Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
  • Services
    • Managed Services

      • Cloud Security
      • Email Security
      • Endpoint Security
      • Network Security
      • N-SOC

      Compliance

      • GRC
      • Readiness Assessments
      • Risk Management

      Complimentary Health Checks

      • Network Health Check
      • Resiliency Workshop
      • Security Health Check

      In-Depth Assessments

      • Application Dependency Mapping
      • CISO Assessment
      • Dark Data Assessment
      • Network Assessment
      • Penetration Testing

      Why Layered Defense is Critical

      Layered security is about protecting all vectors that have access into your network, and the network is no longer just inside your datacenter. It's wherever your endpoints, people, data, and assets reside.

      View the Video >>

  • Expertise
    • Security & Compliance

      • Layered Defense Strategy
      • Cyber Threats & Solutions

      Information Management

      • Data Resilience

      Cloud & Data Science

      • Digital Transformation

      Infrastructure

      • Scale and Efficiency

      Network

      • Network Resilience
      What does "good" cybersecurity look like?

      What does "Good" Cybersecurity look like?

      Discover key insights for robust cybersecurity, addressing critical gaps and navigating evolving threats.

      Read the Blog >>

  • Industries
  • Company
    • About Us

      • Leadership
      • News
      • In the Community
      • Careers
      • Contact Us

      Partners

      • Strategic Partners
      • Technology Partners
      • Partner Program
      securing data 40 years since 1984

      Leading the Way Through Change

      Explore over 40 years of industry leadership and lasting impact as we delve into the remarkable history of Data Endure. 

      Learn More >> 

  • Resources
    • Learn

      • Security Advisories
      • Blog
      • Case Studies
      • Podcast
      • Events
      • Videos
      • White Papers

      Connect

      • Contact Us
      • Newsletter Sign Up
      • Partner Program
      The AI Gold Rush: How to Build a Winning On-Prem Strategy

      Watch our Tech Talk Series

      Stay up to date on the latest in cybersecurity with our monthly Tech talk series.

      Watch the Series >>

Home > Security Advisories > Security Advisory for the week ending September 15, 2023

Security Advisory for the week ending September 15, 2023

September 22, 2023

• Mozilla Releases Security Updates for Multiple Products
• Palo Alto Networks Security Advisories – September 2023
• Microsoft Releases September 2023 Updates
• Apple Releases Security Updates for iOS and macOS
• NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats
• Cisco warns of VPN Zero-Day Exploited by Ransomware Gangs

Mozilla Releases Security Updates for Multiple Products

Situation:
Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, and Thunderbird

Problem:
A cyber threat actor can exploit this vulnerability to take control of an affected system

Implication:
Opening a malicious WebP image could lead to a heap buffer overflow in the content process, allowing data to overflow into adjacent memory locations.

Need:
We recommend updating Firefox, Firefox ESR, Thunderbird to the following versions where the vulnerability was fixed.

  • Firefox 117.0.1
  • Firefox ESR 102.15.1
  • Firefox ESR 115.2.1
  • Thunderbird 102.15.1
  • Thunderbird 115.2.2

Additional Resources:

Mozilla Releases Security Updates for Multiple Products:
https://www.cisa.gov/news-events/alerts/2023/09/13/mozilla-releases-security-updates-multiple-products

Mozilla Foundation Security Advisory 2023-40:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Palo Alto Networks Security Advisories – September 2023

Situation:
Palo Alto Networks has published two new Security Advisories and one Informational Bulletin on September 13, 2023

Problem:
Vulnerabilities have been discovered in PAN-OS BGP software, Cortex XDR Agent, as well as a combination of attacks targeting PAN-OS/Prisma Access with GlobalProtect.

Implication:
PAN-OS BGP software – BGP software such as FRRouting FRR included as part of the PAN-OS virtual routing feature enable a remote attacker to incorrectly reset network sessions though an invalid BGP update. This issue is applicable only to firewalls configured with virtual routers that have BGP enabled.

Cortex XDR Agent – A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

PAN-OS/Prisma Access with GlobalProtect –  a combination of attacks referred to as  “TunnelCrack” has been discovered. These attacks leak VPN client traffic outside of the protected VPN tunnel when clients connect to untrusted networks,

Need:
PAN-OS BGP software – Until the PAN-OS hotfix is released, You can prevent exploitation of this issue by inserting an unimpacted BGP router—configured to drop the invalid BGP update instead of propagating it—between the attacker-originated BGP update and the PAN-OS virtual router. This stops the invalid BGP update from reaching the PAN-OS virtual router.

Cortex XDR Agent – We recommend updating Cortex XDR Agents to  the following versions; Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.

PAN-OS/Prisma Access with GlobalProtect – LocalNet attacks are completely mitigated by enabling the “No direct access to local network” feature in the Split Tunnel tab on the firewall. ServerIP attacks are completely mitigated by navigating to Network > GlobalProtect > Portal > Agent > External Gateway and setting an IP address instead of an FQDN for the gateway configuration. Gateway certificates will need to be updated to include the IP address as a SAN or as a common name.

Additional Resources:

Palo Alto Networks Security Advisories:
https://security.paloaltonetworks.com/

CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software:
https://security.paloaltonetworks.com/CVE-2023-38802

CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent:
https://security.paloaltonetworks.com/CVE-2023-3280

PAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671, CVE-2023-36672, CVE-2023-35838, and CVE-2023-36673):
https://security.paloaltonetworks.com/PAN-SA-2023-0004

Microsoft Releases September 2023 Updates

Situation:
Microsoft has found a vulnerability in their software that could allow threat actors to take control over your computer.

Problem:
There are vulnerabilities in Microsoft software that could be exploited by cybercriminals.

Implication:
If these problems aren’t fixed with updates, hackers can gain control of your computer, potentially causing data loss or other security issues.

Need:
We recommend reviewing Microsoft Security Update Guide, apply the necessary updates and regularly make it a practice to check for and install software updates and security patches from Microsoft. This helps keep your system protected against potential threats.

Additional Resources:

September 2023 Security Update Guide
https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep

Microsoft Releases September 2023 Updates
https://www.cisa.gov/news-events/alerts/2023/09/12/microsoft-releases-september-2023-updates

Apple Releases Security Updates for iOS and macOS

Situation:
Apple has identified a security vulnerability CVE-2023-41064 in their products that could allow threat actors to take control of a device. To address this issue they have released updates for iOS, iPadOS, macOS Monterey, and macOS Big Sur. Users and administrators are encouraged to review these advisories and install the necessary updates to protect their devices from potential attacks.

Problem:
There is a security vulnerability present in multiple Apple products, including iOS, iPadOS, macOS Monterey, and macOS Big Sur. This vulnerability could potentially be exploited by a cyber threat actor, allowing them to gain control of affected devices. The issue is that this security flaw poses a risk to the security and privacy of users, and it needs to be addressed promptly by installing the provided updates to fix the vulnerability.

Implication:
If the security vulnerability is not addressed there could be several potential risks. One risk is a security breach hackers could exploit the vulnerability to gain unauthorized access to your device. This could lead to identity theft, surveillance, or unauthorized control of your device. This could also lead to data exposure meaning your personal and sensitive information could be compromised. Attackers can also use this vulnerability to inject malware and ransomware onto your device causing major financial loss, data loss, or disruption of normal device functionality.

Need:
We encourage users and administrators to review the following advisories and apply the necessary updates.

Additional Resources:

iOS 15.7.9 and iPadOS 15.7.9
https://support.apple.com/en-us/HT213913

macOS Monterey 12.6.9
https://support.apple.com/en-us/HT213914

macOS Big Sur 11.7.10
https://support.apple.com/en-us/HT213915

NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats

Situation:
NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats

Problem:
Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge for users of modern technology and communications

Implication:
Public concern around synthetic media includes disinformation operations, designed to influence the public and spread false information about political, social, military, or economic issues to cause confusion, unrest, and uncertainty. This also includes executive impersonation for brand manipulation, impersonation for financial gain and impersonation to gain access.

Need:
Select and implement technologies to detect deepfakes and demonstrate media provenance such as real-time verification capabilities and procedures. Also, protect public data of high-priority individuals. This would include the use of active authentication techniques such as watermarks and/or CAI standards.

Additional Resources:

NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats:
https://www.cisa.gov/news-events/alerts/2023/09/12/nsa-fbi-and-cisa-release-cybersecurity-information-sheet-deepfake-threats

Contextualizing Deepfake Threats to Organizations:
https://media.defense.gov/2023/Sep/12/2003298925/-1/-1/0/CSI-DEEPFAKE-THREATS.PDF

Cisco warns of VPN Zero-Day Exploited by Ransomware Gangs

Situation:
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. This allows attackers to use brute force techniques against existing accounts. By accessing those accounts, the attackers can establish a clientless SSL VPN session in the breached organization’s network, which can have varying repercussions depending on the victim’s network configuration.

Problem:
The problem is that some Cisco network devices have a vulnerability that allows hackers to use brute force techniques with no limitations, meaning the attacker can use countless username and password combinations without being rate-limited or blocked for abuse.

Implication:
If the problem isn’t addressed, the hackers can continue to exploit this vulnerability which could lead to; unauthorized access, data theft and ransomware attacks.

Need:
Cisco will release a security update to address CVE-2023-20269, but until fixes are made available, system administrators are recommended to take the following actions:

Use DAP (Dynamic Access Policies) to stop VPN tunnels with DefaultADMINGroup or DefaultL2LGroup.
Deny access with Default Group Policy by adjusting vpn-simultaneous-logins for DfltGrpPolicy to zero, and ensuring that all VPN session profiles point to a custom policy.
Implement LOCAL user database restrictions by locking specific users to a single profile with the ‘group-lock’ option, and prevent VPN setups by setting ‘vpn-simultaneous-logins’ to zero.
Cisco also recommends securing Default Remote Access VPN profiles by pointing all non-default profiles to a sinkhole AAA server (dummy LDAP server) and enabling logging to catch potential attack incidents early.

Finally, it is crucial to note that multi-factor authentication (MFA) mitigates the risk, as even successfully brute-forcing account credentials wouldn’t be enough to hijack MFA-secured accounts and use them to establish VPN connections.

Additional Resources:

Interim Security Bulletin
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs

Hacking campaign bruteforces Cisco VPNs to breach networks
https://www.bleepingcomputer.com/news/security/hacking-campaign-bruteforces-cisco-vpns-to-breach-networks/

CVE-2023-20269
https://nvd.nist.gov/vuln/detail/CVE-2023-20269

 

Share this...
Share on facebook
Facebook
Share on pinterest
Pinterest
Share on twitter
Twitter
Share on linkedin
Linkedin

Search

Blog Categories

  • Cloud & Data Science
  • Information Management
  • Infrastructure
  • Network
  • Podcasts
  • Security & Compliance
  • Security Advisories

Get started today!

We're here to help. Talk to us to learn more about how we can help your organization achieve digital resilience with solutions custom-built to meet the needs of your business.

SCHEDULE A MEETING

DataEndure
590 Laurelwood Drive
Santa Clara, CA 95054
800.969.4268

DataEndure © 2025. All Rights Reserved.  Privacy Policy

Follow Us

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
NEW BLOG:Ransomware Wants Your Recovery Too
+ +