Time to get busy with your updates! It’s “Patch Tuesday” and Microsoft released a hefty set of patches. With federal agencies being attacked on a daily basis, the Biden Administration is cracking down on agencies to patch bugs, some close to a decade old within the next 6 months. Apple has also released a large amount of security updates for all of its operating systems as well as Safari.
Microsoft Patch Tuesday Highlights:
Microsoft, as part of its Patch Tuesday released 55 security fixes including patches for 6 zero day vulnerabilities — two were actively exploited against Microsoft Exchange and Microsoft Excel:
- CVE-2021-42292 – Microsoft Excel Security Feature Bypass Vulnerability
- CVE-2021-42321 – Microsoft Exchange Server Remote Code Execution Vulnerability
CISA issuing binding operational directive for patching security bugs and along with NSA provide guidance on minimizing Kubernetes risks.
- Federal agencies have been ordered by the Biden administration to patch hundreds of security bugs including some that were found almost a decade ago. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly says that federal agencies are being targeted on a daily basis. The new binding operational directive, issued by the CISA gives agencies six months to fix more than 300 security vulnerabilities identified as carrying “significant risk” to their networks. Agencies have just two weeks to fix the more recent bugs from 2021, the directive said. Federal agencies have been ordered to apply Apple Security patches by November 1.
- National Security Agency (NSA) and CISA guidance help agencies minimize Kubernetes risks. a new technical report, released by the NSA and CISA provides detailed guidance on how to harden Kubernetes containers and avoid common misconfigurations.
REvil Ransom Arrest and $6.1M Seizure
- The U.S. Department of Justice announced the arrest of 22 yr old Ukrainian, Yaroslav Vasinskyi, accused of deploying REvil ransomware to attack businesses and government entities in the United States. REvil is a Russian-speaking cybercrime collective that has extorted hundreds of millions from victim organizations. The DOJ also announced the seizure of $6.1M in funds traceable to a Russian national being charged conducting REvill ransomware attacks against multiple businesses and government entities in Texas. Read more at KrebsOnSecurity.
New security updates for Apple:
In late October, Apple released security updates for all its operating systems including iOS, macOS, tvOS, iPadOS, watchOS, as well as Safari. One flaw under active attack was patched in macOS, iOS/iPadOS 14, watchOS and tvOS, although it had already been fixed in iOS 15 and iPadOS 15.
Owl fun and facts:
Dutch photographer Hannie Heere was photographing barn owls when she captured an adorable shot of a baby barn owl running across grass.
About:
TSD began as an internal newsletter created by our security team that would be circulated to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or follow us on twitter @cyralinc if you have any questions, concerns, tips or anything else!
