Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Cisco has updated their advisory for the two critical vulnerabilities that were recently found affecting Cisco IOS XE devices. With both flaws being actively exploited in the wild, it is critical that all organisations using these devices apply the latest patch as a priority.
To help UK organisations address this threat, the NCSC has compiled the must-know information into an easily digestible format. The top recommendations for mitigating these vulnerabilities are:
“Check for compromise using the detection steps and indicators of compromise (IoCs) detailed in the Cisco advisory.
If you believe you have been compromised and are in the UK, you should report it to the NCSC.
Disable the HTTP Server feature on all internet-facing devices, or restrict access to trusted networks.
Install the latest version of Cisco IOS XE. More information is on the Cisco website. Organisations should monitor that advisory for the latest information and software updates.”
The latest IBM study has shown that AI language models, including ChatGPT, are capable of writing sophisticated phishing emails that are close to perfect. IBM composed human-written, and ChatGPT-written phishing emails, and distributed these to 1,600 employees of an unnamed company. Of the 800 employees who received a human-written email, 14% were fooled; the ChatGPT pool on the other hand had an 11% catch rate. While human composed phishing emails are still more successful, the possibility of using AI language models to construct phishing emails is concerning and will only become more effective with time.
Full details of the study can be found here.
A new side-channel attack developed by academic researchers at the University of Michigan and Ruhr University Bochum has been able to steal information from Safari with “near-perfect accuracy.” The attack, named iLeakage, can bypass currently implemented side-channel protections implemented in all browser vendors by applying a timeless and architecture-agnostic method based on race conditions. Researchers discovered they were capable of stealing information from Safari by speculatively reading and leaking any 64-bit pointers in the address space Safari browser uses for the rendering process. Mitigation measures can be applied to devices vulnerable to this attack which can be read here.
Last month, the Wordfence Threat Intelligence team publicly disclosed a complete list of vulnerabilities currently affecting the AI ChatBot WordPress plugin. Despite being fixed in patch 4.9.1, some of the flaws reemerged in the following version; these have all been readdressed 4.9.3, and all users of the AI ChatBot plugin are advised to upgrade to this version as soon as possible.
The biggest vulnerability addressed in this patch was a critical Unauthenticated SQL Injection flaw which has a CVSS score of 9.8 and is being tracked as CVE-2023-5204.
A full list of the addressed vulnerabilities, and details, can be found in this Wordfence article.
Okta, A world leader in identity and access management services, suffered an intrusion on the 20th of October 2023. This breach specifically targeted their customer support system, and Okta have reported that “around 1 percent” of its customer base was affected.
1Password, an Okta customer, said they had warned the company of suspicious activity on the 29th of September, which was ultimately related to this incident. BeyondTrust and Cloudflare also reported similar activity to Okta.
A TrustedSec security consultant commented on this incident, saying: “What I find surprising in this case is that, after the 2022 breach, you'd think Okta would be on high alert for any externally exposed systems or personnel who may be targeted—and yet something has happened again,”.
1Password, BeyondTrust, and Cloudflare have all taken proactive measures to block intrusions before their customers were affected and highlighted their concerns to Okta weeks in advance of this attack.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #256 – 27th October 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.