side-channel vulnerability (where indirect effects of the system or hardware is monitored and then targeted) was discovered in Apple’s M-series processors and the researchers claim that they can use it to steal encryption keys from Mac devices. Similar to the historical and infamous Spectre/Meltdown vulnerability that affected a huge amount of different CPU models, this vulnerability relies on the preloading of data (called branch prediction) in order to work. In order to patch this would require the redesign of the CPU which is unlikely.

A critical vulnerability in Jenkins (open-source DevOps software) was disclosed recently as CVE-2024-23897.

It allows unauthenticated attackers with no permissions to read the first few lines of any file they wish on the underlying operating system. This means that potentially sensitive data could be read. The vulnerability arises from an un-sanitised argument being interpreted by the Jenkins service. Jenkins is a major piece of DevOps infrastructure around the world and is used by many organisations meaning that a large number might get breached.

The Big Issue is having a big issue!

The parent company of the street newspaper company has reportedly suffered a ransomware attack from the Qilin ransomware gang. They claim to have stolen 550GB of company data. In the initial data leak by Qilin, sensitive data such as the CEO’s driving licence and salary information have been released. It is an unforatunate event for any company to be ransomware’d, but especially so for one that typically employs homeless/vulnerable people to give them a chance to earn money and reintegrate into society.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.

Register Now

Latest Threat Insights

Advisory: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway

Advisory: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway

Read More
The Top Reported Cyber Security Incidents of 2023

The Top Reported Cyber Security Incidents of 2023

Read More
Get to grips with Threat Exposure Management this Computer Security Day

Get to grips with Threat Exposure Management this Computer Security Day

Read More