CISO Talk by James Azar
CyberHub Podcast
Microsoft Confirms Zeroday, Patch Tuesday Recap, Delta & Amazon Confirm Breach, Volt Typhoon Botnet Comeback
0:00
-14:36

Microsoft Confirms Zeroday, Patch Tuesday Recap, Delta & Amazon Confirm Breach, Volt Typhoon Botnet Comeback

Comprehensive Breakdown of November’s Critical Security Updates: Microsoft’s Four Zero-Day Patches, Adobe’s Vulnerability Fixes in Creative Cloud and Commerce Products.

Good morning, security gang! As you grab your coffee and settle in, let’s dive into the November Patch Tuesday updates and other critical developments in the cybersecurity world. This comprehensive roundup breaks down new vulnerabilities and notable cyber events that require swift attention and remediation.

Leave a comment

Microsoft Patch Tuesday: November 2024

Microsoft addressed 91 security flaws, including four actively exploited zero-days. Key highlights include:

  • NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451): Allows remote attackers to misuse NTLM hashes for unauthorized authentication.

  • Windows Task Scheduler Elevation of Privilege (CVE-2024-4903): Allows privilege escalation and resource access, potentially dangerous for low-integrity apps.

Adobe’s Patch Tuesday Fixes

Adobe’s update addressed 48 security bugs in key products like Adobe Commerce, InDesign, Photoshop, and Magento. Critical attention was placed on Adobe Commerce, which could expose e-commerce sites to code execution risks.

  • Adobe Acrobat and Reader: Security updates were issued to resolve vulnerabilities that could allow attackers to execute arbitrary code or escalate privileges. Users are advised to update to the latest versions to mitigate these risks.

  • Adobe Photoshop: A critical update was released to fix a vulnerability that could lead to arbitrary code execution. Both Windows and macOS users should apply this update promptly.

  • Adobe InDesign and InCopy: Updates were provided to address vulnerabilities that could result in code execution or information disclosure. Users are encouraged to install these updates to enhance security.

Citrix & Fortinet Patches

Citrix and Fortinet released patches addressing vulnerabilities in products such as NetScaler and FortiOS. High-severity flaws were found in Citrix NetScaler ADC and Fortinet’s FortiOS, highlighting the importance of updating these systems promptly.

Industrial Control Systems Security Updates

Siemens, Schneider Electric, Rockwell Automation, and CISA released advisories targeting industrial control systems. Siemens patched vulnerabilities in third-party components, while Schneider’s updates included a critical flaw in the EcoStruxure IT Gateway.

In early November 2024, several organizations released security advisories addressing vulnerabilities in Industrial Control Systems (ICS):

  • Siemens: Published multiple advisories for products like TeleControl Server Basic, addressing critical deserialization issues that could allow unauthenticated attackers to execute arbitrary code. Siemens also patched vulnerabilities in products such as SCALANCE M-800 and S615 modules.

  • Schneider Electric: Issued advisories for EcoStruxure IT Gateway, highlighting vulnerabilities that could enable attackers to take control of systems and access sensitive information.

  • Rockwell Automation: Released updates for FactoryTalk View ME, addressing high-severity remote code execution vulnerabilities.

  • Cybersecurity and Infrastructure Security Agency (CISA): Published advisories covering critical vulnerabilities in Subnet PowerSYSTEM Center and Hitachi Energy TRO600 radios, which could be exploited for command execution with root privileges and unauthorized access to configuration information.

MOVEit Data Breach Continues to Resurface

The MOVEit vulnerability from 2023 persists, with Delta Airlines and Amazon confirming employee data breaches. Records for over 96 million individuals were affected, demonstrating the lasting effects of major breaches.

Chinese Espionage on Tibetan Community Websites

A Chinese state-sponsored group compromised the Tibet Post and Gyadamed Tantric University sites to install malware, aiming to gather intelligence on Tibetan community members.

Volt Typhoon Resurfaces

The Chinese espionage group Volt Typhoon is rebuilding its botnet infrastructure. Targeting SOHO routers and network devices, they aim to regain covert access to compromised systems worldwide.

Iranian Threat Actor Group TA-455

Iranian-linked TA-455 is mimicking North Korea’s job luring tactics to target aerospace and defense sectors, particularly in the Middle East and Asia. Using social engineering, they lure targets with fake job offers to deploy malware.

Controversy over UN Cybercrime Treaty

The Biden administration is exploring joining a UN cybercrime treaty proposed by Russia, sparking concerns from U.S. lawmakers and digital rights advocates. Critics argue that it risks allowing authoritarian regimes to misuse cybercrime definitions for suppressing dissent.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

Key Action Items for Cybersecurity Teams:

  1. Patch Microsoft Systems: Prioritize updates for NTLM and Task Scheduler vulnerabilities.

  2. Update Adobe Software: Push updates across Adobe Commerce, InDesign, Photoshop, and other platforms.

  3. Patch Citrix and Fortinet Products: Secure NetScaler and FortiOS to prevent exploitation.

  4. Focus on ICS Security: Ensure Siemens, Schneider, and Rockwell Automation systems are updated.

  5. Monitor MOVEit Vulnerabilities: Ensure systems are safeguarded against residual MOVEit vulnerabilities.

  6. Review Website Access for Tibet and Activist Communities: Be cautious when accessing sites tied to sensitive geopolitical entities.

  7. Watch for Job-Based Phishing: Stay alert to lures targeting aerospace and defense sectors.

  8. Stay Informed on UN Cybercrime Treaty Developments: Follow legislative updates related to the UN cybercrime treaty and potential implications for cross-border data and privacy protections.

Stay cyber-safe and check back tomorrow for further updates on cybersecurity developments. Remember to subscribe to our Substack and follow us on social media for the latest insights.

✅ Story Links: 

https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2024-patch-tuesday-fixes-4-zero-days-91-flaws/

https://www.securityweek.com/microsoft-confirms-zero-day-exploitation-of-task-scheduler-flaw/

https://www.securityweek.com/patch-tuesday-critical-flaws-in-adobe-commerce-photoshop-indesign-illustrator/

https://www.securityweek.com/citrix-fortinet-patch-high-severity-vulnerabilities/

https://www.securityweek.com/ics-patch-tuesday-security-advisories-released-by-cisa-schneider-siemens-rockwell/

https://therecord.media/delta-amazon-vendor-breach-confirmed

https://www.securityweek.com/chinese-hackers-target-tibetan-websites-in-malware-attack-cybersecurity-group-says/

https://www.bleepingcomputer.com/news/security/volt-typhoon-rebuilds-malware-botnet-following-fbi-disruption/

https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html

https://www.cybersecuritydive.com/news/biden-administration-un-cybercrime-treaty/732643/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Substack:

👉Listen here: https://linktr.ee/cyberhubpodcast   

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.