Tailored Security Solutions for Maritime Operations by Intrucept
Tailored Security Solutions from Maritime Operations by Intrucept
Continue ReadingMonth: November 2024
Security Update for NVIDIA Base Command & Bright Cluster Managers
NVIDIA has issued a security advisory addressing a critical vulnerability (CVE-2024-0138) discovered in its Base Command Manager software. This flaw, located within the CMDaemon component, poses significant risks, including the potential for remote code execution, denial of service, privilege escalation, information disclosure, and data tampering.
What does the Vulnerability mean
The source of the vulnerability was from insecure temporary file handling, which could lead to a denial of service (DoS) condition on affected systems.
NVIDIA has released patches to address the issue and prevent potential exploitation. This critical flaw can be exploited remotely without any prerequisites, such as user interaction or special privileges, making it highly dangerous.
| Vulnerability Name | CVE ID | Product Affected | Impact | Fixed Version |
| Insecure Temporary File Vulnerability | CVE-2024-0139 | NVIDIA Base Command Manager, Bright Cluster Manager | Medium | Base Command Manager: 10.24.09a; Bright Cluster Manager: 9.0-22, 9.1-19, 9.2-17 |
Technical Summary
NVIDIA confirmed earlier versions, including 10.24.07 and earlier, are not impacted by this vulnerability.
To mitigate the issue, NVIDIA recommends updating the CMDaemon component on all head nodes and software images.
Remediation:
1. Base Command Manager
- Update to version 10.24.09a to address the vulnerability.
2. Bright Cluster Manager
- Depending on your version, update to one of the following:
- 9.0-22
- 9.1-19
- 9.2-17
3. CMdaemon Update
- Ensure the most recent version of CMdaemon is installed on the head nodes and in all software images.
4. Node Update .
After applying the update, systems should be rebooted or resynchronized with the updated software image to ensure the fix is fully implemented. These measures are essential to eliminate the root cause that created vulnerability and protect systems from potential exploitation.
References:
- For additional details on the vulnerability and patch instructions, visit NVIDIA’s security bulletin.
| CVE ID | System Affected | Platform | Vulnerability Details | Impact |
| CVE-2024-0139 | NVIDIA Base Command Manager (Versions 3, 10) NVIDIA Bright Cluster Manager (Versions 9.0-9.2) | Linux | The vulnerability stems from insecure handling of temporary files in both Base Command Manager and Bright Cluster Manager. Exploiting this flaw could disrupt system availability, potentially causing a denial of service. | Potential denial of service on affected systems. |
Re-release of November 2024 Exchange Server Security Updates
Microsoft users had a tough time to send or load attachments to emails when using Outlook, were unable to connect to the server, and in some cases could not log into their accounts.
Microsoft Exchange Online is a platform for business communication that has a mail server and cloud apps for email, contacts, and calendars.
Microsoft mitigated the issue after identification were able to determine the cause of the outages and is rolling out a fix for the issue. That rollout is gradual, however, as outage reports continue to come in at DownDetector.
Impact
The outage left many users unable to communicate with colleagues, particularly as it coincided with the start of the workday in Europe. Frustration quickly spread across social media, with users reporting issues accessing emails and participating in Teams calls
Re-release of November 2024 Exchange Server Security Updates
Summary
| OEM | Microsoft |
| Severity | High |
| Date of Announcement | 27/11/2024 |
| Product | Microsoft Exchange Server |
| CVE ID | CVE-2024-49040 |
| CVSS Score | 7.5 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
On November 27, 2024, Microsoft re-released the November 2024 Security Updates (SUs) for Exchange Server to resolve an issue introduced in the initial release on November 12, 2024. The original update (SUv1) caused Exchange Server transport rules to intermittently stop functioning, particularly in environments using transport or Data Loss Protection (DLP) rules. The updated version (SUv2) addresses this issue.
Table of Actions for Admins:
| Scenario | Action Required |
| SUv1 installed manually, and transport/DLP rules are not used | Install SUv2 to regain control over the X-MS-Exchange-P2FromRegexMatch header. |
| SUv1 installed via Windows/Microsoft Update, no transport/DLP rules used | No immediate action needed; SUv2 will be installed automatically in December 2024. |
| SUv1 installed and then uninstalled due to transport rule issues | Install SUv2 immediately. |
| SUv1 never installed | Install SUv2 immediately. |
Remediation Steps
1. Immediate Actions
- Use the Health Checker script to inventory your Exchange Servers and assess update needs.
- Install the latest Cumulative Update (CU) followed by the November 2024 SUv2.
2. Monitor System Performance
- After enabling AMSI integration for message bodies, monitor for any performance issues such as delays in mail flow or server responsiveness.
3. Run SetupAssist Script for Issues
- Use the SetupAssist script to troubleshoot issues with failed installations or update issues, and check logs for specific error details.
References:
Analysis of WezRat Malware; Check point Findings
New CheckPoint research discovered a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands.
Continue Reading
Future of Maritime Innovation at
METS Trade 2024; Intrucept
Maritime industry worldwide is witnessing massive changes in terms of continuous innovation and managing cyber risk on top priority list. In doing so enabling innovation becomes easier along with exploring various options that approaches and addresses cyber security in the maritime sector.
Now maritime professionals are ready to explore the latest industry trends and adopt solutions that dig deeper into maritime organizations’ challenges and priorities related to cyber security.
Intrucept Participates at the METS Trade 2024
Intrucept, a leader in cybersecurity solutions is excited to announce participation at the prestigious METS Trade 2024 in Amsterdam, Date Nov 19-21(2024).
This marks a significant step forward in transforming the maritime industry by combining the power of cutting-edge cybersecurity solutions.
About Intrucept: Ensuring Maritime Security in a Digital Age
As digital threats evolve, Intrucept is at the forefront of cyber security, providing comprehensive protection for maritime operations. From vessel systems to operational networks, we ensure that your fleet stays secure, resilient, and ready for the challenges of tomorrow.
Our solutions are designed to protect against cyberattacks, safeguard sensitive data, and maintain the integrity of vessel operations, all while enhancing overall business efficiency.
Why We’re Joining Forces at METS Trade 2024
At METS Trade 2024, we’ll be showcasing our unique partnership and how combining advanced cybersecurity with innovative engineering can provide unparalleled protection and efficiency for the maritime industry. Together, we are shaping the future of shipping — where digital security and operational excellence go hand in hand.
What You Can Expect from Our Joint Presence at METS 2024
Innovative cybersecurity solutions for shipping operations: Protect your vessels, data, and systems from the growing cyber threat landscape.
State-of-the-art shipping engineering technologies: Learn how we can optimize vessel performance, enhance fuel efficiency, and ensure compliance with global maritime standards.
Collaborative insights: Our team will be on hand to discuss how we can work together to make your operations safer, smarter, and more sustainable.
We invite you to visit our booth at METS Trade 2024 to explore how our solutions can help future-proof your business, improve operational resilience, and safeguard your digital infrastructure.
Details:
Event: METS Trade 2024
Dates: November 19-21, 2024
Location: Amsterdam RAI, Amsterdam, Netherlands
We look forward to meeting you and discussing how we can drive innovation, security, and efficiency in your maritime operations.
November 2024 Microsoft Patches: Addressing Zero-Day Exploits and High-Priority Vulnerabilities
Summary
OEM | Microsoft |
Severity | High |
Date of Announcement | 2024-11-13 |
NO. of Vulnerabilities Patched | 89 |
Actively Exploited | 02 |
Exploited in Wild | Yes |
Advisory Version | 1.0 |
Overview
Microsoft’s November 2024 Patch Tuesday release addresses 89 security vulnerabilities across various products, including critical updates for Windows, Microsoft Edge, SQL Server, and more. Four zero-day vulnerabilities are part of this release, with two actively exploited in the wild. The patch targets a range of critical issues across Microsoft products, categorized as follows:
- 51 Remote Code Execution (RCE) Vulnerabilities
- 28 Elevation of Privilege (EoP) Vulnerabilities
- 4 Denial of Service (DoS) Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 3 Spoofing Vulnerabilities
- 1 Information Disclosure Vulnerabilities
The highlighted vulnerabilities include four zero-day flaws, two of which are currently being actively exploited.
Vulnerability Name | CVE ID | Product Affected | Impact | CVSS Score |
Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected) | CVE-2024-43572 | Windows Servers and Windows 10&11 | High | 7.8 |
Winlogon Elevation of Privilege Vulnerability | CVE-2024-43583 | Windows systems using Winlogon | High | 7.8 |
Windows Hyper-V Security Feature Bypass Vulnerability | CVE-2024-20659 | Windows Hyper-V | High | 7.1 |
Windows MSHTML Platform Spoofing Vulnerability | CVE-2024-43573 | Windows Servers and Windows 10&11 | Medium | 6.5 |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-49039 | Windows Servers and Windows 10&11 | This zero-day allows attackers to escalate privileges within Windows environments. Exploited actively, it is particularly concerning for its ability to grant attackers elevated access. | Elevation of privilege potentially leading to full system control. |
CVE-2024-49019 | Windows Servers | A flaw in Active Directory Certificate Services allows attackers to gain domain administrator privileges by exploiting misconfigured version 1 certificate templates with overly broad enrollment permissions. This can be triggered by an attacker crafting a certificate request that bypasses security controls. | Elevate privileges to domain administrator, compromising the entire Active Directory environment and enabling full network control. |
CVE-2024-49040 | Microsoft Exchange Server 2016 and 2019 | A vulnerability in Microsoft Exchange Server allows attackers to spoof the sender’s email address in emails to local recipients by exploiting improper verification of the P2 FROM header. This flaw can be used to launch email-based phishing and social engineering attacks. | Attackers can impersonate trusted senders, deceiving recipients into trusting malicious emails, potentially leading to data compromise or malware infections. |
CVE-2024-43451 | Windows Servers and Windows 10&11 | A zero-day that exposes NTLMv2 hashes, enabling “pass-the-hash” attacks for unauthorized network access. This is the third NTLM-related zero-day discovered in 2024. | High risk in network environments; attackers may impersonate users and compromise critical systems. |
Additional Critical Patches Address High-Severity Vulnerabilities
- Azure CycleCloud: Remote Code Execution Vulnerability (CVE-2024-43602).
- .NET and Visual Studio: Remote Code Execution vulnerability (CVE-2024-43498).
- Microsoft Windows VMSwitch: Elevation of Privilege vulnerability (CVE-2024-43625).
- Windows Kerberos: Remote Code Execution vulnerability (CVE-2024-43639).
- SQL Server: Multiple updates targeting memory vulnerabilities, each with a CVSS score of 8.8, affecting database security.
Remediation
- Implement a routine patch management process to regularly check for and apply the latest Microsoft security updates and patches for all affected products.
- Regularly audit Active Directory and Exchange Server configurations to close potential security gaps.
- Awareness of download files from the internet & regularly review and monitor your security setup, staying updated on new advisories to secure against emerging threats and vulnerabilities.
- Create and test an incident response plan with defined communication channels and responsibilities to ensure readiness for any security breaches.
Palo Alto Account Takeover Vulnerability Actively Exploited
Summary
OEM | Palo Alto |
Severity | Critical |
Date of Announcement | 2024-07-10 |
CVSS Score | 9.3 |
CVE | CVE-2024-5910 |
CWE | CWE-306 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
CISA has included the Palo Alto Networks Expedition tool Missing Authentication Vulnerability in its catalog of actively exploited vulnerabilities. Palo Alto’s Expedition is a migration tool designed to simplify the process of transferring configurations from other vendors to Palo Alto Networks. The issue is tracked under CVE-2024-5910. The vulnerability, which involves missing authentication for a critical function in Expedition, could allow attackers with network access to take over an admin account. This poses a risk to imported configuration secrets, credentials, and other sensitive data within Expedition.
Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
Palo Alto Networks Expedition Missing Authentication Vulnerability | CVE-2024-5910 | Expedition | Critical | Expedition 1.2.92 and all later versions |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-5910 | Expedition from 1.2 before 1.2.92 | The vulnerability, caused by missing authentication for an important function in Expedition, could allow attackers with network access to take over an admin account. | Account Takeover |
Recommendations
- Update Expedition to 1.2.92 and the latest versions to mitigate the issue.
General Recommendations
- Restrict Network Access: Limit network access to Expedition to only trusted and authorized users, hosts, and networks.
- Enable Strong Authentication: Implement strong authentication for all critical functions in Expedition, including multi-factor authentication (MFA) where possible.
- Monitor Access Logs: Regularly monitor and review access logs to detect any unusual or unauthorized access attempts.
- Stay Updated: Stay informed about the latest cybersecurity news and updates to keep track of emerging threats and vulnerabilities.