Welcome to Ironshare’s first Cyber Round-up of 2024, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
As of the 9th of January 2024 Microsoft Exchange Server 2019 will no longer receive bug fixes and design changes, however it will continue to receive security updates to patch the latest vulnerabilities. Now in the extended support phase of its lifecycle, Microsoft Exchange Server 2019 is scheduled to go end-of-life on the 14th of October 2025.
Microsoft is yet to release a newer version of Exchange Server and no end-of-life guidance has been provided to customers.
Microsoft Exchange Product Marketing Manager Scott Schnoll stated "There are still two more [cumulative updates] for Exchange Server 2019: CU14 and CU15. CU14 is in its final stages of testing and validation and will be released as soon as that's finished. CU15 will be released later this year."
By bleepingcomputer.com
Fidelity National Financial, an American provider of title insurance and settlement services to the real estate and mortgage industries, reported that hackers had gained access to their IT network back in November.
The ransomware gang, ALPHV, claimed responsibility for the attack on their dark web site, before it was taken down by the FBI in December. Before their site was seized, ALPHV revealed a sample of the information that was stolen in the attack.
FNF has yet to describe the cybersecurity incident as a ransomware attack and has failed to respond to requests for such information. Further investigation into the attack on FNF did reveal the following:
"We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data […] The company has no evidence that any customer-owned system was directly impacted in the incident, and no customer has reported that this has occurred. The last confirmed date of unauthorized third-party activity in the company's network occurred on November 20, 2023."
The latest news on this incident is that the personal information of 1.3 million customers was stolen; FNF has reached out to all those affected offering credit monitoring and identity services.
By theregister.com
Cybersecurity firm, Mandiant, has revealed that their X (Formerly Twitter) account was taken over by a crypto gang. In what is believed to be a brute-force attack, the Drainer-as-a-service gang gained access to the account for a few hours, before Mandiant reclaimed control. During their time in control, the attacker distributed links for a cryptocurrency drainer phishing page to Mandiant’s 123K followers.
The blame for this incident is shared between Mandiant and X; in their latest statement, the cybersecurity firm took responsibility for the account compromise, but also shifted some blame onto X’s configuration of MFA (Multi-Factor Authentication).
“Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected. We've made changes to our process to ensure this doesn't happen again,”
By bleepingcomputer.com
Microsoft is starting off the year with this January Patch Tuesday release, which addresses 49 total vulnerabilities. The release includes fixes for 2 critical and 47 important vulnerabilities. Microsoft has reported that no vulnerabilities have been publicly disclosed or exploited in the wild this month.
See here for our round-up of the top critical & important vulnerabilities addressed this month.
Many Windows 10 users have reported issues with installing some of this month’s updates, specifically update KB5034441 for BitLocker. This update addresses an important encryption bypass vulnerability that could allow an attacker to access encrypted data.
Unfortunately, this update is consistently failing for a large number of users, who are met with 0x80070643 errors after restarting their devices. To address the vulnerability, this update installs a new version of the Windows Recovery Environment (WinRE), however the recovery partition created by Windows is too small to support the new WinRE file.
For those who want an immediate fix for this, Microsoft has suggested manually creating a larger Windows Recovery Partition to accommodate the new update; we do expect Microsoft to address this issue soon, however, should you prefer to wait for an official fix.
By bleepingcomputer.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #264 – 12th January 2024
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
