Janus Associates Blog - Bringing You Cybersecutity Industrty News and Threat Reports

Cyber Threat Report: Cyber Security News for 02/02/23

Written by Lyle A. Liberman | Feb 2, 2023 9:26:13 PM

Firmware Flaws Could Spell 'Lights Out' for Servers
Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access. Read More

Misconfiguration and Vulnerabilities Biggest Risks in Cloud Security: Report
About 87% of container images include a high or critical vulnerability, while 90% of granted permissions are not used. Read More

Critical RCE Lexmark Printer Bug Has Public Exploit
A critical security vulnerability allowing remote code execution (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week. Read More

CISA Issues Baseline Cybersecurity Recommendations for K-12 Schools
Insufficient funding and IT staffing levels make many CISA recommendations difficult for K-12 schools to achieve. Read More

HHS, AHA Warn of Surge in Russian DDoS Attacks on Hospitals
U.S. government and industry authorities are warning the healthcare sector of a surge in distributed denial-of-service attacks in recent days against hospitals and other medical entities instigated by Russian nuisance hacking group KillNet. Read More

NIST Issues Guidance to Help Companies and Organizations Operationalize AI Risk Management The framework can be used to contextualize and manage the potential risks of harm posed by AI systems, technologies, and practices in all areas where they may be used. Read More

As Layoffs and Resignations Continue: Five Reasons to Automate Employee Offboarding
Modern offboarding processes are problematic because they’re often deployed through a patchwork of manual and error-prone workflows involving multiple teams and handoffs that navigate in and out of numerous point tools. Read More

Budget Constraints Force Cybersecurity Teams to do More with Less
49% of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets. Read More

Insider Attacks Becoming more Frequent, More Difficult to Detect
Only 3% of respondents surveyed are not concerned with insider risk. Read More

US Maritime Administrator to Study Port Crane Cybersecurity Concerns
Recently passed legislation might have been spurred by supply chain disruption and surveillance concerns enabled by Chinese-made cranes. Read More

Experian Glitch Exposing Credit Files Lasted 47 Days
Identity thieves had worked out how to bypass its security and access any consumer’s full credit report armed with nothing more than a person’s name, address, date of birth, and Social Security number. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

Five vulnerabilities have been found in Baseboard Management Controller (BMC) Firmware that is used in 15 major vendor servers, including AMD, Asus, ARM, Dell, EMC, HPE, Huawei, Lenovo, and Nvidia. The vulnerabilities, which occur in system-on-chip computing platforms using AMI's MegaRAC BMC software, could give attackers the ability to remotely compromise the systems. AMI recently issued patches for all five vulnerabilities, but it is up to server makers and customers to put forth the application. 

According to a report from the software company, Sysdig, misconfigurations, and vulnerabilities continue to be the biggest cloud security risks. The report revealed that least privilege access rights, an aspect of zero trust architecture, are not properly enforced, with almost 90% of granted permissions unused, leaving the door open to attackers. The report revealed that 87% of container images had high or critical vulnerabilities with Java packages being responsible for 61% of the vulnerabilities. Sysdig recommended a tactical strategy to improve cloud security, with a focus on monitoring running services. 

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.