Good morning, security gang! As you grab your coffee and settle in, let’s dive into the November Patch Tuesday updates and other critical developments in the cybersecurity world. This comprehensive roundup breaks down new vulnerabilities and notable cyber events that require swift attention and remediation.
Microsoft Patch Tuesday: November 2024
Microsoft addressed 91 security flaws, including four actively exploited zero-days. Key highlights include:
NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451): Allows remote attackers to misuse NTLM hashes for unauthorized authentication.
Windows Task Scheduler Elevation of Privilege (CVE-2024-4903): Allows privilege escalation and resource access, potentially dangerous for low-integrity apps.
Adobe’s Patch Tuesday Fixes
Adobe’s update addressed 48 security bugs in key products like Adobe Commerce, InDesign, Photoshop, and Magento. Critical attention was placed on Adobe Commerce, which could expose e-commerce sites to code execution risks.
Adobe Acrobat and Reader: Security updates were issued to resolve vulnerabilities that could allow attackers to execute arbitrary code or escalate privileges. Users are advised to update to the latest versions to mitigate these risks.
Adobe Photoshop: A critical update was released to fix a vulnerability that could lead to arbitrary code execution. Both Windows and macOS users should apply this update promptly.
Adobe InDesign and InCopy: Updates were provided to address vulnerabilities that could result in code execution or information disclosure. Users are encouraged to install these updates to enhance security.
Citrix & Fortinet Patches
Citrix and Fortinet released patches addressing vulnerabilities in products such as NetScaler and FortiOS. High-severity flaws were found in Citrix NetScaler ADC and Fortinet’s FortiOS, highlighting the importance of updating these systems promptly.
Industrial Control Systems Security Updates
Siemens, Schneider Electric, Rockwell Automation, and CISA released advisories targeting industrial control systems. Siemens patched vulnerabilities in third-party components, while Schneider’s updates included a critical flaw in the EcoStruxure IT Gateway.
In early November 2024, several organizations released security advisories addressing vulnerabilities in Industrial Control Systems (ICS):
Siemens: Published multiple advisories for products like TeleControl Server Basic, addressing critical deserialization issues that could allow unauthenticated attackers to execute arbitrary code. Siemens also patched vulnerabilities in products such as SCALANCE M-800 and S615 modules.
Schneider Electric: Issued advisories for EcoStruxure IT Gateway, highlighting vulnerabilities that could enable attackers to take control of systems and access sensitive information.
Rockwell Automation: Released updates for FactoryTalk View ME, addressing high-severity remote code execution vulnerabilities.
Cybersecurity and Infrastructure Security Agency (CISA): Published advisories covering critical vulnerabilities in Subnet PowerSYSTEM Center and Hitachi Energy TRO600 radios, which could be exploited for command execution with root privileges and unauthorized access to configuration information.
MOVEit Data Breach Continues to Resurface
The MOVEit vulnerability from 2023 persists, with Delta Airlines and Amazon confirming employee data breaches. Records for over 96 million individuals were affected, demonstrating the lasting effects of major breaches.
Chinese Espionage on Tibetan Community Websites
A Chinese state-sponsored group compromised the Tibet Post and Gyadamed Tantric University sites to install malware, aiming to gather intelligence on Tibetan community members.
Volt Typhoon Resurfaces
The Chinese espionage group Volt Typhoon is rebuilding its botnet infrastructure. Targeting SOHO routers and network devices, they aim to regain covert access to compromised systems worldwide.
Iranian Threat Actor Group TA-455
Iranian-linked TA-455 is mimicking North Korea’s job luring tactics to target aerospace and defense sectors, particularly in the Middle East and Asia. Using social engineering, they lure targets with fake job offers to deploy malware.
Controversy over UN Cybercrime Treaty
The Biden administration is exploring joining a UN cybercrime treaty proposed by Russia, sparking concerns from U.S. lawmakers and digital rights advocates. Critics argue that it risks allowing authoritarian regimes to misuse cybercrime definitions for suppressing dissent.
Key Action Items for Cybersecurity Teams:
Patch Microsoft Systems: Prioritize updates for NTLM and Task Scheduler vulnerabilities.
Update Adobe Software: Push updates across Adobe Commerce, InDesign, Photoshop, and other platforms.
Patch Citrix and Fortinet Products: Secure NetScaler and FortiOS to prevent exploitation.
Focus on ICS Security: Ensure Siemens, Schneider, and Rockwell Automation systems are updated.
Monitor MOVEit Vulnerabilities: Ensure systems are safeguarded against residual MOVEit vulnerabilities.
Review Website Access for Tibet and Activist Communities: Be cautious when accessing sites tied to sensitive geopolitical entities.
Watch for Job-Based Phishing: Stay alert to lures targeting aerospace and defense sectors.
Stay Informed on UN Cybercrime Treaty Developments: Follow legislative updates related to the UN cybercrime treaty and potential implications for cross-border data and privacy protections.
Stay cyber-safe and check back tomorrow for further updates on cybersecurity developments. Remember to subscribe to our Substack and follow us on social media for the latest insights.
✅ Story Links:
https://www.securityweek.com/microsoft-confirms-zero-day-exploitation-of-task-scheduler-flaw/
https://www.securityweek.com/citrix-fortinet-patch-high-severity-vulnerabilities/
https://therecord.media/delta-amazon-vendor-breach-confirmed
https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html
https://www.cybersecuritydive.com/news/biden-administration-un-cybercrime-treaty/732643/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Microsoft Confirms Zeroday, Patch Tuesday Recap, Delta & Amazon Confirm Breach, Volt Typhoon Botnet Comeback