TOP-3 cybersecurity events of the week according to Jet CSIRT

Today is Friday, which means that Jet CSIRT specialists have again collected key information security news for you. The selection includes a vulnerability in MS Exchange that deprived Holland of cheese, and fresh updates from Microsoft. Also in the TOP-3 was the news about gaps in the TCP / IP stacks. The news was chosen by Igor Fitz, analyst of the Center for Monitoring and Response to Incidents of Information Security Jet CSIRT, Jet Infosystems.
Read more under the cut.

Vulnerabilities found in TCP / IP stacks

Forescout Research Labs partnered with JSOF Research to find nine vulnerabilities that affect four popular TCP / IP stack implementations (FreeBSD, Nucleus NET, IPnet, and NetX). Flaws in TCP / IP are related to how DNS traffic is handled and can cause Denial of Service (DoS) or Remote Code Execution (RCE). It is estimated that the vulnerabilities could affect the operation of at least 100 million devices. At the time of publication of the study, FreeBSD, Nucleus NET and NetX have already released updates.

Dutch supermarkets run out of cheese after ransomware attack

Bakker Logistiek, a food logistics company, has been attacked by ransomware. This caused a shortage of cheese in Dutch supermarkets. It is not yet known who exactly initiated the attack. However, there is speculation that attackers gained access to the company’s systems through a vulnerability in Microsoft Exchange.
Bakker Logistiek intends to restore access to the damaged systems with the help of backups. And Microsoft released updates this week to address new vulnerabilities in Exchange. Despite the fact that the exploit is not public, it is not worth delaying the installation of updates. Read more about recent Microsoft updates in the next news item.

Microsoft has released a number of security updates covering critical vulnerabilities

MS Exchange fixes critical remote code execution vulnerabilities discovered by NSA in Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019. In total, Microsoft has fixed 108 vulnerabilities, including five – zero days.
One of the holes was discovered by Kaspersky Lab specialists and was actively used in real attacks.

Similar Posts

Leave a Reply