Urgent Fortinet vuln, Windows update failure, CISO scapegoat danger
Fortinet warns administrators to correct critical auth bypass errors immediately
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions that address a critical severity issue. The vulnerability (tracked as CVE-2022-40684) is an authentication bypass on the administrative interface that could allow external threat actors to log into unauthenticated devices. “This is a critical vulnerability and should be addressed with the utmost urgency,” the company added. According to a Shodan search, more than 100,000 FortiGate firewalls are accessible from the Internet, although it is unknown if their management interfaces are also exposed.
Windows 11 22H2 error breaks provisioning
Microsoft says the Windows 11 2022 update breaks provisioning, leaving Windows 11 enterprise endpoints partially configured and unable to complete installation. According to Microsoft, this known issue most likely affects provisioning packages (.PPKG files used to configure new endpoints on non-imaging corporate or school networks) during the initial setup phase. “Windows may only be partially configured and the Out Of Box Experience may fail to complete or restart unexpectedly.” Microsoft added that this issue would not affect IT administrators who provision Windows devices on their network. The list of unaffected devices also includes Windows systems used in home or small office networks.
Security chiefs fear ‘CISO scapegoating’ after Uber-Sullivan ruling
CISOs are divided over whether Wednesday’s conviction of Uber’s former security chief Joe Sullivan will have more far-reaching consequences for people in their positions. According to The Record, some fear the case will lead to more CISO whistleblowers in the future, while others believe security chiefs should be prepared to be held accountable for incidents they are involved in. A federal jury convicted Sullivan of two charges related to his case. attempted to cover up a 2016 security incident at Uber, in which hackers stole the personal information of 57 million customers and the personal information of 600,000 Uber drivers.
Lloyd’s of London is investigating alleged cyber attack
After detecting unusual network activity this week, Lloyd’s has reset its IT infrastructure and closed external connections. The incident comes after the entire insurance industry was alerted to potential cyber attacks as a result of the ongoing conflict between Russia and Ukraine. Insurance companies have condemned Russia’s invasion of Ukraine and backed sanctions against Moscow, including a ban on insuring ships carrying Russian oil. In August, Lloyd’s of London told its insurance syndicates that it will not cover losses caused by cyber attacks by nation-state actors and as a result of malicious activities related to the ongoing conflict.
Thanks to this week’s episode sponsor, Noname Security
Facebook detects 400 Android and iOS apps that steal users’ login information
Meta Platforms revealed on Friday that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the aim of stealing their Facebook login information. “These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other tools to trick people into downloading them.” Besides disguising its malicious nature as a set of seemingly harmless apps, the operators of the scheme also published fake reviews designed to offset the negative reviews from users who may have downloaded the apps in the past.
(The Hacker News)
Papa John is being sued for “eavesdropping” espionage on websites with mouse clicks, keystrokes
The pizza chain is being sued for allegedly violating the US Wiretap Act by snooping on the way a customer browses Papa John’s website. The suit alleges the use of session replay software that records everything a user does on the site, beyond retrieving pages and placing an order. Session replay tools have been a privacy concern due to their arbitrary capture of data, sometimes poor security, and failure to obtain user consent to track and store user data that is then open to analysis.
The world’s largest crypto exchange hacked with possible losses of $500 million
Binance, the world’s largest cryptocurrency exchange, may have lost half a billion dollars after a network hack. The company temporarily suspended transactions and the transfer of funds after discovering an exploit between two blockchains, a method of digital theft that has recently been used in at least one other major hack. According to Binance CEO Changpeng Zhao speaking via a tweet, “The problem is contained now. Your money is safe. We apologize for the inconvenience and will provide further updates accordingly.”
Last week in ransomware
Last week, a Netwalker ransomware affiliate, Sebastien Vachon-Desjardins, was sentenced to 20 years in prison plus forfeiture of $21.5 million for an attack on a Tampa business and other companies worldwide. We also had reports released last week linking the Cheerscrypt ransomware to a Chinese hacker group and showing how the BlackByte ransomware operation uses “Bring Your Own Vulnerable Driver” (BYOVD) attacks to kill security software. Motherboard also released a report based on FOIA requests, showing how US schools have responded to ransomware attacks on their networks. Eventually, Vice Society began leaking data belonging to students, parents and staff in the Los Angeles Unified school district, and Ferrari denies that RansomEXX attacked them.