by jdpoteet | Oct 1, 2024 | News
Secure Our World — Overview
October marks Cybersecurity Awareness Month, a global effort to raise awareness about online safety and equip individuals and businesses with tools to safeguard their data from cyber threats. Even amidst large-scale data breaches and cyberattacks, this Cyber month reminds everyone that there are straightforward and effective measures you can take daily to fortify online security, protect personal information, and contribute to a safer digital environment.
Blackswan Cybersecurity is proud to work with the Cybersecurity and Infrastructure Security Agency (CISA) to support this online safety and education initiative this October.
This year’s theme, Secure Our World, encourages daily actions that can help protect individuals, families, and organizations from cyber risks.
The Secure Our World campaign highlights four essential practices for staying safe online:
1. Use strong passwords and a password manager
2. Enable multifactor authentication
3. Identify and report phishing attempts
4. Keep software up to date
Cybersecurity Awareness Month is led by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. For more information about ways to keep you and your family safe online visit https://www.cisa.gov/cybersecurity-awareness-month and https://staysafeonline.org/cybersecurity-awareness-month/.
DOWNLOAD CISA FLYER PDF
by jdpoteet | Sep 30, 2024 | Threat Advisories
DOWNLOAD PDF
SUMMARY
Hewlett Packard Enterprise’s (HPE) Aruba Networking recently patched three critical vulnerabilities in its Aruba Access Points’ Command Line Interface (CLI) for those running AOS-8 and AOS-10, which could allow unauthenticated remote code execution (RCE).
RISK SCORE
CVE-ID CVSSv3 Score
CVE-2024-42505 9.8
CVE-2024-42506 9.8
CVE-2024-42507 9.8
VULNERABILITY DETAILS
HPE Aruba Networking fixed three critical vulnerabilities in the CLI service of its Aruba Access Points, potentially allowing remote code execution (RCE) by unauthenticated attackers. The vulnerabilities exploit the PAPI UDP port (8211) to gain privileged access and execute arbitrary code on vulnerable devices.
AFFECTED PRODUCTS
- AOS-10.6.x.x: 10.6.0.2 and below
- AOS-10.4.x.x: 10.4.1.3 and below
- Instant AOS-8.12.x.x: 8.12.0.1 and below
- Instant AOS-8.10.x.x: 8.10.0.13 and below
The following software versions that are End of Support Life (EoSL) are affected by these vulnerabilities and were not addressed by HPE:
- AOS-10.5.x.x: all
- AOS-10.3.x.x: all
- Instant AOS-8.11.x.x: all
- Instant AOS-8.9.x.x: all
- Instant AOS-8.8.x.x: all
- Instant AOS-8.7.x.x: all
- Instant AOS-8.6.x.x: all
- Instant AOS-8.5.x.x: all
- Instant AOS-8.4.x.x: all
- Instant AOS-6.5.x.x: all
- Instant AOS-6.4.x.x: all
SOLUTION
- AOS-10.7.x.x: 10.7.0.0 and above
- AOS-10.6.x.x: 10.6.0.3 and above
- AOS-10.4.x.x: 10.4.1.4 and above
- Instant AOS-8.12.x.x: 8.12.0.2 and above
- Instant AOS-8.10.x.x: 8.10.0.14 and above
- Customers running End of Support Life (EoSL) software to upgrade to a supported version as soon as possible.
RECOMMENDATIONS
- Apply the latest security updates for affected Aruba Access Points from the HPE Networking Support Portal.
- All devices running End of Support Life (EoSL) software must upgrade to a supported version as soon as possible.
- For Instant AOS-8.x devices, enable “cluster-security” as a temporary workaround.
- Block access to the PAPI UDP port (8211) from untrusted networks for AOS-10 devices.
REFERENCES
by jdpoteet | Sep 30, 2024 | Videos/Podcasts
Dr. Mike Saylor, CEO of Blackswan Cybersecurity and a cybersecurity professor at UT San Antonio, shares his cybersecurity startup experiences with This Dot Media — from launching his first computer business to running a thriving cybersecurity firm. He talks about entrepreneurship, the hurdles involved in building and expanding a business, and the critical role of cultivating strong partnerships. Alongside Rob Ocel, Dr. Saylor discusses effective strategies for managing client relationships, navigating partner models, and balancing direct sales with collaborative partnerships.
by jdpoteet | Sep 27, 2024 | Videos/Podcasts
On this episode of The Backup Wrap-up, join cybersecurity expert Dr. Mike Saylor, CEO of @BlackswanCybersecurity and Professor at UTSA, as he shares insights on ransomware detection. Learn to spot early warning signs, explore cutting-edge detection tools, and grasp the critical importance of swift response. A must-watch for IT professionals and anyone focused on protecting their data. Stay one step ahead of cyber threats – watch today!
by jdpoteet | Sep 23, 2024 | Threat Advisories
DOWNLOAD PDF
Summary
Broadcom released a critical security update for VMware vCenter Server to address a high-severity vulnerability that could allow remote code execution (RECE). In addition to this CVE-2024-38812, another vulnerability that allows privilege escalation (CVE-2024-38813) has been patched. vCenter Server installations must be updated to the latest versions immediately.
Risk Score
CVE-ID CVSSv3 Score
CVE-2024-38812 9.8
CVE-2024-38813 7.3
Vulnerability Details
Broadcom issued a security patch for VMware vCenter Server to mitigate the critical vulnerability CVE-2024-38812. This heap-overflow vulnerability in the DCE/RPC protocol potentially allows a malicious actor to exploit this flaw in low-complexity attacks that don’t require user interaction by sending specially crafted network packets, leading to remote code execution.
Broadcom also provided a patch for a privilege escalation vulnerability (CVE-2024-38813) with a CVSS score of 7.5, which could allow an attacker to escalate privileges to root. This flaw, along with CVE-2024-38812, was discovered by security researchers from Team TZL during the Matrix Cup cybersecurity competition in June 2024.
Affected Products
- vCenter Server versions 7.0 and 8.0
- VMware Cloud Foundation versions 4.x and 5.x
Solution
- vCenter Server 8.0: Fixed in version 8.0 U3b
- vCenter Server 7.0: Fixed in version 7.0 U3s
- VMware Cloud Foundation 5.x: Fixed in 8.0 U3b as an asynchronous patch
- VMware Cloud Foundation 4.x: Fixed in 7.0 U3s as an asynchronous patch
Recommendations
- Update vCenter Server and VMware Cloud Foundation to the latest versions as specified above.
- Regularly monitor systems for potential exploits and ensure that only trusted network connections are allowed to access vCenter services.
- Strictly control network perimeter access to vSphere management components and interfaces, including storage and network components
References
