At Camel Secure we want you to be informed. That is why we present you this summary with the most important news in cybersecurity of the week
MICROSOFT RELEASES FOUR NEW CRITICAL PATCHES FOR EXCHANGE SERVER
Last Tuesday, Microsoft released more than a hundred security patches on its traditional Patch Tuesday, including four new critical Exchange Server bugs, (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482 and CVE-2021-28483) which were reported by the NSA (United States National Security Agency).
The bugs reported by the NSA were in versions of 2013, 2016 and 2019. According to Microsoft, if exploited, the vulnerabilities could allow an attacker to remotely execute code. The vulnerabilities affect organizations that run Exchange on their own digital facilities, as opposed to those who use cloud services.
NSA Director Rob Joyce noted that "given the recent adversarial focus on Exchange, we encourage customers to install updates as soon as possible to ensure they remain protected from these and other threats." "Customers using Exchange Online are already protected and do not need to take any action," said the manager.
100 MILLION POTENTIALLY VULNERABLE DEVICES DUE TO DNS FAILURES
Researchers from Forescout and JSOF indicated that more than 100 million Internet-connected devices are vulnerable to a class of flaws called “NAME: WRECK” in TCP / IP stacks.
Among the devices that may be affected are Smartphones, aircraft navigation systems, as well as IoT end-points, all of which can be affected by Denial of Service (DoS) or Remote Code Execution (RCE) attacks.
The researchers highlight vulnerabilities divided into nine within the implementation of the Domain Name Systems (DNS) protocol used by TCP / IP network communication stacks. Both technologies are used together to uniquely identify Internet-connected devices and facilitate digital communications between them.
The specialists noted that "widespread deployment and often external exposure of vulnerable DNS clients leads to a dramatically increased attack surface."
Based on the information provided, the following are the vulnerability CVE tracking numbers and the type of TCP / IP stacks affected:
- CVE-2020-7461: A message compression bug that affects devices running FreeBSD and can lead to RCE (CVSS severity 7.7);
- CVE-2016-20009: a message compression bug that affects devices running IPnet and can cause RCE (CVSS severity 9.8);
- CVE-2020-15795: A domain name tag parsing bug that affects devices running Nucleus NET and can lead to RCE (CVSS 8.1 severity);
- CVE-2020-27009: a message compression bug that affects devices running Nucleus NET and can cause RCE (CVSS 8.1 severity);
- CVE-2020-27736: A VDomain name tag parsing bug that affects devices running Nucleus NET and can cause DoS (CVSS 6.5 severity);
- CVE-2020-27737: A VDomain name tag parsing bug that affects devices running Nucleus NET and can cause DoS (CVSS 6.5 severity);
- CVE-2020-27738 - a message compression bug that affects devices running Nucleus NET and can cause DoS (CVSS 6.5 severity);
- CVE-2021-25677 - a transaction ID bug that affects devices running Nucleus NET and can lead to DNS cache poisoning attacks (CVSS 5.3 severity);
- And an unassigned CVE - A message compression error that affects devices running NetX and can lead to DNS cache poisoning attacks (CVSS 6.5 severity).
IRAN ACCUSES ISRAEL FOR CYBER SABOTAGE AT NUCLEAR PLANT
Last Sunday the Natanz nuclear facility suffered a cyber attack that caused a power outage. Iran's media was quick to accuse Mossad of the incident.
Iran's Foreign Minister Mohammad Javad Zarif indicated that the act is a revenge against the Iranian people for their success in lifting the sanctions imposed by the United States and that it was recently agreed to at the nuclear talks in Vienna.
The Iranian authority indicated that the damaged centrifuges in Natanz were first generation and will be replaced by more advanced devices.
Other representatives of that country described the incident as an act of nuclear terrorism.
On Monday, Israel Prime Minister Benjamin Netanyahu declared that he will not allow Iran to develop its nuclear capacity.
For its part, a spokesman for the White House in the United States indicated that the North American nation was not involved in the cyber attack against the Natanz nuclear plant.
