Cyber Security Today, Oct. 18, 2023 — Plug this Cisco vulnerability now

Plug this Cisco vulnerability now.

Welcome to Cyber Security Today. It’s Wednesday, October 18th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Network administrators with equipment running Cisco Systems’ IOS XE operating system are urged to take mitigation action fast. Since September attackers have been exploiting a previously unknown critical vulnerability in the web user interface of the software. If devices are exposed to the internet or untrusted networks an attacker could exploit the hole to take control of the router. Both physical and virtual devices with the software that have the HTTP or HTTPS server feature enabled are affected. The solution for the time being is to disable the HTTP feature on all internet-facing systems.

Critical infrastructure companies with internet-connected industrial control, SCADA or OT systems now have extra help in identifying cyber threats. The U.S. National Security Agency has created a GitHub repository of signatures and analytics called Elitewolf for those firms. The goal is to help companies implement continuous OT system monitoring. The files provided aren’t necessarily malicious. They require analysis to determine if the activity is bad on a particular system.

Earlier this month listeners were warned to patch Atlassian Confluence servers to close a zero-day vulnerability. Some haven’t got the message because this week American cyber authorities had to issue an advisory repeating the warning. Atlassian has rated this vulnerability as critical. There are interim mitigations, but administrators are strongly advised to upgrade to a fixed version of Confluence or take servers offline to apply updates.

WordPress administrators who allow the use of the Royal Elementor Addons and Templates plugin should update to the latest version as soon as possible. A vulnerability isn’t properly validating uploaded files. That allows hackers to bypass the check and insert malicious files into the plugin. Version 1.3.79 fixes the issue.

Here’s the latest twist in the Ukraine-Russia cyber war: An advanced threat actor is trying to use the Discord messaging system as a way to infiltrate organizations. As a popular communications platform, crooks have been using Discord for years to plant common information stealers and remote access trojans that victims will hopefully download. But researchers at Trellix and Threatray recently found a more cutting-edge threat actor using Discord to compromise the computers of users. This unknown person uploaded a file looking for donations to help Ukrainian soldiers. An employee at a Ukrainian critical infrastructure provider fell for the scam and downloaded a malicious file, which is how the researchers found it. Employees need to be warned of the dangers of downloading anything from Discord with company-owned computers or smartphones, or using a personal device that connects to the organization.

Finally, the Open Compute Project has announced a new program to improve the trustworthiness of devices bought for IT infrastructure. Called the Security Appraisal Framework and Enablement — or S.A.F.E. — it will create a security checklist for hardware and firmware aimed at data centres. Approved auditors will certify products have met the checklist. The goal is to reduce the redundancy of device security audits. Among the participants in the program are CPU manufacturers Intel and AMD.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.