CyberSecurity.PH #002
Microsoft Exchange zero-days; Microsoft to enforce MFA policies; Top-ten CI/CD risks
Welcome to CyberSecurity | PH issue 002.
https://www.cybersecurity.ph/
Cybersecurity Reports
Atlassian Confluence; the vulnerability that keeps giving
Remember we mentioned CVE-2023-22518 last week and that Atlassian were reporting it was only a “data-destruction” issue? Turns out the crew at Atlassian underestimated the potential and it is now written up as a full CVSS-10 (these are rare) which makes it the second CVSS-10 for the same product in a week 🤯
CVE-2023-22518 is eye opening in several ways; it affects almost all versions of Confluence starting from v1.0; the vulnerability is dead simple and the exploit and leads to administrative access at the Confluence instance that frequently contains high-value organizational data; and Confluence servers are often placed in network-positions that provide network-paths to other high-value internal endpoints.
Microsoft Exchange zero-days allow RCE, data theft
Zero Day Initiative announced a full remote-code-execution (RCE) for Microsoft Exchange ZDI-23-1578 that requires MS exchange user-authentication but leads to SYSTEM level privileges on the MS Exchange server; Microsoft state the vulnerability was patched in August; did you patch yet? - Bleeping Computer
Veeam ONE platform; popped!
The irony when the disaster recovery software has a disaster; Veeam are reporting their Veeam ONE software has serious vulnerabilities with a CVSS score of 9.9 and 9.8 that enable an unauthenticated remote user to gain SQL database credentials that can then be leveraged to to remotely run-code from the database-server - CVE-2023-38547
Cybersecurity Threat Landscape
Microsoft to enforce MFA policies for Admins
Microsoft are due to enforce MFA policies for administrators of MS365, Exchange, Azure and Entra with the rollout of automatic Conditional Access policies; this is good deal and certainly about time; please make sure you have MFA on all your accounts!
Malicious Python packages
Software developers make for valuable malware/abuse targets because they frequently have keys, secrets and tokens that enable their function. Reports of juicy-sounding Python packages (install-bait?) that cause developers to become compromised are becoming more common - additional reporting.
DICT seeks additional cybersecurity funding
DICT is seeking ₱600 million cybersecurity funding for 2024 to train cybersecurity experts, upgrade equipment, and renew expiring security system subscriptions - CNN Philippines
Cybersecurity Engineering
A weekly highlight on tools and other resources (often open-source) that we use, find useful or is just plain interesting
- SQLMap - if you don’t know about sqlmap yet then it’s time to get busy and test your systems, applications and endpoints for well known SQL injection issues - https://github.com/sqlmapproject/sqlmap
- Top 10 CI/CD Security Risks - Adversaries of all levels of sophistication are shifting their attention to CI/CD, realizing CI/CD services provide an efficient path to reaching an organization’s crown jewels - https://github.com/cider-security-research/top-10-cicd-security-risks
- Bonus points - add SQLmap to your CI/CD pipeline and discover SQL injection issues before they appear in production!
Got news or something you’d like us to mention, feel free to get in contact - [email protected]