Security Roundup September 2023

September 2023: MGM Resorts hit with ransomware, Windows 11 to support passkey authentication, Cisco buys Splunk, Juniper network devices are vulnerable to an unauthenticated RCE vulnerability, and more!

MGM Resorts Hit by Ransomware

Casino and hotel operator MGM Resorts, valued at $33bn, was rocked by a ransomware attack this month apparently linked to the ransomware group ALPHV, also known as Black Cat. According to vx-underground, the attacker was launched via a social engineering attack against the IT helpdesk. 

The attack impacted hotel and casino operations in Las Vegas, where the MGM Grand is one of the largest complexes and MGM sites across the United States. After ten days of disruption, the organisation stated on the 20th of September that normal operations had returned. The FBI is investigating the incident. 

Windows 11 to Support Passkeys

As part of a significant upcoming update, Microsoft will be rolling out support for passkeys in its Windows 11 operating system. The addition of passkeys will integrate with the Windows Hello service and will work in multiple browsers, including Edge, Chrome and Firefox. 

Passkeys are a new form of login mechanism, eliminating the need for passwords for online services and making it harder for attackers to steal credentials. A private and public key is set up when you set up a passkey. The public key is kept on the remote organisation’s servers, and the private key remains on your device. To access the system, you would use authentication mechanisms on your device, such as biometrics or a PIN code. 

Cisco Buys Splunk

Long-term partner of Protos, Cisco Systems, has acquired the observability and cyber security company Splunk for $28bn. Cisco has purchased several security companies in recent years, including OpenDNS (Cisco Umbrella), Duo Security, Cloudlock and Sourcefire and is now one of the world’s largest enterprise security companies.

Splunk is a versatile software platform for collecting, indexing and analysing data from various sources, offering features like real-time data visualisation, alerting and security monitoring. Industry opinions of the acquisition are mixed, with some voicing concerns that Cisco may stifle innovation at Splunk and others thinking this is an exciting addition to Cisco’s growing security portfolio.

In our experience, such acquisitions need time. Cisco’s purchase of OpenDNS has led to some fantastic innovations in the Cisco Umbrella and new SASE platforms. However, other acquisitions like Sourcefire have faced a more rocky road to success.

Juniper Networking Devices Vulnerable to Unauthenticated RCE Flaw

As reported by Bleeping Computer, thousands of Juniper EX and SRX networking devices could be vulnerable to an unauthenticated remote code execution flaw. The exploit chains together multiple vulnerabilities announced by Juniper in August. 

Security researcher Jacob Baines at VulnCheck announced they had created exploit code for the vulnerabilities and released a scanning tool for the flaw on GitHub. 

The vulnerability is tracked as CVE-2023-36845 and impacts the following versions of JunOS on EX switches and SRX firewalls:

• All versions before 20.4R3-S8
• 21.1 version 21.1R1 and later versions
• 21.2 versions before 21.2R3-S6
• 21.3 versions before 21.3R3-S5
• 21.4 versions before 21.4R3-S5
• 22.1 versions before 22.1R3-S3
• 22.2 versions before 22.2R3-S2
• 22.3 versions before 22.3R2-S2, 22.3R3
• 22.4 versions before 22.4R2-S1, 22.4R3

Juniper has released patches for the systems. 

Some of This Month’s Other Vulnerabilities:

Apple

Apple has announced emergency patches for three zero-day vulnerabilities impacting iPhone and iPad devices before iOS 16.7. The vulnerabilities, tracked as CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993, may have been exploited in the wild. The vulnerabilities have been patched in 17.0.1.

SAP

In its September security patch release, SAP has addressed a total of 13 vulnerabilities, encompassing concerns related to information disclosure, code injection, memory corruption, and more. These vulnerabilities exhibit varying severity levels, ranging from 2.7 (Low) to 10.0 (Critical).

Adobe PDF Creator

Adobe has issued a security update for Adobe Acrobat and Reader on Windows and macOS systems. This update is specifically designed to rectify a critical vulnerability, the exploitation of which could result in the execution of arbitrary code.

Furthermore, Adobe acknowledges that CVE-2023-26369 has already been exploited in real-world scenarios, albeit in isolated incidents targeting Adobe Acrobat and Reader.

See you all in October!