This Month in Cybersecurity - September Edition

Apple and Others Push Patch for New Vulnerabilities

On September 7th, a “zero-click” exploitation (meaning an exploit that does not rely on being opened or clicked on by the target) was found within the latest version of iOS and iPadOS. This exploit was used to install spyware on the devices made by the Israeli cyber surveillance company known as NSO Group. Apple quickly addressed this with their newer Rapid Security Response program and pushed an update to both operating systems.

Microsoft also struggled with another new bug within Microsoft Word that would allow threat agents to impersonate users and gain access to sensitive data and systems. Another flaw was found within the Microsoft Streaming Service Proxy, which is something built directly into the Windows 10, 11 and Server operating systems. Both of these vulnerabilities have been patched, and Microsoft urges users to make sure that they are on the latest security update for their OS.

Not to be left out from the big 3, Google also found an issue within Chrome that they say is being exploited. Google has told users to restart Chrome so that the update that was pushed to all users can close the exploit.


Fortinet Patches High-Severity Vulnerability

Fortinet has been dealing with a high severity vulnerability that they are explaining can be used to trigger the execution of malicious JavaScript code, allowing the threat agent to access sensitive data within the website. The biggest concern over something like this is the loss of personal data or even payment data that can be stored within the website.

Another high severity issue was also found within their web application firewall and API protection solution. Fortinet has pushed updates to address both of these vulnerabilities, but has not stated whether they observed either of these exploits being used in attacks.


Microsoft Leaks Large Amounts of Private Data

After three years, it has been discovered that the Microsoft AI Research division has leaked over 38TB of personal data from its employees. The leak was caused by the team using a Shared Access Signature (SAS) that was excessively permissive. SAS tokens can be used to grant access to resources within an organization’s storage, but have been shown to be unsafe due to a lack of monitoring and governance and the ability that they can allow access indefinitely.

The information that was leaked seems to be internal backups of personal information, archived Teams messages, and other information regarding Microsoft services. Microsoft has assured that no customer information was leaked in the incident and that the SAS tokens have been revoked, so that the access is no longer available.

 

Defensible Strategies

Learn from those who have been attacked

Clorox Battling Product Shortage, Cyber Breach to be Blamed

Clorox had announced in mid-August that they had identified unauthorized activity on their IT systems. Without disclosing the nature of the attack, Clorox moved to proactively shut down some of their systems, which led to a disruption of production for the company. They utilized the time the systems were offline to implement additional protections to secure them, but they also placed several workarounds for offline operations.

The attack disrupted major operations, but Clorox is beginning to bring those systems back online and is ramping up production to get back on track. Clorox worked with law enforcement and third-party cybersecurity experts to determine the scope of the incident, but they are expecting it to have a significant impact on earnings and financial results.


Canadian Government the Target of Pro Russian Group

The Canadian Centre for Cyber Security has released statements stating that they have been receiving DDoS (distributed denial-of-service) attacks from a pro-Russian threat agent. DDoS attacks are generally malicious attempts to disrupt traffic to servers or networks by overwhelming them with a flood of traffic (think of a highway being clogged up by too many vehicles).

The attacks have been primarily in support of Russia’s invasion of Ukraine and are more a nuisance rather than a security risk, but is something that the Canadian agency is warning about. The focus of the attacks have been within Canada’s transportation and financial sectors, but have also targeted other levels within the government.